Does VatanSMS WP SMS have any unpatched vulnerabilities?

No. All known vulnerabilities in VatanSMS WP SMS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VatanSMS WP SMS compatible with WordPress 5.5.18?

According to WordPress.org data, VatanSMS WP SMS 1.01 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is VatanSMS WP SMS compatible with PHP 5.6.0+?

VatanSMS WP SMS requires PHP 5.6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is VatanSMS WP SMS updated?

VatanSMS WP SMS was last updated on Nov 5, 2020. Frequent updates are generally a positive security signal.

What is VatanSMS WP SMS's security score?

VatanSMS WP SMS has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VatanSMS WP SMS Security Review — Score 85/100 (safe)

Safety Verdict

Is VatanSMS WP SMS Safe to Use in 2026?

Generally Safe

Score 85/100

VatanSMS WP SMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The wp-sms-vatansms-com plugin exhibits a mixed security posture. While it has no recorded historical vulnerabilities and demonstrates some good practices like using prepared statements for the majority of its SQL queries and implementing capability checks, there are significant areas of concern. The presence of two unprotected AJAX handlers represents a substantial attack surface, as these entry points can be accessed by unauthenticated users, potentially leading to unauthorized actions. The taint analysis reveals a high number of flows with unsanitized paths, with 8 marked as high severity, indicating a strong possibility of exploitable vulnerabilities even in the absence of known CVEs.

The lack of historical vulnerabilities might suggest good development practices in the past or a lack of focused exploitation, but it doesn't negate the current risks identified. The high percentage of unsanitized paths in the taint analysis is a critical red flag. Combined with the unprotected AJAX endpoints, this suggests that attackers could potentially inject malicious data or execute arbitrary code. The plugin also shows poor output escaping practices, with only 20% of outputs being properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

Unprotected AJAX handlers found
High number of unsanitized taint flows (8 high)
Low percentage of properly escaped output
Unprotected AJAX handlers (2 without auth)

Vulnerabilities

None known

VatanSMS WP SMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

VatanSMS WP SMS Code Analysis

Dangerous Functions

0

Raw SQL Queries

28

40 prepared

Unescaped Output

101

26 escaped

Nonce Checks

2

Capability Checks

4

File Operations

3

External Requests

2

Bundled Libraries

1

Bundled Libraries

jQuery

SQL Query Safety

59% prepared68 total queries

Output Escaping

20% escaped127 total outputs

Data Flows

24 unsanitized

Data Flow Analysis

25 flows24 with unsanitized paths

wp_sms_edit_group (includes\admin\groups\class-wpsms-groups-table-edit.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

VatanSMS WP SMS Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_wp_sms_edit_groupincludes\admin\groups\class-wpsms-groups-table-edit.php:21

authwp_ajax_wp_sms_edit_subscriberincludes\admin\subscribers\class-wpsms-subscribers-table-edit.php:21

Shortcodes 1

[wp-sms-subscriber-form] includes\class-wpsms-shortcode.php:14

WordPress Hooks 68

actionadmin_enqueue_scriptsincludes\admin\class-wpsms-admin.php:21

actionadmin_bar_menuincludes\admin\class-wpsms-admin.php:22

actiondashboard_glance_itemsincludes\admin\class-wpsms-admin.php:23

actionadmin_menuincludes\admin\class-wpsms-admin.php:24

actionwp_sms_settings_pageincludes\admin\class-wpsms-admin.php:270

actionwp_sms_pro_after_setting_logoincludes\admin\class-wpsms-version.php:22

actionadmin_noticesincludes\admin\class-wpsms-version.php:26

actionadmin_noticesincludes\admin\class-wpsms-version.php:31

filterwp_sms_pro_wp_settingsincludes\admin\class-wpsms-version.php:32

filterwp_sms_pro_bp_settingsincludes\admin\class-wpsms-version.php:33

filterwp_sms_pro_wc_settingsincludes\admin\class-wpsms-version.php:34

filterwp_sms_pro_gf_settingsincludes\admin\class-wpsms-version.php:35

filterwp_sms_pro_qf_settingsincludes\admin\class-wpsms-version.php:36

filterwp_sms_pro_edd_settingsincludes\admin\class-wpsms-version.php:37

filterwp_sms_job_settingsincludes\admin\class-wpsms-version.php:38

filterwp_sms_as_settingsincludes\admin\class-wpsms-version.php:39

filterwp_sms_pro_um_settingsincludes\admin\class-wpsms-version.php:40

filterplugin_row_metaincludes\admin\class-wpsms-version.php:43

actionadmin_enqueue_scriptsincludes\admin\class-wpsms-version.php:44

actionwp_sms_pro_after_setting_logoincludes\admin\class-wpsms-version.php:45

actionwp_sms_after_setting_logoincludes\admin\class-wpsms-version.php:46

filterwpsms_gateway_listincludes\admin\class-wpsms-version.php:47

filterscreen_layout_columnsincludes\admin\privacy\class-wpsms-privacy-actions.php:20

actionadmin_noticesincludes\admin\privacy\class-wpsms-privacy-actions.php:22

actionadmin_initincludes\admin\privacy\class-wpsms-privacy-actions.php:23

actionpre_user_queryincludes\admin\send\class-wpsms-send.php:85

actionadmin_menuincludes\admin\settings\class-wpsms-settings.php:23

actionadmin_initincludes\admin\settings\class-wpsms-settings.php:26

actionadmin_menuincludes\admin\welcome\class-wpsms-welcome.php:9

actionupgrader_process_completeincludes\admin\welcome\class-wpsms-welcome.php:10

actionadmin_initincludes\admin\welcome\class-wpsms-welcome.php:11

actionrest_api_initincludes\api\v1\class-wpsms-api-credit.php:18

actionrest_api_initincludes\api\v1\class-wpsms-api-newsletter.php:18

actionrest_api_initincludes\api\v1\class-wpsms-api-send.php:18

actionrest_api_initincludes\api\v1\class-wpsms-api-subscribers.php:18

actionwp_enqueue_scriptsincludes\class-front.php:16

actionadmin_bar_menuincludes\class-front.php:17

actionuser_new_formincludes\class-wpsms-features.php:31

filteruser_contactmethodsincludes\class-wpsms-features.php:32

actionregister_formincludes\class-wpsms-features.php:33

filterregistration_errorsincludes\class-wpsms-features.php:34

actionuser_registerincludes\class-wpsms-features.php:35

actionuser_registerincludes\class-wpsms-features.php:37

actionprofile_updateincludes\class-wpsms-features.php:38

actionwp_enqueue_scriptsincludes\class-wpsms-features.php:41

actionadmin_enqueue_scriptsincludes\class-wpsms-features.php:42

actionlogin_enqueue_scriptsincludes\class-wpsms-features.php:43

filterwp_sms_toincludes\class-wpsms-gateway.php:36

filterwp_sms_toincludes\class-wpsms-gateway.php:44

actionwp_sms_after_gatewayincludes\class-wpsms-gateway.php:97

filterwp_sms_gateway_settingsincludes\class-wpsms-gateway.php:115

actionwpmu_new_blogincludes\class-wpsms-install.php:12

filterwpmu_drop_tablesincludes\class-wpsms-install.php:13

filterwpcf7_editor_panelsincludes\class-wpsms-integrations.php:27

actionwpcf7_after_saveincludes\class-wpsms-integrations.php:28

actionwpcf7_before_send_mailincludes\class-wpsms-integrations.php:29

actionwoocommerce_new_orderincludes\class-wpsms-integrations.php:34

actionedd_complete_purchaseincludes\class-wpsms-integrations.php:39

actionwp_enqueue_scriptsincludes\class-wpsms-newsletter.php:21

actionadd_meta_boxesincludes\class-wpsms-notifications.php:42

actionpublish_postincludes\class-wpsms-notifications.php:43

actionuser_registerincludes\class-wpsms-notifications.php:72

actionwp_insert_commentincludes\class-wpsms-notifications.php:76

actionwp_loginincludes\class-wpsms-notifications.php:80

actiontransition_post_statusincludes\class-wpsms-notifications.php:86

actionwidgets_initincludes\class-wpsms-widget.php:21

actionplugins_loadedincludes\class-wpsms.php:13

actioninitincludes\class-wpsms.php:30

Maintenance & Trust

VatanSMS WP SMS Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedNov 5, 2020

PHP min version5.6.0

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

VatanSMS WP SMS Alternatives

VatanSMS.NET

vatansms-net

A

92

Kullanım Detayları

10 No CVEs

Newsletters, Email Marketing, SMS and Popups by Omnisend

omnisend

A

100

Newsletters, Email Marketing, Email Automation, Forms, Pop Up, SMS by Omnisend

100K No CVEs

Email Marketing for WooCommerce by Omnisend

omnisend-connect

A

99

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend

60K 2 CVEs

افزونه پیامک ووکامرس Persian WooCommerce SMS

persian-woocommerce-sms

B

72

افزونه کامل و حرفه ای برای اطلاع رسانی پیامکی سفارشات و رویداد های محصولات ووکامرس

50K 1 unpatched

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A

93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs

Developer Profile

VatanSMS WP SMS Developer Profile

Vatan Yazılım ve Haberleşme

2 plugins · 30 total installs

86

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VatanSMS WP SMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-sms-vatansms-com/assets/css/admin-bar.css/wp-content/plugins/wp-sms-vatansms-com/assets/css/admin.css/wp-content/plugins/wp-sms-vatansms-com/assets/css/rtl.css/wp-content/plugins/wp-sms-vatansms-com/assets/css/chosen.min.css/wp-content/plugins/wp-sms-vatansms-com/assets/js/chosen.jquery.min.js/wp-content/plugins/wp-sms-vatansms-com/assets/js/jquery.word-and-character-counter.min.js/wp-content/plugins/wp-sms-vatansms-com/assets/js/jquery.repeater.min.js/wp-content/plugins/wp-sms-vatansms-com/assets/js/admin.js+4 more

Script Paths

/wp-content/plugins/wp-sms-vatansms-com/assets/js/chosen.jquery.min.js/wp-content/plugins/wp-sms-vatansms-com/assets/js/jquery.word-and-character-counter.min.js/wp-content/plugins/wp-sms-vatansms-com/assets/js/jquery.repeater.min.js/wp-content/plugins/wp-sms-vatansms-com/assets/js/admin.js/wp-content/plugins/wp-sms-vatansms-com/assets/js/flatpickr.min.js/wp-content/plugins/wp-sms-vatansms-com/assets/js/edit-subscriber.js+1 more

Version Parameters

wp-sms-admin-bar?ver=wp-sms-admin?ver=wp-sms-rtl?ver=wp-sms-chosen?ver=wpsms-chosen?ver=wpsms-word-and-character-counter?ver=wpsms-repeater?ver=wpsms-admin?ver=jquery-flatpickr?ver=jquery-flatpickr?ver=

HTML / DOM Fingerprints

CSS Classes

wpsms-subscribe-countwpsms-credit-count

Data Attributes

id="wp-credit-sms"id="wp-send-sms"id="wp-sms-subscribers-privacy"

JS Globals

wp_sms_edit_subscribe_ajax_vars

FAQ

VatanSMS WP SMS Security & Risk Analysis

Is VatanSMS WP SMS Safe to Use in 2026?

Generally Safe

Key Concerns

VatanSMS WP SMS Security Vulnerabilities

VatanSMS WP SMS Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

VatanSMS WP SMS Attack Surface

AJAX Handlers 2

Shortcodes 1

VatanSMS WP SMS Maintenance & Trust

Maintenance Signals

Community Trust

VatanSMS WP SMS Alternatives

VatanSMS.NET

Newsletters, Email Marketing, SMS and Popups by Omnisend

Email Marketing for WooCommerce by Omnisend

افزونه پیامک ووکامرس Persian WooCommerce SMS

Brevo for WooCommerce

VatanSMS WP SMS Developer Profile

How We Detect VatanSMS WP SMS

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about VatanSMS WP SMS