WP-Safety

SMS Notifications for WooCommerce Security & Risk Analysis

wordpress.org/plugins/sms-notifications-for-woocommerce

Sends SMS notifications to your clients for order status changes. You can also receive an SMS message when a new order is received.

10 active installs v2.0.2 PHP 5.6+ WP 3.8+ Updated Jun 8, 2023
e-commercesmssms-gatewaysms-notificationswoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SMS Notifications for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

SMS Notifications for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "sms-notifications-for-woocommerce" plugin v2.0.2 presents a concerning security posture primarily due to a large unprotected attack surface. With 13 out of 14 entry points lacking authentication checks, this plugin is highly vulnerable to unauthorized access and manipulation. While the code analysis shows no critical or high severity taint flows and a good rate of output escaping, the absence of nonce and capability checks on AJAX handlers is a significant oversight that can lead to various client-side and server-side attacks.

The plugin's SQL query usage is also a major concern, with 100% of queries not using prepared statements. This opens the door to SQL injection vulnerabilities, especially given the large number of unprotected AJAX endpoints. The lack of vulnerability history is a positive sign, suggesting past security diligence or a lack of public discovery, but it does not negate the immediate risks identified in the static analysis. The overall assessment highlights a plugin with potential for secure operation if core security practices were implemented, but currently carries substantial risks.

Key Concerns

  • Large attack surface without auth checks
  • AJAX handlers without auth checks
  • SQL queries without prepared statements
  • Missing nonce checks
  • Missing capability checks
  • Unescaped output (20% of total)
Vulnerabilities
None known

SMS Notifications for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SMS Notifications for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
29
122 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

81% escaped151 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
suwcsms_register_form (plugin-core.php:1367)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

SMS Notifications for WooCommerce Attack Surface

Entry Points14
Unprotected13

AJAX Handlers 13

authwp_ajax_suwcsms_reg_checkoutplugin-core.php:204
noprivwp_ajax_suwcsms_reg_checkoutplugin-core.php:205
authwp_ajax_suwcsms_del_checkoutplugin-core.php:221
noprivwp_ajax_suwcsms_del_checkoutplugin-core.php:222
authwp_ajax_suwcsms_verify_otpplugin-core.php:296
noprivwp_ajax_suwcsms_verify_otpplugin-core.php:297
authwp_ajax_suwcsms_resend_otpplugin-core.php:335
noprivwp_ajax_suwcsms_resend_otpplugin-core.php:336
authwp_ajax_suwcsms_send_otpplugin-core.php:356
noprivwp_ajax_suwcsms_send_otpplugin-core.php:357
noprivwp_ajax_suwcsms_reg_otpplugin-core.php:1423
noprivwp_ajax_suwcsms_send_otp_loginplugin-core.php:1641
noprivwp_ajax_suwcsms_verify_otp_loginplugin-core.php:1670

Shortcodes 1

[suwcsms_otp_login] plugin-core.php:1503
WordPress Hooks 30
filterwoocommerce_checkout_fieldsplugin-core.php:44
actionwoocommerce_admin_order_data_after_shipping_addressplugin-core.php:60
filterwoocommerce_checkout_fieldsplugin-core.php:67
actioninitplugin-core.php:75
actionadmin_menuplugin-core.php:90
filterwoocommerce_screen_idsplugin-core.php:102
actionadmin_initplugin-core.php:111
actionwoocommerce_new_orderplugin-core.php:119
actionwoocommerce_after_checkout_formplugin-core.php:144
actionwoocommerce_new_orderplugin-core.php:147
actionwoocommerce_thankyouplugin-core.php:149
actionsuwcsms_cron_hookplugin-core.php:150
filterwoocommerce_cod_process_payment_order_statusplugin-core.php:272
actionwoocommerce_thankyouplugin-core.php:278
actionwoocommerce_view_orderplugin-core.php:279
actionwoocommerce_before_order_notesplugin-core.php:395
actionwoocommerce_checkout_processplugin-core.php:460
actionwoocommerce_order_status_changedplugin-core.php:572
actionregister_formplugin-core.php:1080
filterregistration_errorsplugin-core.php:1082
actionwoocommerce_register_postplugin-core.php:1083
actionuser_registerplugin-core.php:1084
actionwoocommerce_created_customerplugin-core.php:1085
actionwoocommerce_register_formplugin-core.php:1087
actionlogin_formplugin-core.php:1700
actionwoocommerce_login_form_endplugin-core.php:1701
filterplugin_row_metasu-wc-sms-notifications.php:38
actionadmin_noticessu-wc-sms-notifications.php:53
filtercron_schedulessu-wc-sms-notifications.php:109
actionupgrader_process_completesu-wc-sms-notifications.php:139

Scheduled Events 1

suwcsms_cron_hook
Maintenance & Trust

SMS Notifications for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedJun 8, 2023
PHP min version5.6
Downloads10K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

SMS Notifications for WooCommerce Alternatives

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

A
95

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs
ShopMagic – Twilio SMS

ShopMagic – Twilio SMS

shopmagic-for-twilio

A
100

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind …

800 No CVEs
Ultimate WP Mail

Ultimate WP Mail

ultimate-wp-mail

B
70

Custom email and SMS notifications. Automatic send actions. WPForms SMS integration. WooCommerce notifications for purchases, abandoned cart and more!

800 1 unpatched
WC – APG SMS Notifications

WC – APG SMS Notifications

woocommerce-apg-sms-notifications

A
100

Add to your WooCommerce store SMS notifications to your customers when order status changed.

400 No CVEs
Alpha SMS

Alpha SMS

alpha-sms

A
100

Connect your WordPress and WooCommerce store to Alpha SMS for OTP verification and order notifications in Bangladesh.

100 No CVEs
Developer Profile

SMS Notifications for WooCommerce Developer Profile

mTalkz

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SMS Notifications for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sms-notifications-for-woocommerce/suwcsms-admin.css/wp-content/plugins/sms-notifications-for-woocommerce/suwcsms-admin.js
Script Paths
/wp-content/plugins/sms-notifications-for-woocommerce/suwcsms-admin.js
Version Parameters
sms-notifications-for-woocommerce/suwcsms-admin.css?ver=sms-notifications-for-woocommerce/suwcsms-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
suwcsms-admin-wrap
HTML Comments
<!-- SMS Notifications for WooCommerce Settings -->
Data Attributes
data-plugin-name="sms-notifications-for-woocommerce"
JS Globals
suwcsms_data
FAQ

Frequently Asked Questions about SMS Notifications for WooCommerce