WP-Safety

Advanced Notifications Security & Risk Analysis

wordpress.org/plugins/advanced-notifications

Advanced Notifications allows you to create beautiful custom notifications that appear on pages or posts of your choice.

100 active installs v1.2.9 PHP + WP 5.6.2+ Updated Mar 10, 2025
alertsmessagesnoticenotificationspopup
91
A · Safe
CVEs total1
Unpatched0
Last CVEJan 24, 2025
Plugin page Download
Safety Verdict

Is Advanced Notifications Safe to Use in 2026?

Generally Safe

Score 91/100

Advanced Notifications has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 24, 2025Updated 1yr ago
Risk Assessment

The "advanced-notifications" plugin version 1.2.9 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a relatively high percentage of properly escaped output, several areas raise concern. The presence of one unprotected AJAX handler significantly widens the attack surface and represents a direct pathway for potential exploitation. Additionally, the use of the `unserialize` function, a known dangerous function, without apparent sanitization in the analyzed flows is a critical risk. While the vulnerability history shows no currently unpatched CVEs and a single medium-severity vulnerability in the past, this does not negate the immediate risks identified in the static analysis, particularly the unprotected entry point and the dangerous function usage. The plugin's strengths lie in its SQL practices and output escaping, but these are overshadowed by the identified vulnerabilities in its entry points and code execution.

Key Concerns

  • Unprotected AJAX handler found
  • Dangerous function `unserialize` used
  • Flow with unsanitized path found
  • Output escaping not fully implemented
  • Medium severity vulnerability history
Vulnerabilities
1

Advanced Notifications Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-24693medium · 4.3Missing Authorization

Advanced Notifications <= 1.2.7 - Missing Authorization

Jan 24, 2025 Patched in 1.2.8 (5d)
Code Analysis
Analyzed Mar 16, 2026

Advanced Notifications Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
28
55 escaped
Nonce Checks
5
Capability Checks
3
File Operations
8
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn (!empty($value_to_decrypt)) ? unserialize(@openssl_decrypt($value_to_decrypt, $method, $secreplugins\easy-interface-settings\includes\eis-functions.php:254

Output Escaping

66% escaped83 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
<eis-theme> (plugins\easy-interface-settings\templates\page\default\eis-theme.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Advanced Notifications Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_an_ajaxincludes\an-functions.php:15
authwp_ajax_eis_save_current_tabplugins\easy-interface-settings\includes\eis-admin-functions.php:880
authwp_ajax_eis_save_interface_settingsplugins\easy-interface-settings\includes\eis-admin-functions.php:895
WordPress Hooks 66
filteran_notifications_listincludes\an-api.php:15
actionplugins_loadedincludes\an-core.php:13
actionadmin_menuincludes\an-core.php:14
actionwp_footerincludes\an-core.php:15
actionwp_loadedincludes\an-core.php:16
actionadd_meta_boxesincludes\an-core.php:17
actionsave_postincludes\an-core.php:18
filtertemplate_includeincludes\an-core.php:20
filterhidden_meta_boxesincludes\an-core.php:21
actioninitincludes\an-cpt.php:49
actionadmin_initincludes\an-cpt.php:64
filtermanage_a_notifications_posts_columnsincludes\an-cpt.php:95
actionmanage_a_notifications_posts_custom_columnincludes\an-cpt.php:186
filterpost_row_actionsincludes\an-cpt.php:195
actionsave_postincludes\an-cpt.php:203
actionsave_postincludes\an-cpt.php:206
actionadmin_action_advanced_notifications_duplicate_as_pendingincludes\an-cpt.php:247
filterdisplay_post_statesincludes\an-cpt.php:260
filterpost_updated_messagesincludes\an-cpt.php:286
actionan_admin_menuincludes\an-designs.php:13
actioninitincludes\an-designs.php:14
filterparent_fileincludes\an-designs.php:16
filtersubmenu_fileincludes\an-designs.php:17
filteran_cpt_listincludes\an-designs.php:18
filteran_add_duplicate_linkincludes\an-designs.php:19
actionadmin_enqueue_scriptsincludes\an-functions.php:13
actionwp_enqueue_scriptsincludes\an-functions.php:14
actionan_add_ajaxincludes\an-functions.php:16
actionwp_footerincludes\an-functions.php:17
actionadmin_footerincludes\an-functions.php:18
actionadmin_menuincludes\an-functions.php:20
filteran_page_notificationsincludes\an-functions.php:22
filteran_pre_notification_printincludes\an-functions.php:23
filteran_pre_add_designincludes\an-functions.php:24
actionadd_eis_register_interfaceincludes\an-interface-api.php:56
filteran_notification_typesincludes\an-interface-api.php:132
filteran_trigger_actionsincludes\an-interface-api.php:1150
filteran_trigger_typesincludes\an-interface-api.php:1160
actionadd_eis_interface_optionsincludes\an-interface-api.php:1486
actionan_admin_menuincludes\an-locations.php:13
actioninitincludes\an-locations.php:14
filterparent_fileincludes\an-locations.php:16
filtersubmenu_fileincludes\an-locations.php:17
filteran_cpt_listincludes\an-locations.php:18
filteran_add_duplicate_linkincludes\an-locations.php:19
actionan_admin_menuincludes\an-triggers.php:13
actioninitincludes\an-triggers.php:14
filterparent_fileincludes\an-triggers.php:16
filtersubmenu_fileincludes\an-triggers.php:17
filteran_cpt_listincludes\an-triggers.php:18
filteran_add_duplicate_linkincludes\an-triggers.php:19
filteran_localize_scriptincludes\an-triggers.php:20
actionadmin_enqueue_scriptsplugins\easy-interface-settings\easy-interface-settings.php:90
actionwp_enqueue_scriptsplugins\easy-interface-settings\easy-interface-settings.php:100
actionplugins_loadedplugins\easy-interface-settings\easy-interface-settings.php:107
actionadmin_initplugins\easy-interface-settings\includes\eis-admin-functions.php:108
filterpre_update_optionplugins\easy-interface-settings\includes\eis-admin-functions.php:746
actionadmin_menuplugins\easy-interface-settings\includes\eis-admin-functions.php:778
actionadmin_footerplugins\easy-interface-settings\includes\eis-admin-functions.php:795
actionadd_meta_boxesplugins\easy-interface-settings\includes\eis-admin-functions.php:814
actionsave_postplugins\easy-interface-settings\includes\eis-admin-functions.php:865
actionsave_postplugins\easy-interface-settings\includes\eis-css-generator.php:218
actioninitplugins\easy-interface-settings\includes\eis-functions.php:211
actionwp_loadedplugins\easy-interface-settings\includes\eis-functions.php:241
actionadmin_enqueue_scriptsplugins\easy-interface-settings\includes\eis-templates.php:93
actioneis_do_update_after_loadplugins\easy-interface-settings\includes\eis-update.php:8
Maintenance & Trust

Advanced Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 10, 2025
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings3
Active installs100
Alternatives

Advanced Notifications Alternatives

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar

maxboxy

A
100

Make Conversion Boxes, Popups, Floats and Inject Any Content in a WorsPress way!

50 No CVEs
Sales Notifications for WooCommerce – Recent Sales Popup

Sales Notifications for WooCommerce – Recent Sales Popup

wc-live-sale-notifications

A
100

Sales Notifications for WooCommerce - Recent Sales Popup boosts sales by showing recent orders in a popup with customer and product details.

50 No CVEs
Courier Notices

Courier Notices

courier-notices

A
100

Add dismissible and non-dismissible notices throughout your WordPress website with customizable colors, icons, and placement options.

40 No CVEs
Disable Admin Notices – Hide Dashboard Notifications

Disable Admin Notices – Hide Dashboard Notifications

disable-admin-notices

A
98

Disable admin notices and hide dashboard notifications from plugins, themes and core. Hide all notices, selected ones, or show them in a single line.

100K 2 CVEs
Hide Admin Notices

Hide Admin Notices

hide-admin-notices

A
85

Hide – or show – WordPress Dashboard Notices, Messages, Update Nags etc. ... for everything!

20K No CVEs
Developer Profile

Advanced Notifications Developer Profile

Yehi

2 plugins · 4K total installs

92
trust score
Avg Security Score
88/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-notifications/assets/css/admin-an.css/wp-content/plugins/advanced-notifications/assets/js/admin-an.js/wp-content/plugins/advanced-notifications/assets/css/an.css/wp-content/plugins/advanced-notifications/assets/js/an.js
Script Paths
/wp-content/plugins/advanced-notifications/assets/js/admin-an.js/wp-content/plugins/advanced-notifications/assets/js/an.js
Version Parameters
advanced-notifications/assets/css/admin-an.css?ver=advanced-notifications/assets/js/admin-an.js?ver=advanced-notifications/assets/css/an.css?ver=advanced-notifications/assets/js/an.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- * * Advanced Notifications V 1 * ------------------------------------------------ * Powered by - https://wiliba.com * -->
JS Globals
admin_an_settingsan_settings
FAQ

Frequently Asked Questions about Advanced Notifications