Does CleverPush have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is CleverPush compatible with WordPress 6.7.5?

According to WordPress.org data, CleverPush 1.9.8 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is CleverPush updated?

CleverPush was last updated on Feb 12, 2025. Frequent updates are generally a positive security signal.

What is CleverPush's security score?

CleverPush has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CleverPush Security & Risk Analysis

wordpress.org/plugins/cleverpush

CleverPush lets you send browser push notifications to your users in the simplest way possible.

200 active installs v1.9.8 PHP + WP 2.7+ Updated Feb 12, 2025

browser-notificationspush-notificationsweb-pushwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CleverPush Safe to Use in 2026?

Generally Safe

Score 92/100

CleverPush has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The CleverPush plugin v1.9.8 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. All five identified AJAX endpoints lack authentication checks, creating a broad attack surface that could be exploited by unauthenticated users. While the plugin demonstrates good practices in other areas like SQL query preparation and largely proper output escaping, the unprotected AJAX endpoints are a critical weakness. The presence of the `unserialize` function, a known risk for deserialization vulnerabilities if used with untrusted data, further compounds these concerns. The absence of any recorded vulnerability history (CVEs) is a positive sign, suggesting a lack of past exploitable flaws. However, this should not lead to complacency, especially given the current vulnerabilities identified in the static analysis. The plugin's strengths lie in its SQL handling and output escaping, but these are overshadowed by the critical security gaps in its AJAX implementation. Mitigation efforts should prioritize securing these entry points.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize
No nonce checks on AJAX handlers
Flows with unsanitized paths

Vulnerabilities

None known

CleverPush Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

CleverPush Release Timeline

vv1.9.7

vv1.9.6

vv1.9.5

vv1.9.4

vv1.9.3

vv1.9.2

vv1.9.1

v1.9.0

vv1.8.3

vv1.8.2

vv1.8.1

v1.8.0

vv1.7.2

vv1.7.1

vv1.7.0

vv1.6.6

vv1.6.5

vv1.6.4

vv1.6.3

vv1.6.2

Code Analysis

Analyzed Mar 16, 2026

CleverPush Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

172 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cart = unserialize($session['cart']);cleverpush-woocommerce.php:46

Output Escaping

89% escaped194 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<cleverpush-amp.js> (cleverpush-amp.js.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

CleverPush Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_cleverpush_send_optionscleverpush.php:58

authwp_ajax_cleverpush_subscription_idcleverpush.php:60

noprivwp_ajax_cleverpush_subscription_idcleverpush.php:61

authwp_ajax_cleverpush_users_plancleverpush.php:63

authwp_ajax_cleverpush_ai_generationcleverpush.php:64

WordPress Hooks 30

actionwoocommerce_add_to_cartcleverpush-woocommerce.php:12

actioncleverpush_check_if_product_boughtcleverpush-woocommerce.php:14

actionplugins_loadedcleverpush.php:38

actionwp_headcleverpush.php:39

actionadmin_menucleverpush.php:40

actionadmin_initcleverpush.php:41

actioninitcleverpush.php:42

actionadmin_noticescleverpush.php:43

actionadd_meta_boxescleverpush.php:44

actionsave_postcleverpush.php:45

actionadmin_noticescleverpush.php:46

actionpublish_postcleverpush.php:48

actionadmin_enqueue_scriptscleverpush.php:56

actionsingle_templatecleverpush.php:66

actionfrontpage_templatecleverpush.php:67

actionrss2_itemcleverpush.php:71

filterpre_get_postscleverpush.php:77

filterquery_varscleverpush.php:78

filterwpseo_whitelist_permalink_varscleverpush.php:79

actionwp_headcleverpush.php:85

actionwp_body_opencleverpush.php:87

actionwp_footercleverpush.php:89

actionwp_footercleverpush.php:91

actionamp_post_template_csscleverpush.php:93

actionamp_post_template_body_opencleverpush.php:94

actionamp_post_template_footercleverpush.php:95

actionwp_headcleverpush.php:1259

filterposts_resultscleverpush.php:1261

filtershow_admin_barcleverpush.php:1808

actionwp_headcleverpush.php:1827

Scheduled Events 1

cleverpush_check_if_product_bought

Maintenance & Trust

CleverPush Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 12, 2025

PHP min version

Downloads38K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

CleverPush Alternatives

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget

pushengage

100

The #1 push notification plugin for WordPress & WooCommerce. Recover abandoned carts, automate alerts, and grow subscribers — no code needed.

10K No CVEs

Digital Conversion – Push Notifications & Marketing Hub

digital-conversion

100

Smart Web Push with unlimited subscribers, AI insights, A/B testing, automation, WooCommerce integration, and personalization.

0 No CVEs

NotificationButton – Web Push Notifications for Websites and Online Stores

notification-button

100

Enable automated Web Push Notifications for your website to engage visitors and provide real-time updates directly to their browsers.

0 No CVEs

Web Push Notifications – Webpushr

webpushr-web-push-notifications

Fastest growing & lightweight plugin for Web Push Notifications. Add browser push notifications to your WordPress & WooCommerce site.

10K 4 CVEs

Perfecty Push Notifications

perfecty-push-notifications

100

Push Notifications that are self-hosted, you don't need API keys to integrate with external Push Notifications providers that will charge you lat …

5K No CVEs

Developer Profile

CleverPush Developer Profile

CleverPush

1 plugin · 200 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CleverPush

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cleverpush/cleverpush-admin.css/wp-content/plugins/cleverpush/cleverpush.js/wp-content/plugins/cleverpush/cleverpush-settings.js/wp-content/plugins/cleverpush/cleverpush-stories.js

Script Paths

/wp-content/plugins/cleverpush/cleverpush.js/wp-content/plugins/cleverpush/cleverpush-settings.js/wp-content/plugins/cleverpush/cleverpush-stories.js

Version Parameters

cleverpush-admin.css?ver=cleverpush.js?ver=cleverpush-settings.js?ver=cleverpush-stories.js?ver=

HTML / DOM Fingerprints

CSS Classes

cleverpush-subscription-dialogcleverpush-story-headercleverpush-story-contentcleverpush-story-footer

HTML Comments

Data Attributes

data-cleverpush-subscription-iddata-cleverpush-post-id

JS Globals

window.cleverpushvar cleverpush_settings

REST Endpoints

/wp-json/cleverpush/v1/subscribe/wp-json/cleverpush/v1/unsubscribe

Shortcode Output

[cleverpush_subscribe_button][cleverpush_notification]

FAQ