TextP2P Texting Widget Security & Risk Analysis
wordpress.org/plugins/textp2p-texting-widgetAllow site visitors to contact your business the way most prefer, by Texting. Installing the TextP2P Texting Widget plugin into your WordPress site pr …
Is TextP2P Texting Widget Safe to Use in 2026?
Mostly Safe
Score 78/100TextP2P Texting Widget is generally safe to use. 1 past CVE were resolved.
The textp2p-texting-widget plugin version 1.7 exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no recorded vulnerabilities or taint flows, significant concerns arise from its attack surface. A substantial portion of its AJAX handlers, specifically 4 out of 6, lack authentication checks, presenting a clear entry point for potential exploitation. Furthermore, only 2 out of 6 entry points have nonce checks implemented, leaving the majority vulnerable to CSRF attacks. The lack of capability checks on AJAX handlers is also a notable weakness, meaning any authenticated user could potentially trigger these functions, regardless of their role or permissions. The plugin's vulnerability history is clean, which is a positive indicator, suggesting past development may have been secure or issues were promptly addressed. However, the current static analysis reveals a pattern of insufficient access control for its AJAX endpoints, which remains a critical area of risk.
Key Concerns
- Unprotected AJAX handlers
- Insufficient nonce checks on AJAX
- No capability checks on AJAX
- Output escaping not fully implemented
TextP2P Texting Widget Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update
TextP2P Texting Widget Release Timeline
TextP2P Texting Widget Code Analysis
Output Escaping
TextP2P Texting Widget Attack Surface
AJAX Handlers 6
WordPress Hooks 8
Maintenance & Trust
TextP2P Texting Widget Maintenance & Trust
Maintenance Signals
Community Trust
TextP2P Texting Widget Alternatives
SMS Abandoned Cart Recovery ✦ CartBoss
cartboss
Boost your sales by recovering abandoned carts with pre-prepared & translated text messages!
text message sms plugin
text-message
text message by biz text lets your website receive and send text messages. reply to text messages from a pc or forward messages to your mobile phone.
Text Message Contact Form
text-message-contact-form-biztext
Receive a Text or email, from your website through the Text Message Contact Form by Biz Text. SMS notification of email received, no third-party apps …
Bulk SMS PLugin
bulk-sms
Bulk SMS Plugin enables Wordpress admins to allow their site visitors to send them SMS using SMS Gateway, it also supports auto response
gk-sms
gk-sms
Twilio Integration for WordPress
TextP2P Texting Widget Developer Profile
1 plugin · 30 total installs
How We Detect TextP2P Texting Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/textp2p-texting-widget/assets/css/style.css/wp-content/plugins/textp2p-texting-widget/assets/js/im-textp2p-chat.js/wp-content/plugins/textp2p-texting-widget/assets/js/im-textp2p-script.js/wp-content/plugins/textp2p-texting-widget/assets/js/im-textp2p-chat.js/wp-content/plugins/textp2p-texting-widget/assets/js/im-textp2p-script.jstextp2p-texting-widget/assets/css/style.css?ver=textp2p-texting-widget/assets/js/im-textp2p-chat.js?ver=textp2p-texting-widget/assets/js/im-textp2p-script.js?ver=HTML / DOM Fingerprints
chatting__main_wrapperim__chatting__widgetim__chat__Bodychat__form__blockim__chat__form__block__HeaderContainerIm__TextInput__BarIm__TextInput__Bar::beforeIm__TextInput__Bar::after+23 moredata-textp2p-list-iddata-textp2p-form-positiondata-textp2p-chat-themedata-textp2p-chat-box-titledata-textp2p-chat-box-window-background-colordata-textp2p-chat-box-title-background-color+29 moreimTextP2PimTextP2P_Admin