WP-Safety

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Security & Risk Analysis

wordpress.org/plugins/wp-twilio-core

Send SMS, OTP & 2FA notifications from WordPress via Twilio. Includes automated alerts, bulk messaging, and integrations with popular plugins.

2K active installs v2.0.0 PHP 5.6+ WP 4.2+ Updated Dec 15, 2025
notificationssmssms-plugintwiliowoocommerce-sms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The wp-twilio-core plugin version 2.0.0 exhibits a strong security posture based on the provided static analysis. There are no identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected by authentication or permission checks. This significantly reduces the potential attack surface. The code also demonstrates good practices regarding SQL queries, with 100% using prepared statements, and a high percentage of output being properly escaped, minimizing risks of injection vulnerabilities. The absence of critical or high-severity taint flows further reinforces this positive assessment. Furthermore, the plugin has no recorded vulnerability history, indicating a consistent track record of security. The main areas of note are the presence of external HTTP requests and file operations, which are inherently more prone to external influence, although the analysis doesn't flag specific unsanitized paths or dangerous functions. The plugin also bundles libraries, which can introduce risks if not kept up-to-date, though no specific vulnerabilities are highlighted here. Overall, the plugin appears robust and well-secured.

Key Concerns

  • External HTTP requests detected
  • File operations detected
  • Bundled libraries (Freemius v1.0, Guzzle)
Vulnerabilities
None known

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Release Timeline

v2.0.0Current
v1.5.9
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.0
v1.3.9
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
Code Analysis
Analyzed Mar 16, 2026

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
16
154 escaped
Nonce Checks
5
Capability Checks
1
File Operations
1
External Requests
3
Bundled Libraries
2

Bundled Libraries

Freemius1.0Guzzle

Output Escaping

91% escaped170 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
twl_display_tab_test (admin-pages.php:112)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 23
actiontwl_display_tabadmin-pages.php:106
actiontwl_display_tabadmin-pages.php:161
actiontwl_display_tabadmin-pages.php:195
actiontwl_display_tabadmin-pages.php:324
actiontwl_display_tabapps-integrations.php:190
actioninitcore.php:131
actionadmin_initcore.php:135
actionadmin_menucore.php:136
filteruser_contactmethodscore.php:141
actionpersonal_options_updatecore.php:142
actionedit_user_profile_updatecore.php:143
actionplugins_loadedcore.php:407
actionafter_uninstallcore.php:409
actionadmin_enqueue_scriptscore.php:412
actiontransition_post_statushooks.php:30
actionuser_registerhooks.php:59
actioncomment_posthooks.php:88
actionwp_loginhooks.php:117
actionadmin_initinc\admin-notices.php:82
actionadmin_initinc\admin-notices.php:160
actionadmin_noticesinc\admin-notices.php:170
actionadmin_noticesinc\admin-notices.php:172
filtertwl_sms_messageurl-shorten.php:35
Maintenance & Trust

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 15, 2025
PHP min version5.6
Downloads196K

Community Trust

Rating68/100
Number of ratings18
Active installs2K
Alternatives

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Alternatives

Gray SMS – Complete SMS Notificaitons for WordPress, Woocommerce & Multi Features

Gray SMS – Complete SMS Notificaitons for WordPress, Woocommerce & Multi Features

gray-sms

A
100

Send WooCommerce order notifications and individual SMS messages using Twilio, Vonage, Plivo, Clickatell and other SMS gateways.

0 No CVEs
WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

wp-sms

A
95

Send SMS/MMS notifications, OTP & 2FA messages, and WooCommerce updates with support for multiple gateways and plugin integrations.

8K 17 CVEs
SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery

SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery

sms-alert

B
82

Send WooCommerce SMS notifications, OTP verification, abandoned cart recovery alerts, and real-time order updates to customers and admins.

4K 13 CVEs
افزونه پیامک حرفه ای فراز اس ام اس

افزونه پیامک حرفه ای فراز اس ام اس

farazsms

C
63

شما می توانید با استفاده از افزونه فراز اس ام اس، سایت خود را با ابزاری خودکار برای ارسال پیامک و ذخیره شماره در دفترچه تلفن، تقویت کنید.

2K 1 unpatched
ShopMagic – Twilio SMS

ShopMagic – Twilio SMS

shopmagic-for-twilio

A
100

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind …

800 No CVEs
Developer Profile

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce Developer Profile

mohsin.id

6 plugins · 15K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-twilio-core/assets/css/frontend.css/wp-content/plugins/wp-twilio-core/assets/css/vendor/intl-tel-input.css/wp-content/plugins/wp-twilio-core/assets/js/frontend.js/wp-content/plugins/wp-twilio-core/assets/js/vendor/intl-tel-input.js/wp-content/plugins/wp-twilio-core/twilio-php/src/Twilio/autoload.php
Script Paths
/wp-content/plugins/wp-twilio-core/assets/js/frontend.js/wp-content/plugins/wp-twilio-core/assets/js/vendor/intl-tel-input.js
Version Parameters
wp-twilio-core/assets/css/frontend.css?ver=wp-twilio-core/assets/css/vendor/intl-tel-input.css?ver=wp-twilio-core/assets/js/frontend.js?ver=wp-twilio-core/assets/js/vendor/intl-tel-input.js?ver=

HTML / DOM Fingerprints

CSS Classes
twilio-mobile-number
HTML Comments
<!-- Contact Form 7 SMS Notifications --><!-- WooCommmerce SMS Notifications --><!-- Twilio Core Options --><!-- Twilio Core Settings -->
Data Attributes
data-intl-tel-input-id
JS Globals
wpTwilioCoreintlTelInput
REST Endpoints
/wp-json/wp-twilio-core/v1/send-sms
Shortcode Output
[twilio_sms_form][twilio_otp_form]
FAQ

Frequently Asked Questions about NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce