Does SMSify have any unpatched vulnerabilities?

No. All known vulnerabilities in SMSify have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SMSify compatible with WordPress 6.7.5?

According to WordPress.org data, SMSify 6.1.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is SMSify compatible with PHP 7.3+?

SMSify requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SMSify updated?

SMSify was last updated on Feb 25, 2025. Frequent updates are generally a positive security signal.

What is SMSify's security score?

SMSify has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SMSify Security & Risk Analysis

wordpress.org/plugins/smsify

This amazing WordPress plugin lets you keep your users informed with personalised and automated messages, right to their phones.

10 active installs v6.1.2 PHP 7.3+ WP 5.3+ Updated Feb 25, 2025

bulk-smsmessagingschedule-messagessmssms-marketing

A · Safe

CVEs total1

Unpatched0

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is SMSify Safe to Use in 2026?

Generally Safe

Score 91/100

SMSify has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 11, 2024Updated 1yr ago

Risk Assessment

The "smsify" plugin v6.1.2 exhibits a generally good security posture with several positive indicators, including a complete lack of unprotected entry points and robust use of prepared statements for SQL queries. The overwhelming majority of output is properly escaped, and ample capability checks and nonce checks are in place, demonstrating a commitment to secure coding practices. Taint analysis also shows no unsanitized paths, which is a significant strength. However, the presence of two `unserialize` function calls represents a notable concern. While not flagged as vulnerable in the static analysis, `unserialize` is inherently risky and can lead to serious vulnerabilities if not handled with extreme care, especially if the data being unserialized originates from untrusted user input. The plugin's vulnerability history, while currently showing no unpatched CVEs, does include a past medium-severity Cross-Site Scripting (XSS) vulnerability. This suggests that while the current version may be clean, a historical pattern of input sanitization issues warrants vigilance. Overall, the plugin is well-implemented with strong fundamental security controls, but the `unserialize` functions introduce a potential risk that should be closely monitored and ideally mitigated.

Key Concerns

Dangerous function: unserialize found
Past medium severity vulnerability recorded

Vulnerabilities

SMSify Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-54324medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SMSify <= 6.0.4 - Reflected Cross-Site Scripting

Dec 11, 2024 Patched in 6.1.0 (9d)

Code Analysis

Analyzed Mar 17, 2026

SMSify Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

350 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn unserialize(get_site_option('smsify_integrations'));includes\functions.php:630

unserialize$smsify_webhooks = unserialize(get_site_option('smsify_webhooks'));includes\functions.php:634

SQL Query Safety

100% prepared2 total queries

Output Escaping

97% escaped359 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

smsify_delete_schedule (includes\functions.php:432)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SMSify Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_smsify_sms_handlerincludes\functions.php:55

authwp_ajax_smsify_sms_group_handlerincludes\functions.php:285

authwp_ajax_smsify_sms_remove_schedule_handlerincludes\functions.php:431

WordPress Hooks 48

actionpersonal_options_updateincludes\functions.php:45

actionedit_user_profile_updateincludes\functions.php:46

actionsmsify_send_sms_hookincludes\functions.php:209

actionsmsify_notify_webhookincludes\functions.php:641

actionwpcf7_before_send_mailincludes\functions.php:654

actionadmin_menumodules\importusers\import-users-from-csv.php:25

actioninitmodules\importusers\import-users-from-csv.php:26

actioninitmodules\importusers\import-users-from-csv.php:27

actionplugins_loadedmodules\importusers\import-users-from-csv.php:379

filtermanage_users_columnsmodules\usergroups\UserGroups.php:9

actionmanage_users_custom_columnmodules\usergroups\UserGroups.php:10

actionadmin_print_scriptsmodules\usergroups\UserGroups.php:12

actionadmin_print_stylesmodules\usergroups\UserGroups.php:13

actionadmin_headmodules\usergroups\UserGroups.php:14

actionadmin_headmodules\usergroups\UserGroups.php:15

actionpre_user_querymodules\usergroups\UserGroups.php:18

filterviews_usersmodules\usergroups\UserGroups.php:20

actionadmin_initmodules\usergroups\UserGroups.php:23

filterviews_usersmodules\usergroups\UserGroups.php:24

actionadmin_initmodules\usergroups\UserGroups.php:26

actioninitmodules\usergroups\UserGroups.php:29

actioncreate_termmodules\usergroups\UserGroups.php:30

actionedit_termmodules\usergroups\UserGroups.php:31

actionadmin_menumodules\usergroups\UserGroups.php:32

filteruser-group_row_actionsmodules\usergroups\UserGroups.php:33

actionmanage_user-group_custom_columnmodules\usergroups\UserGroups.php:34

filtermanage_edit-user-group_columnsmodules\usergroups\UserGroups.php:35

actionpersonal_options_updatemodules\usergroups\UserGroups.php:38

actionedit_user_profile_updatemodules\usergroups\UserGroups.php:39

actionshow_user_profilemodules\usergroups\UserGroups.php:42

actionedit_user_profilemodules\usergroups\UserGroups.php:43

actiondelete_usermodules\usergroups\UserGroups.php:46

filtersanitize_usermodules\usergroups\UserGroups.php:47

actionuser-group_edit_form_fieldsmodules\usergroups\UserGroups.php:472

actionuser-group_add_form_fieldsmodules\usergroups\UserGroups.php:473

actionuser-group_add_form_fieldsmodules\usergroups\UserGroups.php:476

actionuser-group_edit_formmodules\usergroups\UserGroups.php:477

actionadmin_initmodules\usergroups\UserGroupsExtended.php:9

actionuser-group_edit_form_fieldsmodules\usergroups\UserGroupsExtended.php:21

actionuser-group_add_form_fieldsmodules\usergroups\UserGroupsExtended.php:22

actionuser-group_add_form_fieldsmodules\usergroups\UserGroupsExtended.php:25

actionuser-group_edit_formmodules\usergroups\UserGroupsExtended.php:26

actionuser-group_add_form_fieldsmodules\usergroups\UserGroupsExtended.php:27

actionuser-group_edit_formmodules\usergroups\UserGroupsExtended.php:28

actionplugins_loadedmodules\usergroups\UserGroupsExtended.php:54

actionadmin_menusmsify.php:34

actionshow_user_profilesmsify.php:154

actionedit_user_profilesmsify.php:155

Maintenance & Trust

SMSify Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 25, 2025

PHP min version7.3

Downloads7K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

SMSify Alternatives

Email & SMS Marketing Automations powered by MessengerOS

messengeros

100

Collect subscribers and send them automated welcome emails or newsletters using the MessengerOS Email & SMS Marketing Platform.

0 No CVEs

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs

Smart Marketing SMS and Newsletters Forms

smart-marketing-for-wp

E-commerce Automation Engine: Product sync, Track & Engage, and abandoned cart recovery via Email and SMS for WooCommerce stores.

1K 2 CVEs

ShopMagic – Twilio SMS

shopmagic-for-twilio

100

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind …

800 No CVEs

Abandoned cart SMS reminders and SMS campaigns – CartFox

cartfox

Dynamic SMS abandoned cart reminders with coupons, post-purchase campaigns and various options for SMS campaigns. Available for 58 languages worldwide …

300 No CVEs

Developer Profile

SMSify Developer Profile

mtomic

1 plugin · 10 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect SMSify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smsify/images/sms_icon.png

Script Paths

/wp-content/plugins/smsify/js/smsify-custom.js

Version Parameters

smsify-custom.js?ver=

HTML / DOM Fingerprints

CSS Classes

smsify-appsmsify-send-user-modalsmsify-user-trackingsmsify-tracking-optin

HTML Comments

Data Attributes

data-smsify-tracking-id

JS Globals

smsify_params

FAQ