Does Draft Notifier have any unpatched vulnerabilities?

No. All known vulnerabilities in Draft Notifier have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Draft Notifier compatible with WordPress 3.0.5?

According to WordPress.org data, Draft Notifier 1.2.1 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Draft Notifier updated?

Draft Notifier was last updated on Jun 3, 2010. Frequent updates are generally a positive security signal.

What is Draft Notifier's security score?

Draft Notifier has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Draft Notifier Security & Risk Analysis

wordpress.org/plugins/draft-notifier

Draft Notifier sends a notification email to your blog's admin address when a post written by a Contributor is Submitted for Review.

100 active installs v1.2.1 PHP + WP 2.3.1+ Updated Jun 3, 2010

draftnotificationnotify

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Draft Notifier Safe to Use in 2026?

Generally Safe

Score 85/100

Draft Notifier has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "draft-notifier" plugin v1.2.1 exhibits a generally strong security posture with no known vulnerabilities or reported CVEs. The static analysis reveals excellent practices regarding SQL queries, which are exclusively handled with prepared statements, and all output is properly escaped, indicating a low risk of common injection and cross-site scripting vulnerabilities. The absence of file operations, external HTTP requests, and a large attack surface further contributes to its security. However, the presence of two instances of the `create_function` usage is a significant concern. This function is deprecated and considered dangerous because it can lead to code injection vulnerabilities if not handled with extreme care, as it essentially allows dynamic code execution. While the current analysis doesn't show specific taint flows or unprotected entry points related to this, its mere presence represents a potential weakness that could be exploited in conjunction with other factors or future code changes.

Key Concerns

Use of deprecated and dangerous create_function

Vulnerabilities

None known

Draft Notifier Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Draft Notifier Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$from_func = create_function( '', "return '{$author->data->user_email}';" );draft-notifier.php:60

create_function$from_name_func = create_function( '', "return '{$author->data->user_login}';" );draft-notifier.php:61

Attack Surface

Draft Notifier Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filterwp_mail_fromdraft-notifier.php:62

filterwp_mail_from_namedraft-notifier.php:63

actiontransition_post_statusdraft-notifier.php:93

Maintenance & Trust

Draft Notifier Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedJun 3, 2010

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Draft Notifier Alternatives

Manage Notification E-mails

manage-notification-emails

Enable and disable email notifications that WordPress sends to the admin and user. Works perfectly with many other plugins!

100K 2 CVEs

Customize WordPress Emails and Alerts – Better Notifications for WP

bnfw

Supercharge your WordPress email notifications using a WYSIWYG editor and shortcodes. Default and new notifications available. Add-ons available.

30K 2 CVEs

Notification – Custom Notifications and Alerts for WordPress

notification

100

Take full control of WordPress emails and notifications. Replace default messages, add custom triggers, and send alerts via email, webhook, Slack, and …

10K 1 CVE