WP-Safety

AWS SNS Plugin Security & Risk Analysis

wordpress.org/plugins/aws-sns

This plugin is created to send push notifications to different devices using Amazon Simple Notification Service.

10 active installs v1.0.0 PHP + WP 3.0.1+ Updated Feb 28, 2016
amazonamazon-simple-notification-serviceamazon-web-servicesnotificationspush-notifications
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AWS SNS Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

AWS SNS Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "aws-sns" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, which is an excellent practice. However, significant concerns arise from the static analysis. The plugin uses the `unserialize` function, which is inherently dangerous and can lead to remote code execution if untrusted data is unserialized. The output escaping is also very low at only 17%, meaning a substantial portion of the plugin's output is not being properly sanitized, potentially opening the door for cross-site scripting (XSS) vulnerabilities. The taint analysis, though limited to one flow, did identify an unsanitized path, which, combined with the other identified risks, warrants careful consideration. The lack of any recorded vulnerability history is a good sign, suggesting the plugin has not been a target or has been developed with security in mind historically. However, this cannot offset the immediate risks identified in the code. The absence of nonce checks and capability checks is also a notable weakness. In conclusion, while the plugin's limited attack surface and prepared SQL queries are strengths, the presence of `unserialize`, poor output escaping, and lack of nonce/capability checks introduce significant security risks that need to be addressed.

Key Concerns

  • Dangerous function `unserialize` used
  • Low output escaping (17% proper)
  • Flows with unsanitized paths
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

AWS SNS Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

AWS SNS Plugin Code Analysis

Dangerous Functions
13
Raw SQL Queries
0
5 prepared
Unescaped Output
19
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
39
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserializeunserialize($serialized['client'])sdk\aws_v2.8.27\Aws\Common\Credentials\RefreshableInstanceProfileCredentials.php:73
unserialize$data = unserialize($serialized);sdk\aws_v2.8.27\Aws\Common\Model\MultipartUpload\AbstractTransferState.php:155
unserialize$this->loadData(unserialize($serialized));sdk\aws_v2.8.27\Aws\Common\Model\MultipartUpload\AbstractUploadId.php:68
unserialize$this->loadData(unserialize($serialized));sdk\aws_v2.8.27\Aws\Common\Model\MultipartUpload\AbstractUploadPart.php:81
unserializereturn unserialize($data);sdk\aws_v2.8.27\Doctrine\Common\Cache\FilesystemCache.php:71
unserializereturn unserialize($document[self::DATA_FIELD]->bin);sdk\aws_v2.8.27\Doctrine\Common\Cache\MongoDBCache.php:96
unserializereturn unserialize($result);sdk\aws_v2.8.27\Doctrine\Common\Cache\PredisCache.php:39
unserializereturn unserialize($object->getContent());sdk\aws_v2.8.27\Doctrine\Common\Cache\RiakCache.php:79
unserializereturn unserialize($item[self::DATA_FIELD]);sdk\aws_v2.8.27\Doctrine\Common\Cache\SQLite3Cache.php:90
unserializereturn $this->doContains($id) ? unserialize(xcache_get($id)) : false;sdk\aws_v2.8.27\Doctrine\Common\Cache\XcacheCache.php:40
unserializeforeach (unserialize($manifest) as $entry) {sdk\aws_v2.8.27\Guzzle\Plugin\Cache\DefaultCacheStorage.php:72
unserializeforeach (unserialize($entries) as $entry) {sdk\aws_v2.8.27\Guzzle\Plugin\Cache\DefaultCacheStorage.php:107
unserialize$entries = unserialize($entries);sdk\aws_v2.8.27\Guzzle\Plugin\Cache\DefaultCacheStorage.php:132

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared5 total queries

Output Escaping

17% escaped23 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<aws-sns-plugin-admin-backend-display> (admin\partials\aws-sns-plugin-admin-backend-display.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

AWS SNS Plugin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionplugins_loadedincludes\class-aws-sns-plugin.php:139
actionadmin_enqueue_scriptsincludes\class-aws-sns-plugin.php:154
actionadmin_enqueue_scriptsincludes\class-aws-sns-plugin.php:155
actionadmin_menuincludes\class-aws-sns-plugin.php:158
actionadmin_menuincludes\class-aws-sns-plugin.php:161
actionadmin_initincludes\class-aws-sns-plugin.php:168
actionwp_enqueue_scriptsincludes\class-aws-sns-plugin.php:183
actionwp_enqueue_scriptsincludes\class-aws-sns-plugin.php:184
Maintenance & Trust

AWS SNS Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedFeb 28, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

AWS SNS Plugin Alternatives

OneSignal – Web Push Notifications

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

A
98

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 2 CVEs
PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

pushengage

A
100

Send order updates, recover abandoned carts, and boost retention with push notifications, WhatsApp automation + multichannel Chat widget.

10K No CVEs
Web Push Notifications – Webpushr

Web Push Notifications – Webpushr

webpushr-web-push-notifications

A
92

Fastest growing & lightweight plugin for Web Push Notifications. Add browser push notifications to your WordPress & WooCommerce site.

10K 4 CVEs
Push Notifications by LaraPush

Push Notifications by LaraPush

push-notifications-by-larapush

A
100

LaraPush's "Push Notifications" is a premium add-on exclusively available for the larapush pro panel. With this add-on, users can easil &hellip;

7K No CVEs
Amazon Web Services

Amazon Web Services

amazon-web-services

A
85

Houses the Amazon Web Services (AWS) PHP SDK v2 libraries and manages access keys.

6K No CVEs
Developer Profile

AWS SNS Plugin Developer Profile

fayzandotocom

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AWS SNS Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aws-sns-plugin/admin/css/aws-sns-plugin-admin.css/wp-content/plugins/aws-sns-plugin/admin/js/aws-sns-plugin-admin.js
Script Paths
/wp-content/plugins/aws-sns-plugin/admin/js/aws-sns-plugin-admin.js
Version Parameters
aws-sns-plugin-admin.css?ver=aws-sns-plugin-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- The code that runs during plugin activation. --><!-- The code that runs during plugin deactivation. --><!-- The admin-specific functionality of the plugin. --><!-- This function is provided for demonstration purposes only. -->+13 more
FAQ

Frequently Asked Questions about AWS SNS Plugin