WP-Safety

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wp-sms

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

9K active installs v7.2 PHP 7.4+ WP 4.1+ Updated Mar 8, 2026
2fa-authenticationbulk-smsotp-loginsms-notificationswoocommerce-sms
95
A · Safe
CVEs total15
Unpatched0
Last CVEFeb 10, 2026
Plugin page Download
Safety Verdict

Is WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

15 known CVEsLast CVE: Feb 10, 2026Updated 26d ago
Risk Assessment

The "wp-sms" v7.2 plugin exhibits a mixed security posture. While the static analysis reveals a relatively small attack surface with no apparent unprotected entry points and a high percentage of SQL queries using prepared statements and properly escaped output, there are underlying concerns. The presence of two instances of the `unserialize` function is a significant red flag, as it can lead to remote code execution if not handled with extreme caution and proper input sanitization. Furthermore, the vulnerability history is concerning, with a total of 15 known medium-severity CVEs. The pattern of past vulnerabilities, including Missing Authorization, CSRF, SQL Injection, XSS, and Information Exposure, suggests a history of significant security weaknesses that require ongoing vigilance. The fact that the last vulnerability was in 2026-02-10 is peculiar given typical vulnerability timelines and might indicate an error in the provided data, but if accurate, it suggests recent attention to patching. The plugin's strengths lie in its defensive coding practices like extensive capability checks and proper output escaping for the most part, but the historical CVEs and the use of `unserialize` introduce notable risks that cannot be overlooked.

Key Concerns

  • Dangerous function: unserialize used
  • Vulnerability history: 15 medium CVEs
  • Flows with unsanitized paths
Vulnerabilities
15

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
3 CVEs in 2023
2023
8 CVEs in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
15

15 total CVEs

CVE-2026-25343medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 10, 2026 Patched in 7.1.1 (17d)
CVE-2025-62006medium · 4.3Missing Authorization

WP SMS <= 7.0.1 - Missing Authorization

Oct 16, 2025 Patched in 7.0.2 (8d)
CVE-2024-43331medium · 5.3Missing Authorization

WP SMS <= 6.9.3 - Missing Authorization

Aug 16, 2024 Patched in 6.9.4 (7d)
CVE-2024-34811medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP SMS <= 6.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 13, 2024 Patched in 6.5.2 (3d)
CVE-2024-30454medium · 4.3Cross-Site Request Forgery (CSRF)

WP SMS <= 6.6.2 - Cross-Site Request Forgery

Mar 28, 2024 Patched in 6.6.3 (7d)
CVE-2024-25920medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP SMS <= 6.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Feb 14, 2024 Patched in 6.4 (7d)
CVE-2024-24881medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP SMS <= 6.5.2 - Reflected Cross-Site Scripting via 'page'

Feb 5, 2024 Patched in 6.5.3 (4d)
WF-c9141ad3-86cf-47ae-be99-d78f0337f2ca-wp-smsmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP SMS <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 12, 2024 Patched in 6.5.2 (11d)
CVE-2023-6980medium · 4.3Cross-Site Request Forgery (CSRF)

WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion

Jan 2, 2024 Patched in 6.5.1 (210d)
CVE-2023-6981medium · 6.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

Jan 2, 2024 Patched in 6.5.1 (210d)
WF-747afa58-182a-4fb3-bfe3-f15db0b1d85a-wp-smsmedium · 4.3Cross-Site Request Forgery (CSRF)

WP SMS <= 6.1.5 - Cross-Site Request Forgery

Jul 7, 2023 Patched in 6.2.0 (200d)
CVE-2023-32742medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP SMS <= 6.1.4 - Reflected Cross-Site Scripting via 'delete_mobile'

May 15, 2023 Patched in 6.1.5 (253d)
CVE-2023-27447medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WP SMS <= 6.0.4 - Information Disclosure via REST API

Mar 2, 2023 Patched in 6.0.4.1 (327d)
CVE-2021-24561medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP SMS <= 5.4.12 - Authenticated Stored Cross-Site Scripting

Jul 26, 2021 Patched in 5.4.13 (911d)
WF-b597e8a5-043e-440e-aaa2-38fb3eeb0731-wp-smsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc <= 5.4.9 - Reflected Cross-Site Scripting

Jun 30, 2021 Patched in 5.4.9.1 (937d)
Code Analysis
Analyzed Mar 16, 2026

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce Code Analysis

Dangerous Functions
2
Raw SQL Queries
27
136 prepared
Unescaped Output
56
594 escaped
Nonce Checks
8
Capability Checks
35
File Operations
10
External Requests
91
Bundled Libraries
1

Dangerous Functions Found

unserialize$allMedia = unserialize($media);includes\functions.php:118
unserializereturn implode(', ', unserialize($this->subscriber->custom_fields));src\Notification\Handler\SubscriberNotification.php:54

Bundled Libraries

Select2

SQL Query Safety

83% prepared163 total queries

Output Escaping

91% escaped650 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
wpcf7_save_form (includes\class-wpsms-integrations.php:63)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[wp_sms_subscriber_form] src\Shortcode\SubscriberShortcode.php:13
WordPress Hooks 143
actionadmin_bar_menuincludes\admin\class-wpsms-admin.php:25
actiondashboard_glance_itemsincludes\admin\class-wpsms-admin.php:26
filterplugin_row_metaincludes\admin\class-wpsms-admin.php:29
filteradmin_body_classincludes\admin\class-wpsms-admin.php:30
filteradmin_footer_textincludes\admin\class-wpsms-admin.php:31
filterupdate_footerincludes\admin\class-wpsms-admin.php:32
actionadmin_initincludes\admin\settings\class-wpsms-settings.php:78
filterpre_update_option_wpsms_settingsincludes\admin\settings\class-wpsms-settings.php:87
actionrest_api_initincludes\api\v1\class-wpsms-api-addons.php:27
actionrest_api_initincludes\api\v1\class-wpsms-api-admin-notices.php:46
actionrest_api_initincludes\api\v1\class-wpsms-api-credit.php:20
actionrest_api_initincludes\api\v1\class-wpsms-api-groups.php:25
actionrest_api_initincludes\api\v1\class-wpsms-api-newsletter.php:29
actionrest_api_initincludes\api\v1\class-wpsms-api-notifications.php:28
actionrest_api_initincludes\api\v1\class-wpsms-api-outbox.php:26
actionrest_api_initincludes\api\v1\class-wpsms-api-privacy.php:27
actionrest_api_initincludes\api\v1\class-wpsms-api-send.php:74
actionrest_api_initincludes\api\v1\class-wpsms-api-settings.php:56
actionrest_api_initincludes\api\v1\class-wpsms-api-subscribers.php:28
actionrest_api_initincludes\api\v1\class-wpsms-api-webhook.php:22
actionadmin_bar_menuincludes\class-front.php:13
actionwp_enqueue_scriptsincludes\class-wpsms-features.php:19
actionadmin_enqueue_scriptsincludes\class-wpsms-features.php:20
actionlogin_enqueue_scriptsincludes\class-wpsms-features.php:21
actionshow_user_profileincludes\class-wpsms-features.php:45
actionedit_user_profileincludes\class-wpsms-features.php:46
filterwp_sms_toincludes\class-wpsms-gateway.php:206
filterwp_sms_toincludes\class-wpsms-gateway.php:211
filterwp_sms_toincludes\class-wpsms-gateway.php:216
filterwp_sms_toincludes\class-wpsms-gateway.php:224
actionwp_sms_log_after_saveincludes\class-wpsms-gateway.php:227
actionwp_sms_after_gatewayincludes\class-wpsms-gateway.php:299
filterwp_sms_gateway_settingsincludes\class-wpsms-gateway.php:312
actionwpmu_new_blogincludes\class-wpsms-install.php:18
filterwpmu_drop_tablesincludes\class-wpsms-install.php:19
actionplugins_loadedincludes\class-wpsms-install.php:22
filterwpcf7_editor_panelsincludes\class-wpsms-integrations.php:23
actionwpcf7_after_saveincludes\class-wpsms-integrations.php:24
actionwpcf7_before_send_mailincludes\class-wpsms-integrations.php:25
actionwp_loadedincludes\class-wpsms-newsletter.php:25
actioninitincludes\class-wpsms-notifications.php:56
actionuser_registerincludes\class-wpsms-notifications.php:95
actionwp_insert_commentincludes\class-wpsms-notifications.php:105
actionwp_loginincludes\class-wpsms-notifications.php:115
actionadd_meta_boxesincludes\class-wpsms-notifications.php:125
actionwp_insert_postincludes\class-wpsms-notifications.php:126
actionfuture_to_publishincludes\class-wpsms-notifications.php:127
actiontransition_post_statusincludes\class-wpsms-notifications.php:128
actiontransition_post_statusincludes\class-wpsms-notifications.php:142
actionplugins_loadedincludes\class-wpsms.php:57
actioninitincludes\class-wpsms.php:105
actioninitincludes\class-wpsms.php:195
filteradmin_footer_textsrc\Admin\AdminManager.php:23
filterupdate_footersrc\Admin\AdminManager.php:24
actionadmin_noticessrc\Admin\AdminManager.php:29
actionadmin_initsrc\Admin\AdminManager.php:30
actionadmin_initsrc\Admin\AdminManager.php:31
filtercron_schedulessrc\Admin\AnonymizedUsageData\AnonymizedUsageDataManager.php:21
filterwp_sms_enable_upgrade_to_bundlesrc\Admin\LicenseManagement\LicenseManagementManager.php:38
actioninitsrc\Admin\LicenseManagement\LicenseManagementManager.php:39
actioninitsrc\Admin\LicenseManagement\LicenseManagementManager.php:58
actionadmin_initsrc\Admin\Notification\NotificationManager.php:17
filterdebug_informationsrc\Admin\SiteHealthInfo.php:18
filterwp_sms_send_sms_responsesrc\BackgroundProcess\SmsDispatcher.php:89
actioninitsrc\Blocks\BlockAssetsManager.php:16
actionblock_categories_allsrc\Blocks\BlockAssetsManager.php:17
actionadmin_noticessrc\Blocks\BlockAssetsManager.php:32
actionadmin_initsrc\Notice\NoticeManager.php:23
actionadmin_noticessrc\Notice\NoticeManager.php:24
actionadmin_noticessrc\Notice\NoticeManager.php:27
actionwp_sms_pro_before_content_rendersrc\Notice\NoticeManager.php:30
actionwp_sms_woocommerce_pro_before_content_rendersrc\Notice\NoticeManager.php:33
actionwp_sms_two_way_before_content_rendersrc\Notice\NoticeManager.php:36
actionwp_sms_addon_two_way_before_content_rendersrc\Notice\NoticeManager.php:37
actionwp_sms_addon_fluent_crm_before_content_rendersrc\Notice\NoticeManager.php:40
actionwp_sms_addon_fluent_forms_before_content_rendersrc\Notice\NoticeManager.php:41
actionwp_sms_addon_fluent_support_before_content_rendersrc\Notice\NoticeManager.php:42
actionwp_sms_addon_paid_membership_pro_before_content_rendersrc\Notice\NoticeManager.php:45
actionwp_sms_addon_simple_membership_before_content_rendersrc\Notice\NoticeManager.php:46
actionwp_sms_addon_booking_integrations_woo_bookings_before_content_rendersrc\Notice\NoticeManager.php:49
actionwp_sms_addon_booking_integrations_bookingpress_before_content_rendersrc\Notice\NoticeManager.php:50
actionwp_sms_addon_booking_integrations_booking_calendar_before_content_rendersrc\Notice\NoticeManager.php:51
actionwp_sms_addon_booking_integrations_woo_appointments_before_content_rendersrc\Notice\NoticeManager.php:52
actionadmin_enqueue_scriptssrc\Service\Assets\Handlers\AdminHandler.php:22
actionadmin_enqueue_scriptssrc\Service\Assets\Handlers\AdminHandler.php:23
actionadmin_enqueue_scriptssrc\Service\Assets\Handlers\DashboardHandler.php:21
filterscript_loader_tagsrc\Service\Assets\Handlers\DashboardHandler.php:146
actionadmin_headsrc\Service\Assets\Handlers\DashboardHandler.php:189
actionwp_enqueue_scriptssrc\Service\Assets\Handlers\FrontendHandler.php:24
actionwp_enqueue_scriptssrc\Service\Assets\Handlers\FrontendHandler.php:25
actioninitsrc\Services\CronJobs\WeeklyReport.php:14
actionwp_sms_admin_email_reportsrc\Services\CronJobs\WeeklyReport.php:15
filterfrm_pre_create_entrysrc\Services\Formidable\Formidable.php:19
actionfrm_after_create_entrysrc\Services\Formidable\Formidable.php:20
filterwp_sms_registered_integration_tabssrc\Services\Formidable\FormidableManager.php:18
filterwp_sms_formidable_settingssrc\Services\Formidable\FormidableManager.php:22
filterfrm_add_form_settings_sectionsrc\Services\Formidable\FormidableManager.php:27
filterfrm_form_options_before_updatesrc\Services\Formidable\FormidableManager.php:28
actionforminator_form_draft_after_save_entrysrc\Services\Forminator\Forminator.php:17
actionforminator_form_after_save_entrysrc\Services\Forminator\Forminator.php:18
filterwp_sms_registered_integration_tabssrc\Services\Forminator\ForminatorManager.php:14
filterwp_sms_forminator_settingssrc\Services\Forminator\ForminatorManager.php:19
actionwp_enqueue_scriptssrc\Services\MessageButton\MessageButtonManager.php:21
actionwp_footersrc\Services\MessageButton\MessageButtonManager.php:22
actionadmin_initsrc\Services\MessageButton\MessageButtonManager.php:25
actionadmin_enqueue_scriptssrc\Services\MessageButton\MessageButtonManager.php:33
actionadmin_footersrc\Services\MessageButton\MessageButtonManager.php:34
actionwp_sms_add_subscribersrc\Services\Subscriber\SubscriberManager.php:14
actionwp_sms_verify_subscribersrc\Services\Subscriber\SubscriberManager.php:15
actionadd_meta_boxessrc\Services\WooCommerce\OrderViewManager.php:16
filterwpsms_woocommerce_order_opt_in_notificationsrc\Services\WooCommerce\WooCommerceCheckout.php:18
actionwoocommerce_initsrc\Services\WooCommerce\WooCommerceCheckout.php:21
actionwoocommerce_set_additional_field_valuesrc\Services\WooCommerce\WooCommerceCheckout.php:26
actionwoocommerce_review_order_before_submitsrc\Services\WooCommerce\WooCommerceCheckout.php:30
actionwoocommerce_checkout_order_processedsrc\Services\WooCommerce\WooCommerceCheckout.php:31
actionwoocommerce_admin_order_data_after_billing_addresssrc\Services\WooCommerce\WooCommerceCheckout.php:32
actionwoocommerce_validate_additional_fieldsrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:19
actionwoocommerce_set_additional_field_valuesrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:20
filterwoocommerce_billing_fieldssrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:24
actionwoocommerce_after_save_address_validationsrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:25
filterwoocommerce_customer_meta_fieldssrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:28
filterwoocommerce_checkout_fieldssrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:31
actionwoocommerce_after_checkout_validationsrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:32
actionwoocommerce_checkout_order_processedsrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:33
actionupdate_user_metadatasrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:36
filterwoocommerce_admin_billing_fieldssrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:39
actionwoocommerce_process_shop_order_metasrc\User\MobileFieldHandler\WooCommerceAddMobileFieldHandler.php:40
filterwoocommerce_checkout_fieldssrc\User\MobileFieldHandler\WooCommerceUsePhoneFieldHandler.php:14
filterwoocommerce_admin_billing_fieldssrc\User\MobileFieldHandler\WooCommerceUsePhoneFieldHandler.php:15
filterwoocommerce_customer_meta_fieldssrc\User\MobileFieldHandler\WooCommerceUsePhoneFieldHandler.php:16
actionupdate_user_metadatasrc\User\MobileFieldHandler\WooCommerceUsePhoneFieldHandler.php:18
filterwoocommerce_checkout_posted_datasrc\User\MobileFieldHandler\WooCommerceUsePhoneFieldHandler.php:19
actionuser_new_formsrc\User\MobileFieldHandler\WordPressMobileFieldHandler.php:14
filterwp_sms_user_profile_fieldssrc\User\MobileFieldHandler\WordPressMobileFieldHandler.php:15
actionregister_formsrc\User\MobileFieldHandler\WordPressMobileFieldHandler.php:17
filterregistration_errorssrc\User\MobileFieldHandler\WordPressMobileFieldHandler.php:18
actionuser_profile_update_errorssrc\User\MobileFieldHandler\WordPressMobileFieldHandler.php:20
actionupdate_user_metadatasrc\User\MobileFieldHandler\WordPressMobileFieldHandler.php:21
actionuser_registersrc\User\MobileFieldHandler\WordPressMobileFieldHandler.php:23
actionprofile_updatesrc\User\MobileFieldHandler\WordPressMobileFieldHandler.php:24
filterwp_send_new_user_notification_to_usersrc\User\RegisterUserViaPhone.php:42
actionadmin_menusrc\Utils\MenuUtil.php:26
actionwp_dashboard_setupsrc\Widget\AbstractWidget.php:69

Scheduled Events 1

wp_sms_admin_email_report
Maintenance & Trust

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 8, 2026
PHP min version7.4
Downloads730K

Community Trust

Rating82/100
Number of ratings105
Active installs9K
Alternatives

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce Alternatives

Ultimate SMS Notifications – Messaging, Alerts & OTP

Ultimate SMS Notifications – Messaging, Alerts & OTP

ultimate-sms

A
100

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

10 No CVEs
miniOrange OTP Login, Verification and SMS Notifications

miniOrange OTP Login, Verification and SMS Notifications

miniorange-otp-verification

A
100

OTP Verification via Email/SMS/WhatsApp,SMS Notifications for WooCommerce,OTP Login with Phone,PasswordLess Login.Custom Gateway for OTP Verification

6K 1 CVE
Branded SMS Pakistan

Branded SMS Pakistan

branded-sms-pakistan

A
100

Branded SMS Pakistan - WooCommerce plugin will allow you to send Branded or Short Code SMS notification automatically for orders placed in WooCommerce &hellip;

50 No CVEs
Turbo SMS

Turbo SMS

turbo-sms

A
85

Add Instant Order Status SMS Notifications Feature To Your Site

10 No CVEs
Bulk SMS – SMSNET24

Bulk SMS – SMSNET24

bulk-sms-smsnet24

A
85

SMSNET24.Com is a BULK SMS Service of DigitalLab. Bulk SMS is widely used in Bank, School,College, Universiy, Govt., Non Govt organization world wide.

0 No CVEs
Developer Profile

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce Developer Profile

VeronaLabs

4 plugins · 689K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
961 days
View full developer profile
Detection Fingerprints

How We Detect WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-sms/public/css/intlTelInput.min.css/wp-content/plugins/wp-sms/public/js/intel/intlTelInput.min.js/wp-content/plugins/wp-sms/public/js/intel/intel-script.js/wp-content/plugins/wp-sms/public/js/intel/utils.js
Script Paths
/wp-content/plugins/wp-sms/public/js/intel/intel-script.js
Version Parameters
wp-sms/public/css/intlTelInput.min.css?ver=wp-sms/public/js/intel/intlTelInput.min.js?ver=wp-sms/public/js/intel/intel-script.js?ver=wp-sms/public/js/intel/utils.js?ver=

HTML / DOM Fingerprints

CSS Classes
iti__flagiti__selected-flagiti__arrowiti__country-listiti__countryiti__dial-codeiti__responsive-flagwpsms-user-profile-fields
HTML Comments
<!-- WP SMS User Profile Fields --><!-- WP SMS Newsletter Form -->
Data Attributes
data-intl-tel-input-id
JS Globals
wp_sms_intel_tel_input
REST Endpoints
/wp-json/wp-sms/v1/settings/wp-json/wp-sms/v1/gateway/wp-json/wp-sms/v1/gateways/wp-json/wp-sms/v1/subscribers/wp-json/wp-sms/v1/template/wp-json/wp-sms/v1/templates/wp-json/wp-sms/v1/send
Shortcode Output
[wp_sms_subscriber_form][wp_sms_gateway_form][wp_sms_template_form][wp_sms_test_sms_form]
FAQ

Frequently Asked Questions about WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce