WP-Safety

E-goi SMS Orders Alert/Notifications Security & Risk Analysis

wordpress.org/plugins/sms-orders-alertnotifications-for-woocommerce

SMS Order Alerts for WooCommerce: Increase conversions by sending status, shipping, and Multibanco/PagSeguro payment reminders via SMS.

20 active installs v2.0.4 PHP 5.6+ WP 4.7+ Updated Oct 22, 2025
alertnotificationsorderssmswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is E-goi SMS Orders Alert/Notifications Safe to Use in 2026?

Generally Safe

Score 100/100

E-goi SMS Orders Alert/Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The plugin "sms-orders-alertnotifications-for-woocommerce" v2.0.4 exhibits a mixed security posture. While the majority of SQL queries are prepared and output escaping is generally well-implemented, there are significant concerns regarding its attack surface. A substantial number of AJAX handlers (9 out of 9) lack authentication checks, presenting a direct and easily exploitable avenue for attackers. Additionally, the presence of the `unserialize` function, while not directly flagged in taint analysis, inherently carries risks if user-controlled data is passed to it without proper sanitization, which could lead to serious vulnerabilities.

The plugin's clean vulnerability history is a positive sign, suggesting that the developers have either been diligent in patching issues or have not historically introduced major security flaws. However, the current code analysis reveals a critical weakness in its attack surface that could be exploited even without a historical track record of vulnerabilities. The lack of authorization checks on numerous AJAX endpoints is the most pressing concern, potentially allowing unauthorized users to trigger plugin functionalities. While taint analysis shows no current unsanitized flows, the combination of a large unprotected attack surface and the use of a dangerous function like `unserialize` warrants caution.

Key Concerns

  • 9 AJAX handlers without auth checks
  • 8 dangerous functions (unserialize)
Vulnerabilities
None known

E-goi SMS Orders Alert/Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

E-goi SMS Orders Alert/Notifications Code Analysis

Dangerous Functions
8
Raw SQL Queries
2
20 prepared
Unescaped Output
10
261 escaped
Nonce Checks
7
Capability Checks
1
File Operations
2
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$cart = unserialize( unserialize( $result )['cart'] );admin\class-smart-marketing-addon-sms-order-admin.php:1048
unserialize$cart = unserialize( unserialize( $result )['cart'] );admin\class-smart-marketing-addon-sms-order-admin.php:1048
unserializeforeach ( unserialize( EFWP_COUNTRY_CODES ) as $key => $value ) {admin\partials\smart-marketing-addon-sms-order-admin-config.php:197
unserializeforeach ( unserialize( EFWP_COUNTRY_CODES ) as $key => $value ) {admin\partials\smart-marketing-addon-sms-order-admin-config.php:424
unserialize$cart = unserialize( unserialize( $result )['cart'] );includes\class-smart-marketing-addon-sms-order-abandonned-cart.php:151
unserialize$cart = unserialize( unserialize( $result )['cart'] );includes\class-smart-marketing-addon-sms-order-abandonned-cart.php:151
unserialize$country_codes = unserialize( EFWP_COUNTRY_CODES );includes\class-smart-marketing-addon-sms-order-helper.php:486
unserialize$prefixes = unserialize( EFWP_COUNTRY_CODES );includes\class-smart-marketing-addon-sms-order-helper.php:583

SQL Query Safety

91% prepared22 total queries

Output Escaping

96% escaped271 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
smsonw_order_action_sms_meta_box (admin\class-smart-marketing-addon-sms-order-admin.php:682)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

E-goi SMS Orders Alert/Notifications Attack Surface

Entry Points10
Unprotected9

AJAX Handlers 9

authwp_ajax_smsonw_order_action_sms_meta_boxincludes\class-smart-marketing-addon-sms-order.php:177
authwp_ajax_smsonw_order_add_tracking_numberincludes\class-smart-marketing-addon-sms-order.php:178
authwp_ajax_smsonw_order_delete_tracking_numberincludes\class-smart-marketing-addon-sms-order.php:179
authwp_ajax_smsonw_add_custom_carrierincludes\class-smart-marketing-addon-sms-order.php:180
authwp_ajax_smsonw_remove_custom_carrierincludes\class-smart-marketing-addon-sms-order.php:181
authwp_ajax_egoi_cellphone_actionsincludes\class-smart-marketing-addon-sms-order.php:229
noprivwp_ajax_egoi_cellphone_actionsincludes\class-smart-marketing-addon-sms-order.php:230
authwp_ajax_process_cellphonesmart-marketing-addon-sms-order.php:199
noprivwp_ajax_process_cellphonesmart-marketing-addon-sms-order.php:200

REST API Routes 1

GET/wp-json/smsonw/v1/billetadmin\class-smart-marketing-addon-sms-order-admin.php:877
WordPress Hooks 29
actionplugins_loadedincludes\class-smart-marketing-addon-sms-order.php:150
actionadmin_menuincludes\class-smart-marketing-addon-sms-order.php:165
actionadmin_enqueue_scriptsincludes\class-smart-marketing-addon-sms-order.php:166
actionadmin_enqueue_scriptsincludes\class-smart-marketing-addon-sms-order.php:167
actionegoi_woo_smsonw_cron_hookincludes\class-smart-marketing-addon-sms-order.php:170
filteregoi_sms_order_eventincludes\class-smart-marketing-addon-sms-order.php:171
filteregoi_sms_order_eventincludes\class-smart-marketing-addon-sms-order.php:172
actionadd_meta_boxesincludes\class-smart-marketing-addon-sms-order.php:175
actionadd_meta_boxesincludes\class-smart-marketing-addon-sms-order.php:176
actionwoocommerce_order_status_on-holdincludes\class-smart-marketing-addon-sms-order.php:184
actionwoocommerce_order_status_changedincludes\class-smart-marketing-addon-sms-order.php:187
actionrest_api_initincludes\class-smart-marketing-addon-sms-order.php:190
actionwoocommerce_before_product_object_saveincludes\class-smart-marketing-addon-sms-order.php:192
actionegoi_sms_order_eventincludes\class-smart-marketing-addon-sms-order.php:195
actionwp_enqueue_scriptsincludes\class-smart-marketing-addon-sms-order.php:210
actionwp_enqueue_scriptsincludes\class-smart-marketing-addon-sms-order.php:211
actionwoocommerce_after_checkout_billing_formincludes\class-smart-marketing-addon-sms-order.php:214
actionwoocommerce_checkout_update_order_metaincludes\class-smart-marketing-addon-sms-order.php:215
actionwp_headincludes\class-smart-marketing-addon-sms-order.php:226
actionwoocommerce_new_orderincludes\class-smart-marketing-addon-sms-order.php:227
actionadmin_initsmart-marketing-addon-sms-order.php:39
actionbefore_woocommerce_initsmart-marketing-addon-sms-order.php:41
actionadmin_noticessmart-marketing-addon-sms-order.php:56
actionadmin_noticessmart-marketing-addon-sms-order.php:61
filterwc_add_to_cart_message_htmlsmart-marketing-addon-sms-order.php:167
actionwp_loadedsmart-marketing-addon-sms-order.php:198
filtercron_schedulessmart-marketing-addon-sms-order.php:216
filterupgrader_pre_installsmart-marketing-addon-sms-order.php:229
actionin_admin_headersmart-marketing-addon-sms-order.php:248

Scheduled Events 2

egoi_sms_order_event
egoi_woo_smsonw_cron_hook
Maintenance & Trust

E-goi SMS Orders Alert/Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedOct 22, 2025
PHP min version5.6
Downloads9K

Community Trust

Rating100/100
Number of ratings3
Active installs20
Alternatives

E-goi SMS Orders Alert/Notifications Alternatives

Sales Notifications for WooCommerce – Recent Sales Popup

Sales Notifications for WooCommerce – Recent Sales Popup

wc-live-sale-notifications

A
100

Sales Notifications for WooCommerce - Recent Sales Popup boosts sales by showing recent orders in a popup with customer and product details.

50 No CVEs
SMS8.io

SMS8.io

sms8-io

A
85

FREE SMS 8 plugin is a WordPress plugin that allows you to send SMS notifications to your customers instantly when they place an order on your WooComm …

10 No CVEs
SMSConnectWoo Unify SMS Gateway Center

SMSConnectWoo Unify SMS Gateway Center

sms-connect-woo-unify-sms-gateway-center

A
100

Enhance your WooCommerce store with instant SMS alerts for order updates and engage customers with automated messages using unify.smsgateway.

0 No CVEs
Velstack SMS For WooCommerce

Velstack SMS For WooCommerce

velstack-sms-for-woocommerce

A
92

Velstack SMS For WooCommerce enables automatic SMS notifications for order updates.

0 No CVEs
WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

A
95

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs
Developer Profile

E-goi SMS Orders Alert/Notifications Developer Profile

E-goi

3 plugins · 1K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
1127 days
View full developer profile
Detection Fingerprints

How We Detect E-goi SMS Orders Alert/Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sms-orders-alertnotifications-for-woocommerce/js/scripts.js/wp-content/plugins/sms-orders-alertnotifications-for-woocommerce/css/style.css
Script Paths
/wp-content/plugins/sms-orders-alertnotifications-for-woocommerce/js/scripts.js
Version Parameters
sms-orders-alertnotifications-for-woocommerce/js/scripts.js?ver=sms-orders-alertnotifications-for-woocommerce/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
egoi-sms-order-settings
HTML Comments
<!-- To use this plugin, you first need to install<!-- By removing this plugin, you will no longer be able to use the SMS plugin
Data Attributes
data-egoi-sms-order-iddata-egoi-sms-order-status
JS Globals
window.egoi_sms_order_settings
FAQ

Frequently Asked Questions about E-goi SMS Orders Alert/Notifications