Does WEB2SMS have any unpatched vulnerabilities?

No. All known vulnerabilities in WEB2SMS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WEB2SMS compatible with WordPress 6.4.8?

According to WordPress.org data, WEB2SMS 1.0.0 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is WEB2SMS compatible with PHP 7.4+?

WEB2SMS requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WEB2SMS updated?

WEB2SMS was last updated on Jan 15, 2024. Frequent updates are generally a positive security signal.

What is WEB2SMS's security score?

WEB2SMS has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WEB2SMS Security & Risk Analysis

wordpress.org/plugins/web-2-sms

Send SMS via web2sms.ro on order status change & abandoned carts.

0 active installs v1.0.0 PHP 7.4+ WP 6.0+ Updated Jan 15, 2024

netopiaweb2sms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WEB2SMS Safe to Use in 2026?

Generally Safe

Score 85/100

WEB2SMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The web-2-sms plugin v1.0.0 exhibits a strong security posture based on the static analysis. A significant strength is the complete absence of dangerous functions, external HTTP requests, and file operations, which are common vectors for vulnerabilities. Furthermore, all SQL queries are properly prepared, and all output is correctly escaped, mitigating risks of SQL injection and XSS attacks respectively. The presence of nonce and capability checks on the identified entry points is also commendable.

Despite these positive findings, the static analysis did not reveal any taint flows, which means that potential vulnerabilities where user input could be used unsafely in sensitive operations were not detected. While this is a positive sign, it's important to note that taint analysis is not exhaustive and complex vulnerabilities might be missed. The vulnerability history is clean, with no known CVEs, indicating a history of relatively secure development or a lack of prior extensive security auditing. However, the absence of past vulnerabilities does not guarantee future security.

In conclusion, the plugin appears to be developed with good security practices in mind, demonstrating a low risk profile based on the provided data. The complete reliance on prepared statements and proper output escaping, along with checks on entry points, are significant strengths. The lack of any detected critical or high-severity issues in the static analysis and the absence of historical vulnerabilities further bolster this assessment. The only minor area of caution would be the reliance on the assumption that taint analysis was comprehensive, but given the overall positive indicators, the current risk is assessed as low.

Vulnerabilities

None known

WEB2SMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WEB2SMS Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared22 total queries

Output Escaping

100% escaped4 total outputs

Attack Surface

WEB2SMS Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_web2smsSmsContentCalculationwc-web2sms.php:480

WordPress Hooks 15

filterwoocommerce_settings_tabs_arraywc-web2sms.php:20

actionwoocommerce_settings_tabs_settings_tab_web2smswc-web2sms.php:21

actionwoocommerce_update_options_settings_tab_web2smswc-web2sms.php:22

actionwoocommerce_order_status_changedwc-web2sms.php:418

filtercron_scheduleswc-web2sms.php:487

actionweb2smsCartNotifywc-web2sms.php:506

actionwoocommerce_add_to_cartwc-web2sms.php:622

actionwoocommerce_cart_item_removedwc-web2sms.php:623

actionwoocommerce_cart_item_restoredwc-web2sms.php:624

actionwoocommerce_after_cart_item_quantity_updatewc-web2sms.php:625

actionwoocommerce_calculate_totalswc-web2sms.php:626

actionwoocommerce_after_checkout_validationwc-web2sms.php:627

actionwoocommerce_checkout_order_processedwc-web2sms.php:628

actionadmin_enqueue_scriptsweb2sms.php:29

actionadmin_enqueue_scriptsweb2sms.php:45

Scheduled Events 1

web2smsCartNotify

Maintenance & Trust

WEB2SMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedJan 15, 2024

PHP min version7.4

Downloads539

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WEB2SMS Alternatives

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs

Developer Profile

WEB2SMS Developer Profile

netopiapayments

2 plugins · 10K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WEB2SMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/web-2-sms/css/web2sms.css/wp-content/plugins/web-2-sms/css/toastr.min.css/wp-content/plugins/web-2-sms/js/toastr.min.js/wp-content/plugins/web-2-sms/js/web2sms.js

Script Paths

/wp-content/plugins/web-2-sms/js/toastr.min.js/wp-content/plugins/web-2-sms/js/web2sms.js

Version Parameters

web-2-sms/css/web2sms.css?ver=web-2-sms/css/toastr.min.css?ver=web-2-sms/js/toastr.min.js?ver=web-2-sms/js/web2sms.js?ver=

HTML / DOM Fingerprints

CSS Classes

woocommerce_settings_tab_web2sms

Data Attributes

id="show_documention"

JS Globals

web2sms_data

FAQ