Does Turbo SMS have any unpatched vulnerabilities?

No. All known vulnerabilities in Turbo SMS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Turbo SMS compatible with WordPress 5.8.13?

According to WordPress.org data, Turbo SMS 2.0 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is Turbo SMS compatible with PHP 5.2.4+?

Turbo SMS requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Turbo SMS updated?

Turbo SMS was last updated on Jul 24, 2021. Frequent updates are generally a positive security signal.

What is Turbo SMS's security score?

Turbo SMS has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Turbo SMS Security & Risk Analysis

wordpress.org/plugins/turbo-sms

Add Instant Order Status SMS Notifications Feature To Your Site

10 active installs v2.0 PHP 5.2.4+ WP 4.6+ Updated Jul 24, 2021

bulk-smssmssms-notificationsturbo-smswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Turbo SMS Safe to Use in 2026?

Generally Safe

Score 85/100

Turbo SMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The plugin 'turbo-sms' v2.0 exhibits a generally strong security posture based on the provided static analysis. The complete absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the codebase demonstrates good practices by utilizing prepared statements for all SQL queries and having no file operations or dangerous functions identified. The vulnerability history is also clear, with no recorded CVEs, suggesting a history of secure development.

However, there are a few areas of concern that prevent a perfect score. The presence of an external HTTP request without explicit mention of authentication or sanitization is a potential point of exposure, especially if the target endpoint is untrusted or the data sent is sensitive. Additionally, while most output is properly escaped, 26% of outputs are not, which could lead to cross-site scripting (XSS) vulnerabilities if unescaped data is rendered directly in the browser. The complete lack of nonce checks and capability checks, while seemingly mitigated by the lack of entry points, represents a potential risk if any entry points are added in future updates without corresponding security measures.

In conclusion, 'turbo-sms' v2.0 is largely secure due to its limited attack surface and good data handling practices. The main weaknesses lie in the potential risks associated with the external HTTP request and the unescaped output, along with the absence of robust authorization checks on potential future entry points. Addressing these specific areas would further harden the plugin's security.

Key Concerns

Unescaped output detected (26% of outputs)
External HTTP request without apparent auth/sanitization
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Turbo SMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Turbo SMS Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

74% escaped19 total outputs

Attack Surface

Turbo SMS Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_print_stylesadmin.php:6

actionadmin_menuadmin.php:8

actionadmin_initadmin.php:9

actionwoocommerce_new_orderwoocommerce.php:19

actionwoocommerce_order_status_processingwoocommerce.php:33

actionwoocommerce_order_status_completedwoocommerce.php:47

Maintenance & Trust

Turbo SMS Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedJul 24, 2021

PHP min version5.2.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Turbo SMS Alternatives

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs

Ultimate SMS Notifications – Messaging, Alerts & OTP

ultimate-sms

100

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

10 No CVEs

ShopMagic – Twilio SMS

shopmagic-for-twilio

100

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind …

800 No CVEs

Ultimate WP Mail

ultimate-wp-mail

Custom email and SMS notifications. Automatic send actions. WPForms SMS integration. WooCommerce notifications for purchases, abandoned cart and more!

800 1 unpatched

Branded SMS Pakistan

branded-sms-pakistan

100

Branded SMS Pakistan - WooCommerce plugin will allow you to send Branded or Short Code SMS notification automatically for orders placed in WooCommerce …

50 No CVEs

Developer Profile

Turbo SMS Developer Profile

TURBO SMS

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Turbo SMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/turbo-sms/css/style.css

HTML / DOM Fingerprints

CSS Classes

turbo_sms_settings_pageturbo_sms_settings_page_innerturbo_sms_settings_page_headerturbo_sms_settings_page_header_info

FAQ