Does BulkGate SMS Plugin for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in BulkGate SMS Plugin for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BulkGate SMS Plugin for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, BulkGate SMS Plugin for WooCommerce 3.0.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is BulkGate SMS Plugin for WooCommerce compatible with PHP 7.4+?

BulkGate SMS Plugin for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BulkGate SMS Plugin for WooCommerce updated?

BulkGate SMS Plugin for WooCommerce was last updated on Jul 16, 2025. Frequent updates are generally a positive security signal.

What is BulkGate SMS Plugin for WooCommerce's security score?

BulkGate SMS Plugin for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BulkGate SMS Plugin for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woosms-sms-module-for-woocommerce

SMS and Viber plugin for WooCommerce. Order status notifications, personalized Bulk SMS and Viber campaigns, 2-way messaging and admin alerts.

1K active installs v3.0.6 PHP 7.4+ WP 5.7+ Updated Jul 16, 2025

customer-notificationorder-notificationsmssms-notifications

A · Safe

CVEs total1

Unpatched0

Last CVEDec 27, 2023

Plugin page Download

Safety Verdict

Is BulkGate SMS Plugin for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

BulkGate SMS Plugin for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 27, 2023Updated 8mo ago

Risk Assessment

The plugin "woosms-sms-module-for-woocommerce" v3.0.6 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and includes nonce and capability checks for some entry points, several critical concerns remain. A significant portion of its attack surface, specifically all four identified AJAX handlers, lacks proper authorization checks. This presents a substantial risk for unauthorized actions to be performed by unauthenticated users.

The static analysis also indicates a concerning level of output escaping, with only 54% of outputs being properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered without sufficient sanitization. The absence of taint analysis results for this version is noted, though the historical data is more telling.

The vulnerability history reveals one past medium-severity vulnerability, with a pattern of "Missing Authorization." The recency of this vulnerability (2023-12-27) suggests that the developers may still be addressing such issues. Despite the presence of some good security practices, the unprotected AJAX handlers and incomplete output escaping, coupled with past authorization issues, indicate a need for significant security improvements to mitigate potential risks.

Key Concerns

AJAX handlers without authorization checks
Insufficient output escaping
Past medium vulnerability (Missing Authorization)

Vulnerabilities

BulkGate SMS Plugin for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-51679medium · 4.3Missing Authorization

BulkGate SMS Plugin for WooCommerce <= 3.0.2 - Missing Authorization via Multiple AJAX Actions

Dec 27, 2023 Patched in 3.0.3 (27d)

Code Analysis

Analyzed Mar 16, 2026

BulkGate SMS Plugin for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

54% escaped13 total outputs

Attack Surface

4 unprotected

BulkGate SMS Plugin for WooCommerce Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_authenticatesrc\Template\Init.php:50

authwp_ajax_loginsrc\Template\Init.php:55

authwp_ajax_logout_modulesrc\Template\Init.php:64

authwp_ajax_save_module_settingssrc\Template\Init.php:68

WordPress Hooks 23

actioninitsrc\Event\AssetDispatcher.php:23

filterscript_loader_tagsrc\Event\AssetDispatcher.php:27

filterquery_varssrc\Event\AssetDispatcher.php:32

actiontemplate_redirectsrc\Event\AssetDispatcher.php:34

filtercron_schedulessrc\Event\Cron.php:24

actioninitsrc\Event\Cron.php:39

actionwoocommerce_order_status_changedsrc\Event\Hook.php:21

actionwoocommerce_checkout_order_createdsrc\Event\Hook.php:47

actionwoocommerce_created_customersrc\Event\Hook.php:54

actionwoocommerce_payment_completesrc\Event\Hook.php:62

actionwoocommerce_low_stocksrc\Event\Hook.php:70

actionwoocommerce_no_stocksrc\Event\Hook.php:77

actionwoocommerce_product_on_backordersrc\Event\Hook.php:84

actionwoosms_send_smssrc\Event\Hook.php:92

actionbulkgate_send_smssrc\Event\Hook.php:93

actionwoocommerce_review_order_before_submitsrc\Event\OrderForm.php:66

filterquery_varssrc\Event\Redirect.php:21

actiontemplate_redirectsrc\Event\Redirect.php:23

actionadmin_menusrc\Template\Init.php:20

filterplugin_action_linkssrc\Template\Init.php:38

filterplugin_row_metasrc\Template\Init.php:39

actionadd_meta_boxessrc\Template\Init.php:42

actioninitwoosms-sms-module-for-woocommerce.php:60

Maintenance & Trust

BulkGate SMS Plugin for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 16, 2025

PHP min version7.4

Downloads73K

Community Trust

Rating82/100

Number of ratings12

Active installs1K

Alternatives

BulkGate SMS Plugin for WooCommerce Alternatives

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K 15 CVEs

miniOrange OTP Login, Verification and SMS Notifications

miniorange-otp-verification

100

OTP Verification via Email/SMS/WhatsApp,SMS Notifications for WooCommerce,OTP Login with Phone,PasswordLess Login.Custom Gateway for OTP Verification

6K 1 CVE

افزونه پیامک حرفه ای فراز اس ام اس

farazsms

شما می توانید با استفاده از افزونه فراز اس ام اس، سایت خود را با ابزاری خودکار برای ارسال پیامک و ذخیره شماره در دفترچه تلفن، تقویت کنید.

2K 1 unpatched

ShopMagic – Twilio SMS

shopmagic-for-twilio

100

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind …

800 No CVEs

Ultimate WP Mail

ultimate-wp-mail

Custom email and SMS notifications. Automatic send actions. WPForms SMS integration. WooCommerce notifications for purchases, abandoned cart and more!

800 1 unpatched

Developer Profile

BulkGate SMS Plugin for WooCommerce Developer Profile

BulkGate

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

27 days

View full developer profile

Detection Fingerprints

How We Detect BulkGate SMS Plugin for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woosms-sms-module-for-woocommerce/assets/css/bulkgate.css/wp-content/plugins/woosms-sms-module-for-woocommerce/assets/js/bulkgate.js

Script Paths

/?bulkgate-asynchronous=asset

Version Parameters

/wp-content/plugins/woosms-sms-module-for-woocommerce/assets/css/bulkgate.css?ver=/wp-content/plugins/woosms-sms-module-for-woocommerce/assets/js/bulkgate.js?ver=

HTML / DOM Fingerprints

JS Globals

window.BulkGateDebugwindow.BulkGateDebugUrl

FAQ