Does WC SMS Notification have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WC SMS Notification compatible with WordPress 6.0.11?

According to WordPress.org data, WC SMS Notification 1.0.0 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is WC SMS Notification compatible with PHP 7.0+?

WC SMS Notification requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WC SMS Notification updated?

WC SMS Notification was last updated on Jun 13, 2022. Frequent updates are generally a positive security signal.

What is WC SMS Notification's security score?

WC SMS Notification has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WC SMS Notification Security & Risk Analysis

wordpress.org/plugins/wc-sms-notification

Order SMS Notofication for WooCommerce.

0 active installs v1.0.0 PHP 7.0+ WP 4.0+ Updated Jun 13, 2022

smswoocommercewoocommerce-sms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WC SMS Notification Safe to Use in 2026?

Generally Safe

Score 85/100

WC SMS Notification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The wc-sms-notification plugin v1.0.0 exhibits a generally good security posture with notable strengths in its adherence to secure coding practices. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and complete output escaping are significant positive indicators. Furthermore, the plugin has no recorded vulnerability history (CVEs), which suggests a commitment to maintaining a secure codebase. However, a critical concern arises from the presence of one unprotected AJAX handler. This creates a direct entry point into the plugin's functionality that is not secured by authentication or capability checks, potentially allowing unauthorized users to trigger sensitive actions. The plugin also makes four external HTTP requests, which, while not inherently a vulnerability, can introduce risks if the target endpoints are compromised or if the requests themselves are not handled securely.

Key Concerns

Unprotected AJAX handler detected
External HTTP requests present

Vulnerabilities

None known

WC SMS Notification Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WC SMS Notification Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

WC SMS Notification Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped38 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

woocommerce_setup (includes/Admin/Forms.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WC SMS Notification Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_sms_setup_formincludes/Ajax/Form.php:16

authwp_ajax_sms_setup_form_dataincludes/Ajax/GetData.php:16

WordPress Hooks 19

actionadmin_initincludes/Admin/Forms.php:15

actionadmin_noticesincludes/Admin/Forms.php:46

actionadmin_noticesincludes/Admin/Forms.php:77

actionadmin_menuincludes/Admin/Menu.php:18

actionadmin_enqueue_scriptsincludes/Admin/Menu.php:44

filtersms_verify_api_twilioincludes/Ajax/Verify.php:16

filtersms_verify_api_elitbuzzincludes/Ajax/Verify.php:17

actionrest_api_initincludes/Api.php:14

actionadmin_enqueue_scriptsincludes/Assets.php:16

actionwp_enqueue_scriptsincludes/Assets.php:18

filterwoocommerce_checkout_fieldsincludes/Frontend/Checkout.php:15

actionwoocommerce_checkout_update_order_metaincludes/Frontend/Checkout.php:16

actionwoocommerce_before_thankyouincludes/Frontend/Checkout.php:17

actionwoocommerce_order_status_changedincludes/Illuminate/Order.php:13

actionsdevs_send_sms_twilioincludes/Illuminate/Providers.php:13

actionsdevs_send_sms_elitbuzzincludes/Illuminate/Providers.php:14

actionplugins_loadedsms.php:82

actioninitsms.php:205

actioninitsms.php:208

Maintenance & Trust

WC SMS Notification Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJun 13, 2022

PHP min version7.0

Downloads752

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WC SMS Notification Alternatives

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

8K 17 CVEs

SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery

sms-alert

Send WooCommerce SMS notifications, OTP verification, abandoned cart recovery alerts, and real-time order updates to customers and admins.

4K 13 CVEs

افزونه پیامک حرفه ای فراز اس ام اس

farazsms

شما می توانید با استفاده از افزونه فراز اس ام اس، سایت خود را با ابزاری خودکار برای ارسال پیامک و ذخیره شماره در دفترچه تلفن، تقویت کنید.

2K 1 unpatched

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

wp-twilio-core

100

Send SMS, OTP & 2FA notifications from WordPress via Twilio. Includes automated alerts, bulk messaging, and integrations with popular plugins.

2K No CVEs

Netgsm

netgsm

Netgsm wordpress eklentisi ile kullanıcılarınıza sms uzaklığında kalın.

1K 1 unpatched

Developer Profile

WC SMS Notification Developer Profile

Abu Huraira Bin Aman

9 plugins · 9K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

238 days

View full developer profile

Detection Fingerprints

How We Detect WC SMS Notification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-sms-notification/assets/css/style.css/wp-content/plugins/wc-sms-notification/assets/js/admin.js/wp-content/plugins/wc-sms-notification/assets/js/frontend.js/wp-content/plugins/wc-sms-notification/assets/js/woocommerce.js

Script Paths

/wp-content/plugins/wc-sms-notification/assets/js/admin.js/wp-content/plugins/wc-sms-notification/assets/js/frontend.js/wp-content/plugins/wc-sms-notification/assets/js/woocommerce.js

Version Parameters

wc-sms-notification/assets/css/style.css?ver=wc-sms-notification/assets/js/admin.js?ver=wc-sms-notification/assets/js/frontend.js?ver=wc-sms-notification/assets/js/woocommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes

sdevs-sms-adminsdevs-sms-setup-pagesdevs-sms-woocommerce-pagesdevs-sms-template-page

Data Attributes

data-ajax-url

JS Globals

sdevs_sms_admin_paramssdevs_sms_frontend_paramssdevs_sms_woocommerce_params

REST Endpoints

/wp-json/sdevs-sms/v1/settings/wp-json/sdevs-sms/v1/get_setting/wp-json/sdevs-sms/v1/add_settings

FAQ