Does ShopMagic – Twilio SMS have any unpatched vulnerabilities?

No. All known vulnerabilities in ShopMagic – Twilio SMS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ShopMagic – Twilio SMS compatible with WordPress 6.9.4?

According to WordPress.org data, ShopMagic – Twilio SMS 2.1.22 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ShopMagic – Twilio SMS compatible with PHP 7.4+?

ShopMagic – Twilio SMS requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ShopMagic – Twilio SMS updated?

ShopMagic – Twilio SMS was last updated on Mar 7, 2026. Frequent updates are generally a positive security signal.

What is ShopMagic – Twilio SMS's security score?

ShopMagic – Twilio SMS has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ShopMagic – Twilio SMS Security & Risk Analysis

wordpress.org/plugins/shopmagic-for-twilio

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind …

800 active installs v2.1.22 PHP 7.4+ WP 6.4+ Updated Mar 7, 2026

sms-marketingsms-notificationsms-reminderstwiliowoocommerce-twilio-sms-notifications

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ShopMagic – Twilio SMS Safe to Use in 2026?

Generally Safe

Score 100/100

ShopMagic – Twilio SMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago

Risk Assessment

The "shopmagic-for-twilio" v2.1.22 plugin exhibits a generally strong security posture with a minimal attack surface and no identified critical or high-severity vulnerabilities in its history or static analysis. The absence of known CVEs and a clean taint analysis report are positive indicators. However, the static analysis does reveal areas for improvement. Notably, 52% of outputs are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not consistently sanitized before being displayed. Additionally, the plugin uses raw SQL queries without prepared statements, posing a risk of SQL injection, especially if dynamic data is incorporated into these queries. While capability checks and nonce checks are present, the overall unescaped output and raw SQL present a moderate risk.

Key Concerns

SQL queries not using prepared statements
Less than 100% of output properly escaped

Vulnerabilities

None known

ShopMagic – Twilio SMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ShopMagic – Twilio SMS Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

48% escaped42 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ShopMagic – Twilio SMS Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42

WordPress Hooks 18

actionshopmagic/core/initialized/v2src\Plugin.php:28

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148

actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41

actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144

actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145

filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45

filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46

actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58

actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81

actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88

actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102

filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123

actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28

actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35

actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36

actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28

filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36

Maintenance & Trust

ShopMagic – Twilio SMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 7, 2026

PHP min version7.4

Downloads29K

Community Trust

Rating100/100

Number of ratings2

Active installs800

Alternatives

ShopMagic – Twilio SMS Alternatives

Orion SMS OTP Verification.

orion-sms-otp-verification

SMS/OTP verification and Notification for all forms via Twilio or MSG91. So user can't submit form without verifying mobile number.

200 1 CVE

Notify for WooCommerce

notify-for-woocommerce

Notify for WooCommerce adds the ability to send SMS notifications for every status of the order.

10 No CVEs

Gray SMS – Complete SMS Notificaitons for WordPress, Woocommerce & Multi Features

gray-sms

100

Send WooCommerce order notifications and individual SMS messages using Twilio, Vonage, Plivo, Clickatell and other SMS gateways.

0 No CVEs

Texty – SMS Notification for WordPress, WooCommerce, Dokan and more

texty

100

Texty is a lightweight SMS notification plugin for WordPress.

9K 1 CVE

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs

Developer Profile

ShopMagic – Twilio SMS Developer Profile

wpdesk

23 plugins · 127K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

135 days

View full developer profile

Detection Fingerprints

How We Detect ShopMagic – Twilio SMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shopmagic-for-twilio/assets/css/shopmagic-for-twilio-notice.css/wp-content/plugins/shopmagic-for-twilio/assets/js/shopmagic-for-twilio-notice.js

Script Paths

/wp-content/plugins/shopmagic-for-twilio/vendor_prefixed/wpdesk/wp-plugin-flow-common/src/plugin-init-php52-free.php

Version Parameters

shopmagic-for-twilio/assets/css/shopmagic-for-twilio-notice.css?ver=shopmagic-for-twilio/assets/js/shopmagic-for-twilio-notice.js?ver=

HTML / DOM Fingerprints

FAQ