TerraReach SMS for WooCommerce Security & Risk Analysis
wordpress.org/plugins/terrareach-sms-for-woocommerceSMS gateway for Sri Lanka to send transactional or bulk SMS to your customers via WooCommerse store.
Is TerraReach SMS for WooCommerce Safe to Use in 2026?
Generally Safe
Score 100/100TerraReach SMS for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The static analysis of the "terrareach-sms-for-woocommerce" plugin version 1.0.1 reveals a very lean attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events. The code also demonstrates strong adherence to secure coding practices, as evidenced by the absence of dangerous functions, file operations, and a complete reliance on prepared statements for SQL queries and proper escaping for outputs. There are no reported vulnerabilities in its history, which is a positive indicator.
However, the presence of one external HTTP request without explicit details on its security handling is a minor concern. While the plugin has no known CVEs and a clean vulnerability history, the lack of nonces and capability checks on any potential (though currently zero) entry points is a weakness. If the attack surface were to grow in future versions, this could become a significant risk.
Overall, the plugin appears to be well-written and secure in its current version based on the provided data. Its strengths lie in its minimal attack surface and secure coding practices for data handling. The primary area for improvement, and a potential future risk, is the lack of explicit authentication and authorization checks which could be a blind spot if new entry points are introduced.
Key Concerns
- External HTTP request without explicit security checks
- No nonce checks on potential entry points
- No capability checks on potential entry points
TerraReach SMS for WooCommerce Security Vulnerabilities
TerraReach SMS for WooCommerce Code Analysis
TerraReach SMS for WooCommerce Attack Surface
WordPress Hooks 11
Maintenance & Trust
TerraReach SMS for WooCommerce Maintenance & Trust
Maintenance Signals
Community Trust
TerraReach SMS for WooCommerce Alternatives
GatewayAPI
gatewayapi
Send SMS notifications for WooCommerce orders, create SMS campaigns, manage contacts, and add two-factor authentication - powered by GatewayAPI.com.
Email Marketing for WooCommerce by Omnisend
omnisend-connect
Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend
افزونه پیامک ووکامرس Persian WooCommerce SMS
persian-woocommerce-sms
افزونه کامل و حرفه ای برای اطلاع رسانی پیامکی سفارشات و رویداد های محصولات ووکامرس
Brevo for WooCommerce
woocommerce-sendinblue-newsletter-subscription
All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.
WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce
wp-sms
Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.
TerraReach SMS for WooCommerce Developer Profile
3 plugins · 320 total installs
How We Detect TerraReach SMS for WooCommerce
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/terrareach-sms-for-woocommerce/admin/js/admin-scripts.js/wp-content/plugins/terrareach-sms-for-woocommerce/admin/css/admin-styles.css/wp-content/plugins/terrareach-sms-for-woocommerce/admin/js/admin-scripts.jsterrareach-sms-for-woocommerce/admin/js/admin-scripts.js?ver=1.0.0terrareach-sms-for-woocommerce/admin/css/admin-styles.css?ver=1.0.0HTML / DOM Fingerprints
pattern="^tr_prd_[a-z0-9]{32}$"maxlength="11"{{first_name}}{{last_name}}{{shop_name}}{{order_id}}