Does SMS OTP Authenticator have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SMS OTP Authenticator compatible with WordPress 6.7.5?

According to WordPress.org data, SMS OTP Authenticator 1.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is SMS OTP Authenticator updated?

SMS OTP Authenticator was last updated on Jan 30, 2025. Frequent updates are generally a positive security signal.

What is SMS OTP Authenticator's security score?

SMS OTP Authenticator has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SMS OTP Authenticator Security & Risk Analysis

wordpress.org/plugins/sms-otp-authenticator

Use this plugin to Verify & Authenticate users without any password through OTP on mobile number. Based on Email to SMS service as clicksend.com etc.

0 active installs v1.4 PHP + WP + Updated Jan 30, 2025

one-time-passwordsms-otp-authenticationsms-otp-authenticatorsms-verification

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SMS OTP Authenticator Safe to Use in 2026?

Generally Safe

Score 92/100

SMS OTP Authenticator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "sms-otp-authenticator" v1.4 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and proper output escaping are significant strengths. The plugin also appears to have a minimal attack surface with no unprotected entry points identified, and the presence of capability checks suggests some level of access control is implemented. However, the complete lack of nonce checks across all entry points is a notable concern, especially if any of the two capability checks are not sufficiently robust or are bypassed under specific circumstances. The plugin's vulnerability history is entirely clean, with no recorded CVEs, which is a positive indicator of its past security performance. This clean history, combined with the code signals, suggests a developer who is attentive to common security pitfalls, though the missing nonce checks may be an oversight rather than a deliberate design choice. Overall, while the plugin is built on good foundations, the absence of nonce validation represents a potential weakness that could be exploited.

Key Concerns

Missing nonce checks on all entry points

Vulnerabilities

None known

SMS OTP Authenticator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SMS OTP Authenticator Release Timeline

v1.4Current

Code Analysis

Analyzed Apr 16, 2026

SMS OTP Authenticator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

SMS OTP Authenticator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_initsms-otp-authenticator.php:28

actionadmin_menusms-otp-authenticator.php:29

actionadmin_bar_menusms-otp-authenticator.php:30

actionadmin_enqueue_scriptssms-otp-authenticator.php:31

Maintenance & Trust

SMS OTP Authenticator Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 30, 2025

PHP min version

Downloads396

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

SMS OTP Authenticator Alternatives

OTP Login & Register Woocommerce

mobile-login-woocommerce

Allow users to log in/sign up with a one-time password (OTP) sent to their mobile device.

2K 3 CVEs

Login with OTP

otp-login

Login with OTP for WordPress and WooCommerce. Secure your site by replacing static passwords with One Time Password (OTP) for login.

100 1 CVE

FraudLabs Pro SMS Verification

fraudlabs-pro-sms-verification

Description: SMS verification help merchants to authenticate the client's phone number via SMS verification to prevent fraudulent orders.

20 1 CVE

Contact Form 7 OTP SMS Verification

cf7-otp-sms-verification

SMS API: Buy Sms On All Bulk SMS

10 No CVEs

iSMS 2 Factor Authentication

isms-2-factor-authentication

SMS Authenticator (SMS Verification) integration for your WordPress contact forms.

10 No CVEs

Developer Profile

SMS OTP Authenticator Developer Profile

cs7.in

2 plugins · 100 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SMS OTP Authenticator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sms-otp-authenticator/lib/settings.php

Version Parameters

sms-otp-authenticator/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

smsotpauthn-toolbar-pagesmsotpauthn_menu_item_class

Data Attributes

id="smsotpauthn_enable"id="smsotpauthn_authentication"id="smsotpauthn_table"id="authentication_table"

JS Globals

window.onloaddocument.getElementById("smsotpauthn_enable")document.getElementById("smsotpauthn_authentication")

FAQ