SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery

Vulnerabilities 13Slug sms-alertLatest version 3.9.5WordPress.org →

Minimum safe version

3.9.1

Update to 3.9.1 or later to address 13 fixable vulnerabilities

Latest available3.9.5 ✓

Medium 5.4

2026-03-13< 3.9.1

CVE-2026-32373

CVE Wordfence

Medium 5.3

2025-12-05< 3.8.9

SMS Alert Order Notifications <= 3.8.8 - Missing Authorization

Wordfence CVE EUVD

Critical 9.3

2025-10-22< 3.8.6

CVE-2025-49915

CVE Wordfence

Critical 9.3

2025-05-12< 3.8.2

CVE-2025-47682

CVE EUVD Wordfence

Medium 6.4

2025-05-10< 3.8.2

SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode

EUVD Wordfence CVE

High 8.8

2025-05-10< 3.8.2

SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function

EUVD Wordfence CVE

Critical 9.8

2025-04-01< 3.8.0

CVE-2024-13553

CVE EUVD Wordfence

High 7.1

2025-03-03< 3.7.9

CVE-2025-26984

CVE EUVD Wordfence

Critical 9.3

2025-03-03< 3.7.9

CVE-2025-26988

CVE EUVD Wordfence

High 8.8

2025-01-07< 3.7.7

CVE-2024-11725

CVE Patchstack Wordfence

Medium 6.4

2024-10-29< 3.7.6

CVE-2024-10233

CVE Patchstack Wordfence

Medium 4.3

2024-03-13< 3.7.0

CVE-2024-1489

CVE Wordfence Patchstack WPScan

Medium 6.1

2021-09-06< 3.4.7

CVE-2021-24588

CVE Patchstack Wordfence WPScan