WP-Safety

Mensagia for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-mensagia

Connect your ecommerce with Mensagia to create hypersegmented campaigns and send automatic notifications through SMS or Email Marketing.

10 active installs v1.6 PHP 5.3+ WP 4.4+ Updated Mar 2, 2022
e-commerceecommercemarketingmobilesms
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Mensagia for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Mensagia for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "woo-mensagia" plugin v1.6 presents a concerning security posture primarily due to its unprotected entry points and lack of essential security checks. With two AJAX handlers that have no authentication or capability checks, there is a significant risk of unauthorized access and arbitrary action execution. The code analysis also reveals that a substantial portion of SQL queries are not prepared, increasing the risk of SQL injection vulnerabilities. Furthermore, the low percentage of properly escaped output suggests potential for cross-site scripting (XSS) attacks. Despite a clean vulnerability history, this does not negate the immediate risks identified in the code itself. The absence of nonce checks and capability checks on public-facing AJAX endpoints is a critical oversight that requires immediate attention. While the plugin doesn't appear to bundle outdated libraries or perform file operations and external HTTP requests in an obviously insecure manner, the fundamental lack of security controls on its core interaction points is a major weakness.

Key Concerns

  • Unprotected AJAX handlers
  • SQL queries not prepared
  • Low output escaping coverage
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Mensagia for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Mensagia for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
19
7 prepared
Unescaped Output
189
28 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

27% prepared26 total queries

Output Escaping

13% escaped217 total outputs
Attack Surface
2 unprotected

Mensagia for WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_export_requestwoo-mensagia.php:473
authwp_ajax_notifications_requestwoo-mensagia.php:474
WordPress Hooks 8
actionadmin_menuwoo-mensagia.php:472
actionwoocommerce_order_status_changedwoo-mensagia.php:475
actionadmin_noticeswoo-mensagia.php:476
actionwoocommerce_thankyouwoo-mensagia.php:477
actionwoocommerce_payment_completewoo-mensagia.php:478
actionwoocommerce_order_refundedwoo-mensagia.php:479
actionbefore_delete_postwoo-mensagia.php:480
actionadmin_enqueue_scriptswoo-mensagia.php:481
Maintenance & Trust

Mensagia for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedMar 2, 2022
PHP min version5.3
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Mensagia for WooCommerce Alternatives

Bancomail Email Lists Integration

Bancomail Email Lists Integration

bancomail-email-lists-integration

A
85

A free, powerful plugin that empowers you to resell online the Bancomail database, quickly and easily.

10 No CVEs
eCommerce Dashboard

eCommerce Dashboard

ecommerce-dashboard

A
85

This plugin allows you to see your e-commerce sale stats on your mobile device.

10 No CVEs
Scopa Shoppable Product Tagging

Scopa Shoppable Product Tagging

scopa-shoppable-product-tagging

A
85

This plugin places the necessary code snippets to integrate Scopa Analytics tags into your Wordpress website.

0 No CVEs
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

A
96

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs
Newsletters, Email Marketing, SMS and Popups by Omnisend

Newsletters, Email Marketing, SMS and Popups by Omnisend

omnisend

A
100

Newsletters, Email Marketing, Email Automation, Forms, Pop Up, SMS by Omnisend

100K No CVEs
Developer Profile

Mensagia for WooCommerce Developer Profile

Sinermedia

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mensagia for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-mensagia/assets/css/mensagia_style.css/wp-content/plugins/woo-mensagia/assets/js/mensagia_script.js
Script Paths
/wp-content/plugins/woo-mensagia/assets/js/mensagia_script.js
Version Parameters
woo-mensagia/assets/css/mensagia_style.css?ver=woo-mensagia/assets/js/mensagia_script.js?ver=

HTML / DOM Fingerprints

CSS Classes
mensagia-sms-notification-formmensagia-export-formmensagia-configuration-formmensagia_login_emailmensagia_login_passwordmensagia_prefix_modeadmin_nameadmin_mobile
HTML Comments
<!-- Mensagia SMS Notification Form --><!-- Mensagia Export Form --><!-- Mensagia Configuration Form -->
Data Attributes
data-mensagia-login-emaildata-mensagia-login-passworddata-mensagia-prefix-modedata-mensagia-admin-namedata-mensagia-admin-mobile
JS Globals
MensagiaSDKMensagiaPrestashopExportMensagiaSMSNotificationMensagiaInstallMensagiaAdminMensagiaHooks+3 more
FAQ

Frequently Asked Questions about Mensagia for WooCommerce