WordPress.org

Français de Belgique

Get WordPress
WordPress.org

Plugin Directory

SMSTunnel

SMSTunnel

Par nicunarcisbodea
Télécharger

Description

SMSTunnel transforms your Android phone into a powerful SMS gateway for WordPress.

Key Features

  • Use Your Own Phone – No third-party SMS gateway costs
  • Two-Factor Authentication – Secure WordPress login with SMS 2FA
  • End-to-End Encryption – Messages encrypted with RSA keys
  • Quick Setup – Scan QR code from the mobile app

External Services

This plugin connects to external services to provide certain functionality. Below are the details of each service:

SMSTunnel API

  • Purpose: Core service that enables the plugin to communicate with the SMSTunnel mobile app for sending SMS messages from your phone
  • When data is sent: During Quick Setup (when pairing via QR code), when sending SMS messages, and when verifying API connections
  • Data sent:
    • During setup: Site URL, site token (random identifier), admin email (for account creation)
    • When sending SMS: Phone number, message content (encrypted if E2E is enabled), API key for authentication
  • Service provider: SMSTunnel.io (NARBOWEB SRL)
  • Privacy Policy: https://smstunnel.io/privacy
  • Terms of Service: https://smstunnel.io/terms

SMSTunnel Authentication

  • Purpose: Optional sign-in via Google, Facebook, or email to link your SMSTunnel account with WordPress
  • When data is sent: Only when the admin uses the « Connect with Google/Facebook/Email » options on the plugin settings page
  • Data sent:
    • Google/Facebook: Redirects to smstunnel.io/auth/google or smstunnel.io/auth/facebook with a callback URL and CSRF state token
    • Email login: Email and password sent to smstunnel.io/api/v1/auth/login
    • After authentication: Fetches user profile from smstunnel.io/auth/me and creates an API key via smstunnel.io/api/v1/api-keys
  • Service provider: SMSTunnel.io (NARBOWEB SRL)
  • Privacy Policy: https://smstunnel.io/privacy
  • Terms of Service: https://smstunnel.io/terms

Note: QR codes are generated locally using an embedded JavaScript library (qrcode.min.js). No external QR code generation services are used. All SMS messages are sent through your own Android phone – the SMSTunnel server only acts as a relay to connect WordPress with your phone.

Installation

  1. Upload the plugin to /wp-content/plugins/
  2. Activate the plugin
  3. Go to SMSTunnel > Quick Setup
  4. Download the SMSTunnel app and scan the QR code

Avis

Il n’y a aucun avis pour cette extension.

Contributeurs & développeurs

« SMSTunnel » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.

Contributeurs

Traduisez « SMSTunnel » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Journal

1.0.6

  • Security: Added nonce validation (check_ajax_referer) to all nopriv AJAX endpoints including 2FA login and phone setup
  • Security: Fixed DOM XSS in quick-setup.js, social-login.js, and admin-settings.js – all server/URL data now uses .text() instead of .html()
  • Security: Escaped all remaining unescaped outputs in SMS history table
  • Security: API key verification now uses X-API-Key header and configurable server URL (consistent with rest of plugin)
  • Fix: Corrected AJAX action name mismatch for API key verification
  • Documentation: Added SMSTunnel Authentication section to External Services (auth endpoints)

1.0.5

  • Security: Moved all inline JavaScript to external files using wp_enqueue_script and wp_localize_script
  • Security: Added OAuth state parameter validation to prevent CSRF attacks on OAuth callback
  • Security: REST API /setup-callback now validates site_token in permission_callback instead of callback body
  • Security: Removed all wp_add_inline_script calls – all scripts now in external .js files
  • Code: Added $request parameter to all REST API permission_callback methods for PHP 8+ compatibility

1.0.4

  • Documentation: Updated External Services section with complete service documentation

1.0.3

  • Security: Replaced __return_true with documented custom permission_callback methods

1.0.2

  • Security: Replaced inline scripts with wp_add_inline_script for proper enqueueing
  • Security: Fixed XSS vulnerabilities by using textContent instead of innerHTML for server responses
  • Security: Removed external QR code generation services (Google Charts, QR Server API) – all QR codes now generated locally
  • Security: Improved escaping for all JavaScript strings using esc_js()
  • Documentation: Updated External Services section to accurately reflect service usage

1.0.1

  • Security: Added sanitization callbacks for all settings
  • Security: Fixed escape output for translatable strings
  • Security: Database queries now use prepared statements
  • Security: Changed wp_redirect to wp_safe_redirect
  • Security: Changed mt_rand to wp_rand
  • Compatibility: Tested up to WordPress 6.7.1

1.0.0

  • Initial release

Méta

Notes

No reviews have been submitted yet.

Your review

See all reviews

Support

Quelque chose à dire ? Besoin d’aide ?

Voir le forum de support