WP-Safety

TextP2P Texting Widget Security & Risk Analysis

wordpress.org/plugins/textp2p-texting-widget

Allow site visitors to contact your business the way most prefer, by Texting. Installing the TextP2P Texting Widget plugin into your WordPress site pr …

30 active installs v1.7 PHP + WP 4.0+ Updated Jul 15, 2025
bulksmstext-messagestexting-widgettextp2pubscribes-sms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is TextP2P Texting Widget Safe to Use in 2026?

Generally Safe

Score 100/100

TextP2P Texting Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The textp2p-texting-widget plugin version 1.7 exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no recorded vulnerabilities or taint flows, significant concerns arise from its attack surface. A substantial portion of its AJAX handlers, specifically 4 out of 6, lack authentication checks, presenting a clear entry point for potential exploitation. Furthermore, only 2 out of 6 entry points have nonce checks implemented, leaving the majority vulnerable to CSRF attacks. The lack of capability checks on AJAX handlers is also a notable weakness, meaning any authenticated user could potentially trigger these functions, regardless of their role or permissions. The plugin's vulnerability history is clean, which is a positive indicator, suggesting past development may have been secure or issues were promptly addressed. However, the current static analysis reveals a pattern of insufficient access control for its AJAX endpoints, which remains a critical area of risk.

Key Concerns

  • Unprotected AJAX handlers
  • Insufficient nonce checks on AJAX
  • No capability checks on AJAX
  • Output escaping not fully implemented
Vulnerabilities
None known

TextP2P Texting Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

TextP2P Texting Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
23
54 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

70% escaped77 total outputs
Attack Surface
4 unprotected

TextP2P Texting Widget Attack Surface

Entry Points6
Unprotected4

AJAX Handlers 6

authwp_ajax_im_textp2p_dismiss_cache_messageinc\im-textp2p-functions.php:3
authwp_ajax_im_textp2p_get_list_disconnectedinc\im-textp2p-functions.php:146
authwp_ajax_im_textp2p_get_listinc\im-textp2p-functions.php:163
authwp_ajax_im_textp2p_send_form_datainc\im-textp2p-functions.php:242
noprivwp_ajax_im_textp2p_send_form_datainc\im-textp2p-functions.php:243
authwp_ajax_im_textp2p_dismiss_messageinc\im-textp2p-functions.php:319
WordPress Hooks 8
actionadmin_footerinc\im-textp2p-functions.php:10
actionadmin_noticesinc\im-textp2p-functions.php:326
actionplugins_loadedtextp2p-texting-widget.php:35
actionadmin_menutextp2p-texting-widget.php:40
actionadmin_enqueue_scriptstextp2p-texting-widget.php:41
actionwp_enqueue_scriptstextp2p-texting-widget.php:44
actionwp_enqueue_scriptstextp2p-texting-widget.php:45
actionwp_footertextp2p-texting-widget.php:46
Maintenance & Trust

TextP2P Texting Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 15, 2025
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

TextP2P Texting Widget Alternatives

SMS Abandoned Cart Recovery ✦ CartBoss

SMS Abandoned Cart Recovery ✦ CartBoss

cartboss

A
99

Boost your sales by recovering abandoned carts with pre-prepared & translated text messages!

400 1 CVE
text message sms plugin

text message sms plugin

text-message

A
92

text message by biz text lets your website receive and send text messages. reply to text messages from a pc or forward messages to your mobile phone.

100 No CVEs
Text Message Contact Form

Text Message Contact Form

text-message-contact-form-biztext

A
92

Receive a Text or email, from your website through the Text Message Contact Form by Biz Text. SMS notification of email received, no third-party apps …

60 No CVEs
Bulk SMS PLugin

Bulk SMS PLugin

bulk-sms

A
85

Bulk SMS Plugin enables Wordpress admins to allow their site visitors to send them SMS using SMS Gateway, it also supports auto response

10 No CVEs
gk-sms

gk-sms

gk-sms

A
85

Twilio Integration for WordPress

10 No CVEs
Developer Profile

TextP2P Texting Widget Developer Profile

Greg Armfield

1 plugin · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TextP2P Texting Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/textp2p-texting-widget/assets/css/style.css/wp-content/plugins/textp2p-texting-widget/assets/js/im-textp2p-chat.js/wp-content/plugins/textp2p-texting-widget/assets/js/im-textp2p-script.js
Script Paths
/wp-content/plugins/textp2p-texting-widget/assets/js/im-textp2p-chat.js/wp-content/plugins/textp2p-texting-widget/assets/js/im-textp2p-script.js
Version Parameters
textp2p-texting-widget/assets/css/style.css?ver=textp2p-texting-widget/assets/js/im-textp2p-chat.js?ver=textp2p-texting-widget/assets/js/im-textp2p-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
chatting__main_wrapperim__chatting__widgetim__chat__Bodychat__form__blockim__chat__form__block__HeaderContainerIm__TextInput__BarIm__TextInput__Bar::beforeIm__TextInput__Bar::after+23 more
Data Attributes
data-textp2p-list-iddata-textp2p-form-positiondata-textp2p-chat-themedata-textp2p-chat-box-titledata-textp2p-chat-box-window-background-colordata-textp2p-chat-box-title-background-color+29 more
JS Globals
imTextP2PimTextP2P_Admin
FAQ

Frequently Asked Questions about TextP2P Texting Widget