Does TextMe SMS have any unpatched vulnerabilities?

No. All known vulnerabilities in TextMe SMS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TextMe SMS compatible with WordPress 6.9.4?

According to WordPress.org data, TextMe SMS 2.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is TextMe SMS compatible with PHP 7.4+?

TextMe SMS requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TextMe SMS updated?

TextMe SMS was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is TextMe SMS's security score?

TextMe SMS has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TextMe SMS Security & Risk Analysis

wordpress.org/plugins/textme-sms-integration

Send custom SMS messages from your WordPress site to your customers using the TextMe SMS gateway.

600 active installs v2.0.3 PHP 7.4+ WP 5.2+ Updated Mar 12, 2026

contact-form-7notificationssmstext-messagewoocommerce

A · Safe

CVEs total3

Unpatched0

Last CVEApr 3, 2025

Plugin page Download

Safety Verdict

Is TextMe SMS Safe to Use in 2026?

Generally Safe

Score 96/100

TextMe SMS has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 3, 2025Updated 22d ago

Risk Assessment

The 'textme-sms-integration' plugin version 2.0.3 presents a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and robust nonce and capability checks on entry points, several areas warrant attention. The static analysis reveals a significant attack surface with 42 AJAX handlers, although reassuringly, all appear to have authentication checks. However, only 75% of output escaping is properly handled, leaving a portion of outputs potentially vulnerable to Cross-Site Scripting (XSS) if specific user-controlled data is present in those unescaped locations. Furthermore, the plugin's history of three known CVEs, including a high-severity missing authorization vulnerability and two medium-severity XSS issues, is a notable concern. The fact that there are no currently unpatched vulnerabilities is positive, but the recurring nature of these vulnerability types suggests a pattern that developers should address proactively to prevent future occurrences.

Key Concerns

Notable CVE history (1 High, 2 Medium)
Significant portion of outputs not properly escaped
Large number of AJAX handlers

Vulnerabilities

TextMe SMS Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-31789medium · 6.5Missing Authorization

TextMe SMS <= 1.9.1 - Missing Authorization

Apr 3, 2025 Patched in 1.9.2 (40d)

CVE-2023-48287medium · 4.3Missing Authorization

TextMe SMS <= 1.9.0 - Missing Authorization via tetxme_update_option_page()

Nov 23, 2023 Patched in 1.9.1 (61d)

WF-9821e51c-1042-47b8-b104-32f5651c31c9-textme-sms-integrationhigh · 7.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

TextMe SMS <= 1.8.8 - Authenticated Stored Cross-Site Scripting

Aug 24, 2021 Patched in 1.8.9 (882d)

Code Analysis

Analyzed Mar 16, 2026

TextMe SMS Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

131

400 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

83% prepared12 total queries

Output Escaping

75% escaped531 total outputs

Attack Surface

TextMe SMS Attack Surface

Entry Points44

Unprotected0

AJAX Handlers 42

authwp_ajax_textme_test_connectioninc\admin\class-textme-sms-admin-options.php:47

authwp_ajax_textme_get_balanceinc\admin\class-textme-sms-admin-options.php:48

authwp_ajax_textme_send_test_smsinc\admin\class-textme-sms-admin-options.php:49

authwp_ajax_textme_migrate_from_v1inc\admin\class-textme-sms-admin-options.php:50

authwp_ajax_textme_test_migration_connectioninc\admin\class-textme-sms-admin-options.php:51

authwp_ajax_textme_auto_generate_tokeninc\admin\class-textme-sms-admin-options.php:52

authwp_ajax_textme_manual_migrate_v1inc\admin\class-textme-sms-admin-options.php:53

authwp_ajax_textme_test_balance_monitorinc\admin\class-textme-sms-admin-options.php:54

authwp_ajax_textme_enable_balance_monitorinc\admin\class-textme-sms-admin-options.php:55

authwp_ajax_textme_disable_balance_monitorinc\admin\class-textme-sms-admin-options.php:56

authwp_ajax_textme_reset_all_settingsinc\admin\class-textme-sms-admin-options.php:57

authwp_ajax_textme_clear_logsinc\admin\class-textme-sms-admin-options.php:58

authwp_ajax_textme_save_extension_optionsinc\admin\class-textme-sms-admin-options.php:59

authwp_ajax_textme_migrate_from_v1inc\core\class-textme-sms-migration.php:49

authwp_ajax_textme_stock_notify_migrateinc\extensions\class-textme-sms-wc-stock-notify.php:80

authwp_ajax_textme_stock_notify_migrateinc\extensions\class-textme-sms-wc-stock-notify.php:85

authwp_ajax_textme_stock_notify_submitinc\extensions\class-textme-sms-wc-stock-notify.php:97

noprivwp_ajax_textme_stock_notify_submitinc\extensions\class-textme-sms-wc-stock-notify.php:98

authwp_ajax_textme_stock_notify_send_bulkinc\extensions\class-textme-sms-wc-stock-notify.php:103

authwp_ajax_textme_stock_notify_deleteinc\extensions\class-textme-sms-wc-stock-notify.php:104

authwp_ajax_textme_admin_check_logininc\features\class-textme-sms-admin-otp.php:90

noprivwp_ajax_textme_admin_check_logininc\features\class-textme-sms-admin-otp.php:91

authwp_ajax_textme_verify_otpinc\features\class-textme-sms-admin-otp.php:92

noprivwp_ajax_textme_verify_otpinc\features\class-textme-sms-admin-otp.php:93

authwp_ajax_textme_send_otpinc\features\class-textme-sms-admin-otp.php:94

noprivwp_ajax_textme_send_otpinc\features\class-textme-sms-admin-otp.php:95

authwp_ajax_textme_wc_check_logininc\features\class-textme-sms-admin-otp.php:98

noprivwp_ajax_textme_wc_check_logininc\features\class-textme-sms-admin-otp.php:99

authwp_ajax_textme_login_with_credentialsinc\features\class-textme-sms-login-shortcode.php:115

noprivwp_ajax_textme_login_with_credentialsinc\features\class-textme-sms-login-shortcode.php:116

authwp_ajax_textme_login_with_phoneinc\features\class-textme-sms-login-shortcode.php:118

noprivwp_ajax_textme_login_with_phoneinc\features\class-textme-sms-login-shortcode.php:119

authwp_ajax_textme_verify_login_otpinc\features\class-textme-sms-login-shortcode.php:121

noprivwp_ajax_textme_verify_login_otpinc\features\class-textme-sms-login-shortcode.php:122

authwp_ajax_textme_resend_login_otpinc\features\class-textme-sms-login-shortcode.php:124

noprivwp_ajax_textme_resend_login_otpinc\features\class-textme-sms-login-shortcode.php:125

authwp_ajax_textme_get_reportsinc\features\class-textme-sms-reports.php:45

authwp_ajax_textme_restock_get_datainc\features\class-textme-sms-restock.php:55

authwp_ajax_textme_restock_send_smsinc\features\class-textme-sms-restock.php:56

authwp_ajax_textme_restock_deleteinc\features\class-textme-sms-restock.php:57

authwp_ajax_tetxme_update_option_pageincludes\admin.php:76

authwp_ajax_textme_update_accountincludes\admin.php:138

Shortcodes 2

[textme_login_form] inc\features\class-textme-sms-login-shortcode.php:134

[textme_phone_login] inc\features\class-textme-sms-login-shortcode.php:135

WordPress Hooks 73

actiontextme_sms_form_fieldsextensions\contact-form-7.php:101

actionwpcf7_mail_sentextensions\contact-form-7.php:153

actiontextme_sms_form_fieldsextensions\elementor.php:89

actionelementor_pro/forms/validationextensions\elementor.php:134

actiontextme_sms_form_fieldsextensions\new-user-registration.php:48

actionuser_registerextensions\new-user-registration.php:79

actiontextme_sms_form_fieldsextensions\pojo-forms.php:102

actionpojo_forms_mail_sentextensions\pojo-forms.php:143

actiontextme_sms_form_fieldsextensions\woocommerce.php:246

actionwoocommerce_order_status_processingextensions\woocommerce.php:287

actionwoocommerce_order_status_cancelledextensions\woocommerce.php:328

actionwoocommerce_order_status_completedextensions\woocommerce.php:357

actionwoocommerce_new_customer_noteextensions\woocommerce.php:379

actionadmin_menuinc\admin\class-textme-sms-admin-options.php:41

actionadmin_initinc\admin\class-textme-sms-admin-options.php:42

actionadmin_enqueue_scriptsinc\admin\class-textme-sms-admin-options.php:43

filterwp_redirectinc\admin\class-textme-sms-admin-options.php:44

actiontextme_sms_daily_balance_checkinc\core\class-textme-sms-balance-monitor.php:80

filtercron_schedulesinc\core\class-textme-sms-balance-monitor.php:83

actiontextme_sms_daily_balance_checkinc\core\class-textme-sms-logger.php:58

actionadmin_initinc\core\class-textme-sms-migration.php:48

actionupgrader_process_completeinc\core\class-textme-sms-migration.php:51

actionadmin_noticesinc\core\class-textme-sms-migration.php:53

actionadmin_initinc\core\class-textme-sms-setup.php:61

actionadmin_menuinc\core\class-textme-sms-setup.php:64

actionadmin_initinc\extensions\class-textme-sms-contact-form-7.php:82

actionadmin_initinc\extensions\class-textme-sms-contact-form-7.php:85

actionwpcf7_mail_sentinc\extensions\class-textme-sms-contact-form-7.php:88

filterwpcf7_editor_panelsinc\extensions\class-textme-sms-contact-form-7.php:91

actionwpcf7_save_contact_forminc\extensions\class-textme-sms-contact-form-7.php:94

filterwpcf7_contact_form_propertiesinc\extensions\class-textme-sms-contact-form-7.php:97

filterwpcf7_pre_construct_contact_form_propertiesinc\extensions\class-textme-sms-contact-form-7.php:98

actionadmin_enqueue_scriptsinc\extensions\class-textme-sms-contact-form-7.php:101

actionadmin_initinc\extensions\class-textme-sms-elementor.php:63

actionelementor_pro/forms/validationinc\extensions\class-textme-sms-elementor.php:67

actionwp_enqueue_scriptsinc\extensions\class-textme-sms-wc-stock-notify.php:88

filterwoocommerce_get_stock_htmlinc\extensions\class-textme-sms-wc-stock-notify.php:91

filterwoocommerce_available_variationinc\extensions\class-textme-sms-wc-stock-notify.php:94

actionadmin_enqueue_scriptsinc\extensions\class-textme-sms-wc-stock-notify.php:101

actionadd_meta_boxesinc\extensions\class-textme-sms-wc-stock-notify.php:102

actionwoocommerce_product_set_stock_statusinc\extensions\class-textme-sms-wc-stock-notify.php:107

actionadmin_initinc\extensions\class-textme-sms-woocommerce.php:63

actionadmin_initinc\extensions\class-textme-sms-woocommerce.php:66

actionwoocommerce_order_status_processinginc\extensions\class-textme-sms-woocommerce.php:69

actionwoocommerce_order_status_completedinc\extensions\class-textme-sms-woocommerce.php:70

actionwoocommerce_order_status_cancelledinc\extensions\class-textme-sms-woocommerce.php:71

actionwoocommerce_order_status_pendinginc\extensions\class-textme-sms-woocommerce.php:72

actionwoocommerce_new_customer_noteinc\extensions\class-textme-sms-woocommerce.php:73

actioninitinc\extensions\class-textme-sms-woocommerce.php:76

filterwoocommerce_checkout_fieldsinc\extensions\class-textme-sms-woocommerce.php:79

actionwoocommerce_checkout_update_order_metainc\extensions\class-textme-sms-woocommerce.php:80

actionwoocommerce_admin_order_data_after_billing_addressinc\extensions\class-textme-sms-woocommerce.php:81

actioninitinc\features\class-textme-sms-admin-otp.php:83

actionadmin_initinc\features\class-textme-sms-admin-otp.php:86

actionlogin_enqueue_scriptsinc\features\class-textme-sms-admin-otp.php:89

actionwp_enqueue_scriptsinc\features\class-textme-sms-admin-otp.php:100

actioninitinc\features\class-textme-sms-login-shortcode.php:106

actioninitinc\features\class-textme-sms-login-shortcode.php:109

actionwp_enqueue_scriptsinc\features\class-textme-sms-login-shortcode.php:112

actionadmin_menuinc\features\class-textme-sms-reports.php:43

actionadmin_enqueue_scriptsinc\features\class-textme-sms-reports.php:44

actionadmin_menuinc\features\class-textme-sms-restock.php:51

actionadmin_enqueue_scriptsinc\features\class-textme-sms-restock.php:52

actionadmin_initinc\features\class-textme-sms-user-registration-coupon.php:63

actionuser_registerinc\features\class-textme-sms-user-registration-coupon.php:67

actionadded_user_metainc\features\class-textme-sms-user-registration-coupon.php:72

actionupdated_user_metainc\features\class-textme-sms-user-registration-coupon.php:73

actionadmin_menuincludes\admin.php:33

actionplugins_loadedincludes\i18n.php:29

actionadmin_enqueue_scriptsincludes\scripts-styles.php:29

actionadmin_enqueue_scriptsincludes\scripts-styles.php:56

actionplugins_loadedtextme-sms-integration.php:104

actionplugins_loadedtextme-sms-integration.php:167

Scheduled Events 1

textme_sms_daily_balance_check

Maintenance & Trust

TextMe SMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads17K

Community Trust

Rating80/100

Number of ratings4

Active installs600

Alternatives

TextMe SMS Alternatives

SMS Contact Form 7 Notifications by ClickSend

clicksend-contactform7

Reliable and global SMS notifications for Contact Form 7. ClickSend brings instant SMS communication to the mix. By integrating these tools, you eleva …

100 1 unpatched

G Online SMS

g-online-sms

100

Send automated SMS notifications from WordPress — user registration, WooCommerce orders, Contact Form 7, Gravity Forms and more.

0 No CVEs

Sendit Israel

sendit-israel

100

Sendit Israel provides a simple SMS integration for WordPress and WooCommerce. Supports order status SMS notifications and Contact Form 7 submissions.

0 No CVEs

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

wp-twilio-core

100

Send SMS, OTP & 2FA notifications from WordPress via Twilio. Includes automated alerts, bulk messaging, and integrations with popular plugins.

2K No CVEs

Developer Profile

TextMe SMS Developer Profile

Matat Technologies

3 plugins · 1K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

233 days

View full developer profile

Detection Fingerprints

How We Detect TextMe SMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/textme-sms-integration/css/admin-style.css/wp-content/plugins/textme-sms-integration/js/admin-script.js

Script Paths

/wp-content/plugins/textme-sms-integration/js/admin-script.js

Version Parameters

textme-sms-integration/css/admin-style.css?ver=textme-sms-integration/js/admin-script.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-textme-api-keydata-textme-api-secretdata-textme-migrate-v1-urldata-textme-api-urldata-textme-sms-test-connection-urldata-textme-sms-get-balance-url+9 more

JS Globals

textme_admin_params

REST Endpoints

/wp-json/textme/v1/test-connection/wp-json/textme/v1/get-balance/wp-json/textme/v1/send-test-sms/wp-json/textme/v1/migrate-from-v1/wp-json/textme/v1/test-migration-connection/wp-json/textme/v1/auto-generate-token/wp-json/textme/v1/manual-migrate-v1/wp-json/textme/v1/test-balance-monitor/wp-json/textme/v1/enable-balance-monitor/wp-json/textme/v1/disable-balance-monitor/wp-json/textme/v1/reset-all-settings

FAQ