Does Netgsm have any unpatched vulnerabilities?

Yes — Netgsm currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Netgsm compatible with WordPress 6.8.5?

According to WordPress.org data, Netgsm 2.9.69 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Netgsm compatible with PHP 7.4.33+?

Netgsm requires PHP 7.4.33 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Netgsm updated?

Netgsm was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is Netgsm's security score?

Netgsm has a WP-Safety security score of 72/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Netgsm Security & Risk Analysis

wordpress.org/plugins/netgsm

Netgsm wordpress eklentisi ile kullanıcılarınıza sms uzaklığında kalın.

1K active installs v2.9.69 PHP 7.4.33+ WP 3.0+ Updated Feb 5, 2026

netgsm-wordpresssms-eklentisisms-turkiyetoplu-smswoocommerce-sms

B · Generally Safe

CVEs total4

Unpatched1

Last CVEDec 29, 2025

Plugin page Download

Safety Verdict

Is Netgsm Safe to Use in 2026?

Mostly Safe

Score 72/100

Netgsm is generally safe to use. 4 past CVEs were resolved. Keep it updated.

4 known CVEs 1 unpatched Last CVE: Dec 29, 2025Updated 1mo ago

Risk Assessment

The "netgsm" plugin v2.9.69 presents a mixed security posture. While it demonstrates strengths in general code quality with a high percentage of properly escaped outputs and a good practice of using prepared statements for most SQL queries, significant concerns arise from its attack surface and vulnerability history. The presence of 4 unprotected AJAX handlers represents a direct pathway for potential unauthorized actions if exploited. Furthermore, the taint analysis reveals a critical flow with unsanitized paths, indicating a potential for severe security issues like code injection or execution. The plugin's history of 4 known CVEs, particularly with 1 still unpatched and a recent vulnerability in late 2025, suggests a recurring pattern of security weaknesses, specifically related to Cross-site Scripting and Missing Authorization. This history, combined with the identified code signals, paints a picture of a plugin that, despite some good coding practices, has demonstrated a propensity for vulnerabilities, requiring vigilant monitoring and prompt patching.

Key Concerns

Unprotected AJAX handlers
Critical taint flow with unsanitized paths
Currently unpatched CVE
Medium severity CVEs in history (4 total)
Missing Authorization vulnerability pattern
Cross-site Scripting vulnerability pattern

Vulnerabilities

Netgsm Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-68010medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Netgsm <= 2.9.63 - Reflected Cross-Site Scripting

Dec 29, 2025 Patched in 2.9.64 (40d)

CVE-2025-60143medium · 4.3Missing Authorization

Netgsm <= 2.9.58 - Missing Authorization

Sep 26, 2025Unpatched

CVE-2024-35672medium · 4.3Missing Authorization

Netgsm <= 2.9.32 - Missing Authorization

May 10, 2024 Patched in 2.9.33 (195d)

CVE-2024-32544medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Netgsm <= 2.8 - Reflected Cross-Site Scripting

Apr 15, 2024 Patched in 2.9.1 (10d)

Code Analysis

Analyzed Mar 16, 2026

Netgsm Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

507 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

80% prepared5 total queries

Output Escaping

96% escaped529 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

netgsm_netasistanticket (index.php:1174)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Netgsm Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 7

authwp_ajax_netgsm_getNetsantral_Reportindex.php:743

authwp_ajax_netgsm_sendSMS_bulkTabindex.php:1087

authwp_ajax_netgsm_sendsmsindex.php:1149

noprivwp_ajax_netgsm_netasistanticketindex.php:1172

authwp_ajax_netgsm_netasistanticketindex.php:1173

authwp_ajax_netgsm_sendtf2SMSindex.php:1402

noprivwp_ajax_netgsm_sendtf2SMSindex.php:1534

WordPress Hooks 31

actionadmin_menuindex.php:42

actionadmin_enqueue_scriptsindex.php:63

actionadmin_enqueue_scriptsindex.php:78

actionadmin_initindex.php:98

actionadmin_footerindex.php:276

actionwoocommerce_single_product_summaryindex.php:556

actioninitindex.php:622

actionwoocommerce_product_set_stock_statusindex.php:669

filtercron_schedulesindex.php:942

actionsend_abandoned_cart_smsindex.php:971

actionwoocommerce_cart_item_removedindex.php:1034

actionwoocommerce_after_cart_item_quantity_updateindex.php:1035

actionwoocommerce_add_to_cartindex.php:1036

filternetgsm_contact_form_7_listindex.php:1076

actionwoocommerce_register_formindex.php:1251

actionwoocommerce_register_formindex.php:1324

actionwp_enqueue_scriptsindex.php:1533

filterwoocommerce_process_registration_errorsindex.php:1551

actionwoocommerce_created_customerindex.php:1633

actionlmfwc_event_post_order_license_keysindex.php:1747

actionwoocommerce_payment_completeindex.php:1770

actionwoocommerce_thankyouindex.php:1771

actionwp_insert_postindex.php:1778

actionwoocommerce_order_status_changedindex.php:1943

actionwoocommerce_order_status_cancelledindex.php:1945

actionwoocommerce_new_order_note_dataindex.php:2096

actionwpcf7_mail_sentindex.php:2305

filterwoocommerce_rest_api_get_rest_namespacesindex.php:2362

actionwp_footerindex.php:2402

actionwoocommerce_review_order_before_submitindex.php:2691

actionwoocommerce_checkout_processindex.php:2782

Scheduled Events 1

send_abandoned_cart_sms

Maintenance & Trust

Netgsm Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 5, 2026

PHP min version7.4.33

Downloads47K

Community Trust

Rating94/100

Number of ratings15

Active installs1K

Alternatives

Netgsm Alternatives

VatanSMS.NET

vatansms-net

Kullanım Detayları

10 No CVEs

MobiKoB

mobikob

MobiKoB eklentisi ile, MobiKoB hesabınızla;

0 No CVEs

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs

SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery

sms-alert

Send WooCommerce SMS notifications, OTP verification, abandoned cart recovery alerts, and real-time order updates to customers and admins.

4K 12 CVEs

افزونه پیامک حرفه ای فراز اس ام اس

farazsms

شما می توانید با استفاده از افزونه فراز اس ام اس، سایت خود را با ابزاری خودکار برای ارسال پیامک و ذخیره شماره در دفترچه تلفن، تقویت کنید.

2K 1 unpatched

Developer Profile

Netgsm Developer Profile

netgsm

1 plugin · 1K total installs

trust score

Avg Security Score

72/100

Avg Patch Time

82 days

View full developer profile

Detection Fingerprints

How We Detect Netgsm

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/netgsm/lib/css/bootstrap.css/wp-content/plugins/netgsm/lib/fonts/css/font-awesome.min.css/wp-content/plugins/netgsm/lib/css/style.css/wp-content/plugins/netgsm/lib/js/sweetalert2/dist/sweetalert2.css/wp-content/plugins/netgsm/lib/css/bootstrap-table.min.css

Script Paths

/wp-content/plugins/netgsm/bootstrap.min.js/wp-content/plugins/netgsm/sweetalert2.all.js/wp-content/plugins/netgsm/bootstrap-table.min.js

HTML / DOM Fingerprints

CSS Classes

netgsm-wp-plugin

HTML Comments

NETGSM - Yeni Nesil Telekom Operatörü - www.netgsm.com.trNETGSM - Toplu SMS - Başlıklı SMS - Sabit Telefon - Sanal Santral - 0850li Numara

FAQ