[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fm8zWMaSiXEUFgQsfnqzC6e79LzlDiVSccvF8Tev7ol4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":142},"wp-sms-notifications","WP SMS Notifications","2.1","Jeff Matson","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeffmatson\u002F","\u003Cp>Do you need to keep track of changes made on your WordPress site?  The WP SMS Notifications plugin can easily alert you of changes made within the WordPress dashboard.\u003C\u002Fp>\n\u003Cp>The plugin is useful to not only keep a log of changes as they are made, but to also monitor unwanted logins.  If an attacker were to successfully log into your WordPress dashboard, you will be instantly notified via text message.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Supports both US and international carriers.\u003C\u002Fli>\n\u003Cli>No need for an external API.\u003C\u002Fli>\n\u003Cli>Notifications when a post is changed.\u003C\u002Fli>\n\u003Cli>Notifications when a user logs in.\u003C\u002Fli>\n\u003Cli>Notifications when a plugin is installed or updated.\u003C\u002Fli>\n\u003Cli>Notifications when a theme is installed or updated.\u003C\u002Fli>\n\u003Cli>Fully extensible\u003C\u002Fli>\n\u003C\u002Ful>\n","SMS notifications for WordPress Contributors: JeffMatson Tags: SMS, text messages, notifications Requires at least: 2.8 Tested up to: 4.",10,5189,78,7,"2014-12-04T01:40:00.000Z","",[],"http:\u002F\u002Fjeffmatson.net\u002Fwp-sms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-sms-notifications.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"jeffmatson",4,60,89,30,86,"2026-04-05T09:56:04.519Z",[],{"attackSurface":35,"codeSignals":109,"taintFlows":130,"riskAssessment":131,"analyzedAt":141},{"hooks":36,"ajaxHandlers":105,"restRoutes":106,"shortcodes":107,"cronEvents":108,"entryPointCount":21,"unprotectedCount":21},[37,43,47,51,56,59,62,67,69,70,72,74,76,78,80,84,88,91,96,98,102],{"type":38,"name":39,"callback":40,"priority":11,"file":41,"line":42},"action","upgrader_post_install","wp_sms_plugin_install","alerts\\plugin-install.php",12,{"type":38,"name":39,"callback":44,"priority":11,"file":45,"line":46},"wp_sms_plugin_updated","alerts\\plugin-update.php",11,{"type":38,"name":48,"callback":49,"priority":11,"file":50,"line":11},"transition_post_status","detect_published_post","alerts\\post-publish.php",{"type":38,"name":52,"callback":53,"priority":11,"file":54,"line":55},"post_updated","wp_sms_post_update","alerts\\post-update.php",9,{"type":38,"name":39,"callback":57,"priority":11,"file":58,"line":11},"wp_sms_theme_install","alerts\\theme-install.php",{"type":38,"name":39,"callback":60,"priority":11,"file":61,"line":46},"wp_sms_theme_update","alerts\\theme-update.php",{"type":38,"name":63,"callback":64,"priority":11,"file":65,"line":66},"wp_login","detect_user_login","alerts\\user-login.php",28,{"type":38,"name":48,"callback":49,"priority":11,"file":68,"line":14},"trunk\\alerts\\alerts.php",{"type":38,"name":63,"callback":64,"priority":11,"file":68,"line":42},{"type":38,"name":39,"callback":44,"priority":11,"file":68,"line":71},17,{"type":38,"name":39,"callback":40,"priority":11,"file":68,"line":73},22,{"type":38,"name":52,"callback":53,"priority":11,"file":68,"line":75},27,{"type":38,"name":39,"callback":57,"priority":11,"file":68,"line":77},32,{"type":38,"name":39,"callback":60,"priority":11,"file":68,"line":79},37,{"type":38,"name":81,"callback":82,"file":83,"line":27},"admin_menu","wp_sms_menu","trunk\\wp-sms-options.php",{"type":38,"name":85,"callback":86,"file":83,"line":87},"admin_init","update_wp_sms_settings",21,{"type":38,"name":81,"callback":82,"file":89,"line":90},"wp-sms-options.php",3,{"type":38,"name":92,"callback":93,"file":94,"line":95},"show_user_profile","wp_sms_user_settings","wp-sms-user-settings.php",6,{"type":38,"name":97,"callback":93,"file":94,"line":14},"edit_user_profile",{"type":38,"name":99,"callback":100,"file":94,"line":101},"personal_options_update","wp_sms_save_user",131,{"type":38,"name":103,"callback":100,"file":94,"line":104},"edit_user_profile_update",132,[],[],[],[],{"dangerousFunctions":110,"sqlUsage":111,"outputEscaping":113,"fileOperations":21,"externalRequests":128,"nonceChecks":21,"capabilityChecks":128,"bundledLibraries":129},[],{"prepared":21,"raw":21,"locations":112},[],{"escaped":11,"rawEcho":95,"locations":114},[115,118,120,122,124,126],{"file":83,"line":116,"context":117},80,"raw output",{"file":83,"line":119,"context":117},97,{"file":83,"line":121,"context":117},181,{"file":83,"line":123,"context":117},186,{"file":89,"line":125,"context":117},59,{"file":94,"line":127,"context":117},18,2,[],[],{"summary":132,"deductions":133},"The static analysis of \"wp-sms-notifications\" v2.1 reveals a generally strong security posture with no identified vulnerabilities in its attack surface. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without proper authentication checks is a significant positive. Furthermore, the code demonstrates good practices by exclusively using prepared statements for all SQL queries and having no recorded CVEs, suggesting a history of responsible security management.  The plugin also exhibits proper capability checks, which is crucial for WordPress security.\n\nHowever, there are areas for improvement. The output escaping is only 63% proper, meaning a portion of the plugin's output is not being sanitized, potentially opening it up to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved. The presence of external HTTP requests without further context is also a minor concern, as these could be a vector for injection if not handled carefully. The complete lack of taint analysis data and nonce checks, while not explicitly indicating a problem in this specific analysis, leaves a gap in a comprehensive security review and might suggest an incomplete static analysis or a lack of potentially vulnerable code paths that would trigger taint analysis.",[134,137,139],{"reason":135,"points":136},"Output escaping is not fully implemented",5,{"reason":138,"points":90},"No taint analysis data provided",{"reason":140,"points":136},"No nonce checks found","2026-03-17T01:23:00.528Z",{"wat":143,"direct":152},{"assetPaths":144,"generatorPatterns":147,"scriptPaths":148,"versionParams":149},[145,146],"\u002Fwp-content\u002Fplugins\u002Fwp-sms-notifications\u002Falerts\u002Falerts.css","\u002Fwp-content\u002Fplugins\u002Fwp-sms-notifications\u002Falerts\u002Falerts.js",[],[146],[150,151],"wp-sms-notifications\u002Falerts\u002Falerts.css?ver=","wp-sms-notifications\u002Falerts\u002Falerts.js?ver=",{"cssClasses":153,"htmlComments":155,"htmlAttributes":156,"restEndpoints":159,"jsGlobals":160,"shortcodeOutput":161},[154],"wp_sms_allowed",[],[157,158],"name=\"wp_sms_allowed_\"","value=\"1\"",[],[],[]]