WP-Safety

SMSPlus for WooCommerce Security & Risk Analysis

wordpress.org/plugins/smsplus-for-woocommerce

Send SMS notifications to your customers when WooCommerce order statuses change, powered by the SMSPlus API.

0 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Feb 24, 2026
notificationsorder-statussmssmspluswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is SMSPlus for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

SMSPlus for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The smsplus-for-woocommerce plugin v1.0.0 exhibits a generally positive security posture based on the provided static analysis. The plugin successfully implements output escaping for all identified outputs and has a limited attack surface with only one AJAX handler, which appears to be protected. There are no identified critical or high severity taint flows, and the vulnerability history is clean, suggesting a lack of previously exploited weaknesses.

However, a significant concern arises from the handling of SQL queries. The analysis indicates that 100% of SQL queries are not using prepared statements. This is a critical security weakness that exposes the plugin to potential SQL injection vulnerabilities, even if none have been reported historically. While the plugin demonstrates good practices in other areas, this single flaw represents a substantial risk that should be addressed immediately. The presence of capability checks and nonce checks on the AJAX handler is a positive sign, mitigating the risk of unauthorized execution through that specific entry point.

Key Concerns

  • SQL queries not using prepared statements
Vulnerabilities
None known

SMSPlus for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SMSPlus for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
0
21 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

100% escaped21 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
save_settings (includes\class-smsplus-settings.php:60)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SMSPlus for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_smsplus_test_connectionincludes\class-smsplus-settings.php:36
WordPress Hooks 7
actionwoocommerce_order_status_changedincludes\class-smsplus-notifications.php:18
filterwoocommerce_settings_tabs_arrayincludes\class-smsplus-settings.php:32
actionwoocommerce_settings_tabs_smsplusincludes\class-smsplus-settings.php:33
actionwoocommerce_update_options_smsplusincludes\class-smsplus-settings.php:34
actionadmin_enqueue_scriptsincludes\class-smsplus-settings.php:35
actionadmin_noticessmsplus-for-woocommerce.php:33
actionplugins_loadedsmsplus-for-woocommerce.php:75
Maintenance & Trust

SMSPlus for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads125

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

SMSPlus for WooCommerce Alternatives

Zibad Smart Notifier

Zibad Smart Notifier

zibad-smart-notifier

A
100

Smart Notifier helps WooCommerce stores send automated SMS notifications for order events.

0 No CVEs
WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

A
95

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs
NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

wp-twilio-core

A
100

Send SMS, OTP & 2FA notifications from WordPress via Twilio. Includes automated alerts, bulk messaging, and integrations with popular plugins.

2K No CVEs
ShopMagic – Twilio SMS

ShopMagic – Twilio SMS

shopmagic-for-twilio

A
100

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind …

800 No CVEs
Ultimate WP Mail

Ultimate WP Mail

ultimate-wp-mail

B
70

Custom email and SMS notifications. Automatic send actions. WPForms SMS integration. WooCommerce notifications for purchases, abandoned cart and more!

800 1 unpatched
Developer Profile

SMSPlus for WooCommerce Developer Profile

smsplus

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SMSPlus for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smsplus-for-woocommerce/assets/css/admin.css
Version Parameters
smsplus-for-woocommerce/assets/css/admin.css?ver=

HTML / DOM Fingerprints

Data Attributes
id="tab-smsplus"
JS Globals
smsplus_admin
FAQ

Frequently Asked Questions about SMSPlus for WooCommerce