Does افزونه پیامک ووکامرس Persian WooCommerce SMS have any unpatched vulnerabilities?

Yes — افزونه پیامک ووکامرس Persian WooCommerce SMS currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is افزونه پیامک ووکامرس Persian WooCommerce SMS compatible with WordPress 6.8.5?

According to WordPress.org data, افزونه پیامک ووکامرس Persian WooCommerce SMS 7.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is افزونه پیامک ووکامرس Persian WooCommerce SMS compatible with PHP 7.4+?

افزونه پیامک ووکامرس Persian WooCommerce SMS requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is افزونه پیامک ووکامرس Persian WooCommerce SMS's security score?

افزونه پیامک ووکامرس Persian WooCommerce SMS has a WP-Safety security score of 72/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

افزونه پیامک ووکامرس Persian WooCommerce SMS Security & Risk Analysis

wordpress.org/plugins/persian-woocommerce-sms

افزونه کامل و حرفه ای برای اطلاع رسانی پیامکی سفارشات و رویداد های محصولات ووکامرس

40K active installs v7.1.1 PHP 7.4+ WP 5.8+ Updated Nov 25, 2025

persian-woocommercesms%d9%88%d9%88%da%a9%d8%a7%d9%85%d8%b1%d8%b3-%d9%81%d8%a7%d8%b1%d8%b3%db%8c%d9%be%db%8c%d8%a7%d9%85%da%a9woocommerce

B · Generally Safe

CVEs total7

Unpatched1

Last CVEFeb 11, 2026

Plugin page Download

Safety Verdict

Is افزونه پیامک ووکامرس Persian WooCommerce SMS Safe to Use in 2026?

Mostly Safe

Score 72/100

افزونه پیامک ووکامرس Persian WooCommerce SMS is generally safe to use. 7 past CVEs were resolved.

7 known CVEs 1 unpatched Last CVE: Feb 11, 2026Updated 5mo ago

Risk Assessment

The 'persian-woocommerce-sms' plugin v7.1.1 exhibits a mixed security posture. While it demonstrates good practices in SQL query sanitization (88% prepared statements) and output escaping (89%), several significant concerns are present. The presence of 2 unprotected AJAX handlers out of 9 total entry points is a notable risk, as it allows unauthenticated attackers to interact with these functions, potentially leading to unintended actions or information disclosure. The taint analysis reveals 2 high-severity flows with unsanitized paths, indicating potential vulnerabilities that require immediate attention. The plugin's history of 7 known CVEs, including one currently unpatched, with a focus on SQL Injection and Cross-Site Scripting, points to recurring security weaknesses in how user input is handled. The fact that the last recorded vulnerability was in 2026 suggests a proactive but potentially incomplete security development lifecycle. Overall, while some security fundamentals are in place, the combination of unprotected entry points, high-severity taint flows, and a history of exploitable vulnerabilities warrants a cautious approach.

Key Concerns

Unprotected AJAX handlers
High severity taint flows (unsanitized paths)
Currently unpatched CVE
Vulnerability history (SQLi, XSS)
Use of dangerous function 'create_function'

Vulnerabilities

7 published

افزونه پیامک ووکامرس Persian WooCommerce SMS Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2022

2022

3 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

7 total CVEs

CVE-2026-22352medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Persian Woocommerce SMS <= 7.1.1 - Reflected Cross-Site Scripting

Feb 11, 2026Unpatched

CVE-2025-49315medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Persian Woocommerce SMS <= 7.0.10 - Authenticated (Shop manager+) SQL Injection

Jun 5, 2025 Patched in 7.1.0 (8d)

CVE-2024-54312medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Persian Woocommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting

Dec 11, 2024 Patched in 7.0.6 (9d)

CVE-2024-10046medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting

Dec 6, 2024 Patched in 7.0.6 (1d)

CVE-2024-9213medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Persian WooCommerce SMS <= 7.0.2 - Reflected Cross-Site Scripting

Oct 16, 2024 Patched in 7.0.3 (1d)

WF-9c7edcbd-83b8-405b-892a-c404947990b3-persian-woocommerce-smsmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

افزونه پیامک ووکامرس Persian WooCommerce SMS <= 4.4.0 - Cross-Site Scripting and SQL Injection

Apr 5, 2022 Patched in 4.4.1 (658d)

CVE-2016-10987medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

افزونه پیامک ووکامرس Persian WooCommerce SMS < 3.3.3 - Cross-Site Scripting

Apr 21, 2016 Patched in 3.3.3 (2833d)

Version History

افزونه پیامک ووکامرس Persian WooCommerce SMS Release Timeline

v7.1.1Current1 CVE

CVE-2026-22352

v7.1.01 CVE

CVE-2026-22352

v7.0.102 CVEs

CVE-2025-49315 CVE-2026-22352

v7.0.92 CVEs

CVE-2025-49315 CVE-2026-22352

v7.0.82 CVEs

CVE-2025-49315 CVE-2026-22352

v7.0.72 CVEs

CVE-2025-49315 CVE-2026-22352

v7.0.62 CVEs

CVE-2025-49315 CVE-2026-22352

v7.0.54 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +1 more

v7.0.44 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +1 more

v7.0.34 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +1 more

v7.0.25 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v7.0.15 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v7.0.05 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v6.1.05 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v6.0.05 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v5.0.05 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v4.4.55 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v4.4.45 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v4.4.35 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

v4.4.25 CVEs

CVE-2024-10046 CVE-2025-49315 CVE-2026-22352 +2 more

Code Analysis

Analyzed Mar 16, 2026

افزونه پیامک ووکامرس Persian WooCommerce SMS Code Analysis

Dangerous Functions

Raw SQL Queries

44 prepared

Unescaped Output

242 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function( '',src\Settings\API.php:62

SQL Query Safety

88% prepared50 total queries

Output Escaping

89% escaped272 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths

bulk_form (src\Bulk.php:20)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

افزونه پیامک ووکامرس Persian WooCommerce SMS Attack Surface

Entry Points9

Unprotected2

AJAX Handlers 9

authwp_ajax_pwoosms_hide_about_pagesrc\About.php:13

authwp_ajax_pwoosms_metaboxsrc\MetaBox.php:31

authwp_ajax_pwsms_dismiss_noticesrc\Notice.php:13

authwp_ajax_pwsms_update_noticesrc\Notice.php:14

authwp_ajax_change_sms_textsrc\Orders.php:63

noprivwp_ajax_change_sms_textsrc\Orders.php:64

authwp_ajax_pwoosms_notice_dismisssrc\Promotions.php:16

authwp_ajax_wc_sms_save_notification_datasrc\Subscribe\Widget.php:33

noprivwp_ajax_wc_sms_save_notification_datasrc\Subscribe\Widget.php:34

WordPress Hooks 68

actionadmin_initsrc\About.php:10

filterpwoosms_settings_sectionssrc\About.php:11

actionpwoosms_settings_form_bottom_sms_aboutsrc\About.php:12

actionpwoosms_settings_form_bottom_sms_sendsrc\Bulk.php:11

actionpwoosms_settings_form_admin_noticessrc\Bulk.php:12

actionadmin_footersrc\Bulk.php:15

actionload-edit.phpsrc\Bulk.php:16

actionadmin_noticessrc\Gateways\MeliPayamak.php:71

actionadd_meta_boxessrc\MetaBox.php:28

actionadd_meta_boxessrc\MetaBox.php:29

actionadmin_noticessrc\Notice.php:12

filterwoocommerce_checkout_fieldssrc\Orders.php:25

filterwoocommerce_billing_fieldssrc\Orders.php:26

actionwp_enqueue_scriptssrc\Orders.php:28

actionwoocommerce_after_order_notessrc\Orders.php:29

actionwoocommerce_checkout_processsrc\Orders.php:30

actionwoocommerce_checkout_update_order_metasrc\Orders.php:31

actionwoocommerce_order_status_changedsrc\Orders.php:34

actionwoocommerce_checkout_order_processedsrc\Orders.php:37

actionwoocommerce_process_shop_order_metasrc\Orders.php:38

actionwoocommerce_resume_ordersrc\Orders.php:41

actionpws_save_order_post_barcodesrc\Orders.php:46

filterwoocommerce_form_field_pwoosms_multiselectsrc\Orders.php:48

filterwoocommerce_form_field_pwoosms_multicheckboxsrc\Orders.php:52

actionwoocommerce_admin_order_data_after_billing_addresssrc\Orders.php:58

actionwoocommerce_admin_order_data_after_order_detailssrc\Orders.php:62

actioninitsrc\Product\Events.php:24

actionwoocommerce_process_product_metasrc\Product\Events.php:36

actionwoocommerce_update_product_variationsrc\Product\Events.php:37

actionwoocommerce_sms_send_onsale_eventsrc\Product\Events.php:38

actionwoocommerce_product_set_stock_statussrc\Product\Events.php:40

actionwoocommerce_variation_set_stock_statussrc\Product\Events.php:41

actionwoocommerce_product_set_stock_statussrc\Product\Events.php:43

actionwoocommerce_variation_set_stock_statussrc\Product\Events.php:44

actionwoocommerce_low_stocksrc\Product\Events.php:46

actionwoocommerce_product_set_stocksrc\Product\Events.php:47

actionwoocommerce_variation_set_stocksrc\Product\Events.php:48

actioninitsrc\Product\Tab.php:15

actionadmin_enqueue_scriptssrc\Product\Tab.php:25

actionwoocommerce_product_write_panel_tabssrc\Product\Tab.php:26

actionwoocommerce_product_data_panelssrc\Product\Tab.php:27

actionwoocommerce_product_write_panelssrc\Product\Tab.php:28

actionwoocommerce_process_product_metasrc\Product\Tab.php:29

actionpwoosms_settings_form_admin_noticessrc\Promotions.php:15

actionwidgets_initsrc\PWSMS.php:58

actionadmin_enqueue_scriptssrc\PWSMS.php:59

actionadmin_enqueue_scriptssrc\Settings\API.php:14

actioninitsrc\Settings\Settings.php:17

actionadmin_initsrc\Settings\Settings.php:21

actionadmin_menusrc\Settings\Settings.php:22

filterwoocommerce_settings_tabs_arraysrc\Settings\Settings.php:23

actionwp_before_admin_bar_rendersrc\Settings\Settings.php:24

filterpwoosms_buyer_settingssrc\Settings\Settings.php:26

filterpwoosms_super_admin_settingssrc\Settings\Settings.php:27

filterpwoosms_product_admin_settingssrc\Settings\Settings.php:28

filteradmin_footer_textsrc\Settings\Settings.php:30

filterupdate_footersrc\Settings\Settings.php:31

filterplugin_action_links_persian-woocommerce-sms/WoocommerceIR_SMS.phpsrc\Settings\Settings.php:33

actionpwoosms_settings_form_bottom_sms_archivesrc\SMS\Archive.php:8

actioninitsrc\SMS\Archive.php:9

actionpwoosms_settings_form_bottom_sms_contactssrc\Subscribe\Contacts.php:11

actioninitsrc\Subscribe\Contacts.php:12

actioninitsrc\Subscribe\Contacts.php:13

actionwoocommerce_product_thumbnailssrc\Subscribe\Widget.php:31

actionwoocommerce_single_product_summarysrc\Subscribe\Widget.php:32

actionadmin_noticesWoocommerceIR_SMS.php:61

actionbefore_woocommerce_initWoocommerceIR_SMS.php:71

filterplugin_row_metaWoocommerceIR_SMS.php:77

Maintenance & Trust

افزونه پیامک ووکامرس Persian WooCommerce SMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 25, 2025

PHP min version7.4

Downloads664K

Community Trust

Rating90/100

Number of ratings115

Active installs40K

Alternatives

افزونه پیامک ووکامرس Persian WooCommerce SMS Alternatives

ووکامرس فارسی

persian-woocommerce

بسته ووکامرس فارسی به راحتی سیستم فروشگاه ساز ووکامرس را فارسی می کند و امکانات جدید متناسب با ایران را به ووکامرس اضافه میکند.

100K 2 CVEs

Akay Digits Add-on

akay-digits

افزونه مکمل دیجیتس آکای برای استفاده با افزونه اورجینال دیجیتس سازگاری با سامانه های پیامکی

80 No CVEs

افزونه پیامک ووکامرس و وردپرس نیر وب

nirweb-smart-sms

افزونه پیامک ووکامرس و ورودپرس | با این افزونه میتوانید انواع اطلاع رسانی های پیامکی برای ووکامرس و وردپرس خود داشته باشید.

40 No CVEs

Email Marketing for WooCommerce by Omnisend

omnisend-connect

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend

50K 3 CVEs

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs

Developer Profile

افزونه پیامک ووکامرس Persian WooCommerce SMS Developer Profile

PersianScript

3 plugins · 143K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

528 days

View full developer profile

Detection Fingerprints

How We Detect افزونه پیامک ووکامرس Persian WooCommerce SMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/persian-woocommerce-sms/assets/css/style.css/wp-content/plugins/persian-woocommerce-sms/assets/js/multi-select.js/wp-content/plugins/persian-woocommerce-sms/assets/js/admin-script.js

Script Paths

/wp-content/plugins/persian-woocommerce-sms/assets/js/multi-select.js/wp-content/plugins/persian-woocommerce-sms/assets/js/admin-script.js

Version Parameters

persian-woocommerce-sms/assets/css/style.css?ver=persian-woocommerce-sms/assets/js/multi-select.js?ver=persian-woocommerce-sms/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

pwoosms_multiselect_containerpwoosms_multicheckbox_containerpwoosms_shortcode_wrapperpwsms-admin-noticebuyer-sms-details

HTML Comments

Rewrite SoapClient as a null classThis plugin depends on the SOAP php moduleIf the soap is not enabled, There will be an empty SoapClient class

برای عملکرد صحیح افزونه <b>پیامک حرفه ای ووکامرس</b>، اکستنشن <b>SOAP</b> را در PHP فعال کنید.

+9 more

Data Attributes

data-pwoosms-field-typedata-pwoosms-multiselect-iddata-pwoosms-multicheckbox-id

JS Globals

pwoosmsPWSMS_VERSIONPWSMS_URLPWSMS_DIRPWSMS_LOG_FILEpwoosms_change_sms_text

REST Endpoints

/wp-json/pwsms/v1/get_order_statuses/wp-json/pwsms/v1/send_test_sms

Shortcode Output

[pwsms_users][pwsms_login][pwsms_register][pwsms_profile]

FAQ

افزونه پیامک ووکامرس Persian WooCommerce SMS Security & Risk Analysis

Is افزونه پیامک ووکامرس Persian WooCommerce SMS Safe to Use in 2026?

Mostly Safe

Key Concerns

افزونه پیامک ووکامرس Persian WooCommerce SMS Security Vulnerabilities

CVEs by Year

Severity Breakdown

افزونه پیامک ووکامرس Persian WooCommerce SMS Release Timeline

افزونه پیامک ووکامرس Persian WooCommerce SMS Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

افزونه پیامک ووکامرس Persian WooCommerce SMS Attack Surface

AJAX Handlers 9

افزونه پیامک ووکامرس Persian WooCommerce SMS Maintenance & Trust

Maintenance Signals

Community Trust

افزونه پیامک ووکامرس Persian WooCommerce SMS Alternatives

ووکامرس فارسی

Akay Digits Add-on

افزونه پیامک ووکامرس و وردپرس نیر وب

Email Marketing for WooCommerce by Omnisend

Brevo for WooCommerce

افزونه پیامک ووکامرس Persian WooCommerce SMS Developer Profile

How We Detect افزونه پیامک ووکامرس Persian WooCommerce SMS

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about افزونه پیامک ووکامرس Persian WooCommerce SMS