Does SMSDojo have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SMSDojo compatible with WordPress 6.8.5?

According to WordPress.org data, SMSDojo 1.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SMSDojo compatible with PHP 8.0+?

SMSDojo requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SMSDojo updated?

SMSDojo was last updated on Dec 10, 2025. Frequent updates are generally a positive security signal.

What is SMSDojo's security score?

SMSDojo has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SMSDojo Security & Risk Analysis

wordpress.org/plugins/smsdojo

FREE SMSDojo lets you send instant WooCommerce SMS alerts to keep customers informed and engaged throughout their order process.

0 active installs v1.0.3 PHP 8.0+ WP 5.8+ Updated Dec 10, 2025

notificationsorder-smssmssms-gatewaywoocommerce-sms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SMSDojo Safe to Use in 2026?

Generally Safe

Score 100/100

SMSDojo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The smsdojo plugin version 1.0.3 exhibits a generally strong security posture based on the provided static analysis. The absence of identified attack surface points like unprotected AJAX handlers, REST API routes, or shortcodes is a significant positive. Furthermore, the code shows good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output, indicating a developer awareness of common web vulnerabilities.

However, a few areas warrant attention. The presence of an external HTTP request, while not inherently malicious, represents an external dependency that could be a vector for attacks if the target server is compromised or misconfigured. The complete lack of nonce checks across the plugin, combined with only one capability check, suggests that the plugin might be vulnerable to various forms of cross-site request forgery (CSRF) or unauthorized actions if any user-facing functionality exists that wasn't captured in the static analysis. The vulnerability history being entirely clear is a positive indicator, but it's crucial to remember that past performance is not indicative of future results, especially with limited historical data.

In conclusion, smsdojo v1.0.3 appears to be built with some solid security foundations, particularly in database interaction and output sanitization. The primary concerns lie in the potential for CSRF vulnerabilities due to the absence of nonce checks and the single external HTTP request as an unmitigated entry point for external influence. Continued vigilance and updates will be important for maintaining this security posture.

Key Concerns

External HTTP request without explicit context
No nonce checks implemented

Vulnerabilities

None known

SMSDojo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SMSDojo Release Timeline

v1.0.3Current

Code Analysis

Analyzed Mar 17, 2026

SMSDojo Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped16 total outputs

Attack Surface

SMSDojo Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_menuclass-smsdojo.php:17

actionadmin_initclass-smsdojo.php:18

actionwoocommerce_new_orderclass-smsdojo.php:21

actionwoocommerce_order_status_changedclass-smsdojo.php:22

actionwoocommerce_order_status_cancelledclass-smsdojo.php:23

actionadmin_noticessmsdojo.php:28

actionadmin_noticessmsdojo.php:46

Maintenance & Trust

SMSDojo Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 10, 2025

PHP min version8.0

Downloads157

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

SMSDojo Alternatives

Gray SMS – Complete SMS Notificaitons for WordPress, Woocommerce & Multi Features

gray-sms

100

Send WooCommerce order notifications and individual SMS messages using Twilio, Vonage, Plivo, Clickatell and other SMS gateways.

0 No CVEs

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

8K 17 CVEs

افزونه پیامک حرفه ای فراز اس ام اس

farazsms

شما می توانید با استفاده از افزونه فراز اس ام اس، سایت خود را با ابزاری خودکار برای ارسال پیامک و ذخیره شماره در دفترچه تلفن، تقویت کنید.

2K 1 unpatched

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

wp-twilio-core

100

Send SMS, OTP & 2FA notifications from WordPress via Twilio. Includes automated alerts, bulk messaging, and integrations with popular plugins.

2K No CVEs

WC – APG SMS Notifications

woocommerce-apg-sms-notifications

100

Add to your WooCommerce store SMS notifications to your customers when order status changed.

400 No CVEs

Developer Profile

SMSDojo Developer Profile

smsdojo

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SMSDojo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

FAQ