Does WP SMS Notifications have any unpatched vulnerabilities?

No. All known vulnerabilities in WP SMS Notifications have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is WP SMS Notifications updated?

WP SMS Notifications was last updated on Dec 4, 2014. Frequent updates are generally a positive security signal.

What is WP SMS Notifications's security score?

WP SMS Notifications has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP SMS Notifications Security & Risk Analysis

wordpress.org/plugins/wp-sms-notifications

SMS notifications for WordPress Contributors: JeffMatson Tags: SMS, text messages, notifications Requires at least: 2.8 Tested up to: 4.

10 active installs v2.1 PHP + WP + Updated Dec 4, 2014

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP SMS Notifications Safe to Use in 2026?

Generally Safe

Score 85/100

WP SMS Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The static analysis of "wp-sms-notifications" v2.1 reveals a generally strong security posture with no identified vulnerabilities in its attack surface. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without proper authentication checks is a significant positive. Furthermore, the code demonstrates good practices by exclusively using prepared statements for all SQL queries and having no recorded CVEs, suggesting a history of responsible security management. The plugin also exhibits proper capability checks, which is crucial for WordPress security.

However, there are areas for improvement. The output escaping is only 63% proper, meaning a portion of the plugin's output is not being sanitized, potentially opening it up to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved. The presence of external HTTP requests without further context is also a minor concern, as these could be a vector for injection if not handled carefully. The complete lack of taint analysis data and nonce checks, while not explicitly indicating a problem in this specific analysis, leaves a gap in a comprehensive security review and might suggest an incomplete static analysis or a lack of potentially vulnerable code paths that would trigger taint analysis.

Key Concerns

Output escaping is not fully implemented
No taint analysis data provided
No nonce checks found

Vulnerabilities

None known

WP SMS Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP SMS Notifications Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

63% escaped16 total outputs

Attack Surface

WP SMS Notifications Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 21

actionupgrader_post_installalerts\plugin-install.php:12

actionupgrader_post_installalerts\plugin-update.php:11

actiontransition_post_statusalerts\post-publish.php:10

actionpost_updatedalerts\post-update.php:9

actionupgrader_post_installalerts\theme-install.php:10

actionupgrader_post_installalerts\theme-update.php:11

actionwp_loginalerts\user-login.php:28

actiontransition_post_statustrunk\alerts\alerts.php:7

actionwp_logintrunk\alerts\alerts.php:12

actionupgrader_post_installtrunk\alerts\alerts.php:17

actionupgrader_post_installtrunk\alerts\alerts.php:22

actionpost_updatedtrunk\alerts\alerts.php:27

actionupgrader_post_installtrunk\alerts\alerts.php:32

actionupgrader_post_installtrunk\alerts\alerts.php:37

actionadmin_menutrunk\wp-sms-options.php:4

actionadmin_inittrunk\wp-sms-options.php:21

actionadmin_menuwp-sms-options.php:3

actionshow_user_profilewp-sms-user-settings.php:6

actionedit_user_profilewp-sms-user-settings.php:7

actionpersonal_options_updatewp-sms-user-settings.php:131

actionedit_user_profile_updatewp-sms-user-settings.php:132

Maintenance & Trust

WP SMS Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedDec 4, 2014

PHP min version

Downloads5K

Community Trust

Rating78/100

Number of ratings7

Active installs10

Alternatives

WP SMS Notifications Alternatives

No alternatives data available yet.

Developer Profile

WP SMS Notifications Developer Profile

Jeff Matson

4 plugins · 60 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP SMS Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-sms-notifications/alerts/alerts.css/wp-content/plugins/wp-sms-notifications/alerts/alerts.js

Script Paths

/wp-content/plugins/wp-sms-notifications/alerts/alerts.js

Version Parameters

wp-sms-notifications/alerts/alerts.css?ver=wp-sms-notifications/alerts/alerts.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp_sms_allowed

Data Attributes

name="wp_sms_allowed_"value="1"

FAQ