Does Rahrayan WP SMS PLUGIN have any unpatched vulnerabilities?

No. All known vulnerabilities in Rahrayan WP SMS PLUGIN have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Rahrayan WP SMS PLUGIN compatible with WordPress 4.8.28?

According to WordPress.org data, Rahrayan WP SMS PLUGIN 0.5.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

Is Rahrayan WP SMS PLUGIN compatible with PHP 5.4+?

Rahrayan WP SMS PLUGIN requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Rahrayan WP SMS PLUGIN updated?

Rahrayan WP SMS PLUGIN was last updated on May 12, 2019. Frequent updates are generally a positive security signal.

What is Rahrayan WP SMS PLUGIN's security score?

Rahrayan WP SMS PLUGIN has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rahrayan WP SMS PLUGIN Security & Risk Analysis

wordpress.org/plugins/rahrayan-wp-sms

این پلاگین توسط شرکت مهندسی ره رایان برای وردپرس و ووکامرس نوشته شده و به شما اجازه می‌دهد پنل پیامک را به وب سایت و فروشگاه اینترنتی خود متصل کنید.

10 active installs v0.5.1 PHP 5.4+ WP 4.0+ Updated May 12, 2019

%d9%be%d9%84%d8%a7%da%af%db%8c%d9%86-%d9%be%db%8c%d8%a7%d9%85%da%a9-%d9%88%d8%b1%d8%af%d9%be%d8%b1%d8%b3%d8%a7%d9%81%d8%b2%d9%88%d9%86%d9%87-sms%d8%a7%d9%81%d8%b2%d9%88%d9%86%d9%87-%db%8c-%d8%a7%d8%b1%d8%b3%d8%a7%d9%84-%d9%be%db%8c%d8%a7%d9%85%da%a9%d8%a7%d9%81%d8%b2%d9%88%d8%af%d9%87-%d8%a7%d8%b1%d8%aa%d8%a8%d8%a7%d8%b7-%d8%a8%d8%a7-%da%a9%d8%a7%d8%b1%d8%a8%d8%b1%d8%b1%d9%87-%d8%b1%d8%a7%db%8c%d8%a7%d9%86

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Rahrayan WP SMS PLUGIN Safe to Use in 2026?

Generally Safe

Score 85/100

Rahrayan WP SMS PLUGIN has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "rahrayan-wp-sms" plugin v0.5.1 exhibits a mixed security posture. While it boasts no known CVEs and a seemingly small attack surface with no unprotected entry points, the static analysis reveals significant concerns. The presence of the `unserialize` function is a critical red flag, especially without clear indications of sanitization around its usage. Furthermore, a low percentage of SQL queries using prepared statements (12%) and a similarly low rate of proper output escaping (15%) suggest a high likelihood of vulnerabilities such as SQL injection and cross-site scripting (XSS). The taint analysis, while reporting no critical or high severity flows, did find four flows with unsanitized paths, indicating potential for data manipulation if these paths are reachable and not properly handled by other security mechanisms. The plugin's vulnerability history being entirely clean could be a positive sign of diligence or simply an artifact of limited public scrutiny or past audits. However, the code signals strongly suggest inherent risks that could be exploited in the absence of further, more granular security testing.

Key Concerns

Use of unserialize function
Low percentage of prepared SQL statements
Low percentage of properly escaped output
Unsanitized paths in taint analysis

Vulnerabilities

None known

Rahrayan WP SMS PLUGIN Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Rahrayan WP SMS PLUGIN Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

279

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn (!is_null($s)) ? unserialize($s) : null;includes\nusoap\class.wsdlcache.php:109

SQL Query Safety

12% prepared49 total queries

Output Escaping

15% escaped328 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

rahrayan_cf7_form2 (includes\actions.php:387)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Rahrayan WP SMS PLUGIN Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[rahrayan] includes\shortcode.php:28

WordPress Hooks 51

actionwp_insert_commentincludes\actions.php:35

filtertwo_factor_providersincludes\actions.php:46

actionuser_registerincludes\actions.php:70

actionwp_loginincludes\actions.php:89

actionedd_complete_purchaseincludes\actions.php:102

actionwoocommerce_thankyouincludes\actions.php:167

actionwoocommerce_order_status_changedincludes\actions.php:184

actionwoocommerce_new_customer_noteincludes\actions.php:202

actionwoocommerce_after_checkout_validationincludes\actions.php:229

filterwoocommerce_create_orderincludes\actions.php:231

actionadd_meta_boxesincludes\actions.php:365

actionpublish_postincludes\actions.php:366

actionwpcf7_editor_panelsincludes\actions.php:414

actionwpcf7_before_send_mailincludes\actions.php:415

actionwpcf7_after_saveincludes\actions.php:416

actiongform_loadedincludes\actions.php:430

actiondashboard_glance_itemsincludes\actions.php:918

filterrandom_passwordincludes\actions.php:977

actionregister_formincludes\actions.php:978

filteruser_contactmethodsincludes\actions.php:979

filterregistration_errorsincludes\actions.php:980

actionuser_profile_update_errorsincludes\actions.php:981

actionuser_registerincludes\actions.php:982

actionuser_new_formincludes\actions.php:983

actionuser_registerincludes\actions.php:1033

actionretrieve_password_keyincludes\actions.php:1034

actionadmin_menuincludes\admin.php:9

actionadmin_bar_menuincludes\adminbar.php:10

filtergform_add_field_buttonsincludes\GFVerification.php:17

filtergform_field_type_titleincludes\GFVerification.php:18

actiongform_editor_js_set_default_valuesincludes\GFVerification.php:19

actiongform_editor_jsincludes\GFVerification.php:20

actiongform_field_standard_settingsincludes\GFVerification.php:21

filtergform_tooltipsincludes\GFVerification.php:22

filtergform_field_validationincludes\GFVerification.php:25

filtergform_entry_post_saveincludes\GFVerification.php:26

actiongform_field_inputincludes\GFVerification.php:27

actiongform_field_css_classincludes\GFVerification.php:28

filtergform_field_contentincludes\GFVerification.php:29

filtergform_merge_tag_filterincludes\GFVerification.php:30

filtergform_submit_buttonincludes\GFVerification.php:132

filtergform_next_buttonincludes\GFVerification.php:134

filtersms_verify_resendincludes\GFVerification.php:319

filtergform_validation_messageincludes\GFVerification.php:364

filtersms_verify_display_noneincludes\GFVerification.php:365

filtersms_verify_fieldincludes\GFVerification.php:369

filtersms_verify_self_validationincludes\GFVerification.php:375

filtergform_button_verifyincludes\GFVerification.php:378

actioninitincludes\shortcode.php:30

filtermce_external_pluginsincludes\shortcode.php:32

filtermce_buttonsincludes\shortcode.php:33

Maintenance & Trust

Rahrayan WP SMS PLUGIN Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedMay 12, 2019

PHP min version5.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Rahrayan WP SMS PLUGIN Alternatives

No alternatives data available yet.

Developer Profile

Rahrayan WP SMS PLUGIN Developer Profile

rahrayan

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Rahrayan WP SMS PLUGIN

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rahrayan-wp-sms/includes/js/script.js/wp-content/plugins/rahrayan-wp-sms/includes/css/style.css/wp-content/plugins/rahrayan-wp-sms/includes/css/admin.css/wp-content/plugins/rahrayan-wp-sms/includes/css/admin_message.css/wp-content/plugins/rahrayan-wp-sms/includes/css/admin_group.css/wp-content/plugins/rahrayan-wp-sms/includes/css/admin_setting.css/wp-content/plugins/rahrayan-wp-sms/includes/css/admin_widget.css

Script Paths

/wp-content/plugins/rahrayan-wp-sms/includes/js/script.js

Version Parameters

rahrayan-wp-sms/includes/js/script.js?ver=rahrayan-wp-sms/includes/css/style.css?ver=rahrayan-wp-sms/includes/css/admin.css?ver=rahrayan-wp-sms/includes/css/admin_message.css?ver=rahrayan-wp-sms/includes/css/admin_group.css?ver=rahrayan-wp-sms/includes/css/admin_setting.css?ver=rahrayan-wp-sms/includes/css/admin_widget.css?ver=

HTML / DOM Fingerprints

CSS Classes

rahrayan_sms

HTML Comments

Data Attributes

data-rahrayan-id

JS Globals

rahrayan_ajaxurl

Shortcode Output

[rahrayan-sms][rahrayan-sms-widget]

FAQ