WP-Safety

Text Message SMS Extension for WooCommerce Security & Risk Analysis

wordpress.org/plugins/text-message-sms-extension-for-woocommerce

Integrate SMS with WooCommerce to send order Text notifications that allow for replies sent to an online Texting Dashboard or mobile phone(s).

10 active installs v1.5.0 PHP 5.6+ WP 4.0+ Updated Nov 19, 2024
smssms-extensionsms-notificationswoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Text Message SMS Extension for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Text Message SMS Extension for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The plugin "text-message-sms-extension-for-woocommerce" v1.5.0 exhibits several concerning security practices that warrant careful consideration. A significant weakness lies in its attack surface, with two AJAX handlers, both lacking authentication checks. This opens the door for unauthenticated users to potentially interact with these handlers, leading to unintended actions or information disclosure. Furthermore, the plugin uses raw SQL queries without prepared statements, which, combined with potentially unsanitized input from the identified taint flow, presents a risk of SQL injection vulnerabilities. The lack of nonce and capability checks on its entry points further exacerbates these risks, as it allows for unauthorized access and execution. While the plugin has no recorded vulnerability history, this does not guarantee its current security. The absence of past CVEs could be due to its limited scope, recent development, or simply a lack of public scrutiny. The current static analysis findings, particularly the unprotected AJAX handlers and raw SQL queries, are significant indicators of potential security weaknesses that require immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • SQL queries not using prepared statements
  • Flow with unsanitized paths
  • Missing nonce checks
  • Missing capability checks
  • Output escaping: 58% properly escaped
Vulnerabilities
None known

Text Message SMS Extension for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Text Message SMS Extension for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
14
19 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

58% escaped33 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
<wpbiztextwc-settings> (admin\wpbiztextwc-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Text Message SMS Extension for WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wpbiztextwc_send_custom_textsms-for-woocommerce.php:516
noprivwp_ajax_wpbiztextwc_send_custom_textsms-for-woocommerce.php:517
WordPress Hooks 24
filterwoocommerce_settings_tabs_arrayadmin\wpbiztextwc-settings.php:17
filterwoocommerce_get_settings_pagesadmin\wpbiztextwc-settings.php:625
actionbefore_woocommerce_initsms-for-woocommerce.php:31
actionadmin_menusms-for-woocommerce.php:56
actionadd_meta_boxessms-for-woocommerce.php:118
actionadmin_print_scriptssms-for-woocommerce.php:229
actionadmin_headsms-for-woocommerce.php:230
actionadmin_headsms-for-woocommerce.php:236
actionadmin_print_scriptssms-for-woocommerce.php:251
filterwoocommerce_checkout_fieldssms-for-woocommerce.php:262
actionwoocommerce_after_checkout_billing_formsms-for-woocommerce.php:281
actionwoocommerce_checkout_update_order_metasms-for-woocommerce.php:293
actionwoocommerce_admin_order_data_after_billing_addresssms-for-woocommerce.php:303
actionwoocommerce_process_shop_order_metasms-for-woocommerce.php:341
filterbulk_actions-edit-shop_ordersms-for-woocommerce.php:351
filterhandle_bulk_actions-edit-shop_ordersms-for-woocommerce.php:360
actionadmin_noticessms-for-woocommerce.php:413
filtermanage_edit-shop_order_columnssms-for-woocommerce.php:435
actionmanage_shop_order_posts_custom_columnsms-for-woocommerce.php:452
filterwoocommerce_checkout_fieldssms-for-woocommerce.php:494
filterwoocommerce_billing_fieldssms-for-woocommerce.php:506
actionwoocommerce_new_orderwpbiztextwc-text-templates.php:11
actionwoocommerce_order_status_changedwpbiztextwc-text-templates.php:20
actionadmin_noticeswpbiztextwc-text-templates.php:331
Maintenance & Trust

Text Message SMS Extension for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 19, 2024
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Text Message SMS Extension for WooCommerce Alternatives

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

A
95

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs
ShopMagic – Twilio SMS

ShopMagic – Twilio SMS

shopmagic-for-twilio

A
100

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind &hellip;

800 No CVEs
Ultimate WP Mail

Ultimate WP Mail

ultimate-wp-mail

B
70

Custom email and SMS notifications. Automatic send actions. WPForms SMS integration. WooCommerce notifications for purchases, abandoned cart and more!

800 1 unpatched
SB SMS Sender

SB SMS Sender

sb-sms-sender

A
85

Send SMS to client using SMS club.

20 No CVEs
Jusibe SMS Notifications for WooCommerce

Jusibe SMS Notifications for WooCommerce

jusibe-wc-sms-notifications

A
85

Jusibe SMS Notifications for WooCommerce allow you to Send SMS order notifications to store admins and customers from your WooCommerce store.

10 No CVEs
Developer Profile

Text Message SMS Extension for WooCommerce Developer Profile

biz text

4 plugins · 220 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Text Message SMS Extension for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/text-message-sms-extension-for-woocommerce/assets/css/bootstrap.min.css/wp-content/plugins/text-message-sms-extension-for-woocommerce/assets/css/wpbiztextwc-admin-style.css/wp-content/plugins/text-message-sms-extension-for-woocommerce/assets/js/wpbiztextwc-admin-script.js
Script Paths
/wp-content/plugins/text-message-sms-extension-for-woocommerce/assets/js/wpbiztextwc-admin-script.js
Version Parameters
text-message-sms-extension-for-woocommerce/assets/css/bootstrap.min.css?ver=text-message-sms-extension-for-woocommerce/assets/css/wpbiztextwc-admin-style.css?ver=text-message-sms-extension-for-woocommerce/assets/js/wpbiztextwc-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpbiztextwc-order-sms-metabox
Data Attributes
data-sms-template
JS Globals
wpbiztextwc_select_templatewpbiztextwc_selectplaceholder
FAQ

Frequently Asked Questions about Text Message SMS Extension for WooCommerce