Does SMS8.io have any unpatched vulnerabilities?

No. All known vulnerabilities in SMS8.io have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SMS8.io compatible with WordPress 6.3.8?

According to WordPress.org data, SMS8.io 3.0.2 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is SMS8.io compatible with PHP 7.2+?

SMS8.io requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SMS8.io updated?

SMS8.io was last updated on Nov 1, 2023. Frequent updates are generally a positive security signal.

What is SMS8.io's security score?

SMS8.io has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SMS8.io Security & Risk Analysis

wordpress.org/plugins/sms8-io

FREE SMS 8 plugin is a WordPress plugin that allows you to send SMS notifications to your customers instantly when they place an order on your WooComm …

10 active installs v3.0.2 PHP 7.2+ WP 5.8+ Updated Nov 1, 2023

notificationsorders-smssmssms8-iowoocommerce-sms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SMS8.io Safe to Use in 2026?

Generally Safe

Score 85/100

SMS8.io has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The static analysis of sms8-io v3.0.2 reveals a generally strong security posture. The absence of any identified entry points without authentication checks, coupled with 100% use of prepared statements for SQL queries and proper output escaping, indicates good development practices. The plugin also demonstrates a lack of dangerous functions, file operations, and has no known historical vulnerabilities.

However, a few areas warrant attention. The presence of an external HTTP request, while not inherently a vulnerability, represents a potential attack vector if the target endpoint is compromised or if the request is not properly handled. The lack of nonce checks and capability checks, especially if any hidden functionalities exist beyond the analyzed entry points, could be a concern in a broader context. Nevertheless, with no active vulnerabilities and a clean historical record, the plugin appears to be relatively secure.

In conclusion, sms8-io v3.0.2 exhibits commendable security practices, particularly in its handling of database interactions and output. The primary area of slight concern is the external HTTP request, which requires careful monitoring and secure implementation. The absence of historical vulnerabilities suggests a commitment to security by the developers. Overall, the plugin presents a low-risk profile based on the provided data.

Key Concerns

External HTTP request detected
No nonce checks found
No capability checks found

Vulnerabilities

None known

SMS8.io Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

SMS8.io Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped11 total outputs

Attack Surface

SMS8.io Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menuclass-sms8-io.php:5

actionadmin_initclass-sms8-io.php:6

actionwoocommerce_new_orderclass-sms8-io.php:8

actionwoocommerce_order_status_changedclass-sms8-io.php:9

actionwoocommerce_order_status_cancelledclass-sms8-io.php:10

Maintenance & Trust

SMS8.io Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedNov 1, 2023

PHP min version7.2

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

SMS8.io Alternatives

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

wp-twilio-core

100

Send SMS, OTP & 2FA notifications from WordPress via Twilio. Includes automated alerts, bulk messaging, and integrations with popular plugins.

2K No CVEs

Ultimate SMS Notifications – Messaging, Alerts & OTP

ultimate-sms

100

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

10 No CVEs

SMSDojo

smsdojo

100

FREE SMSDojo lets you send instant WooCommerce SMS alerts to keep customers informed and engaged throughout their order process.

0 No CVEs

miniOrange OTP Login, Verification and SMS Notifications

miniorange-otp-verification

100

OTP Verification via Email/SMS/WhatsApp,SMS Notifications for WooCommerce,OTP Login with Phone,PasswordLess Login.Custom Gateway for OTP Verification

6K 1 CVE

Developer Profile

SMS8.io Developer Profile

SMS8.io

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SMS8.io

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sms8-io/admin/js/admin-script.js

Script Paths