Does Easy Notify Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Notify Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Notify Lite compatible with WordPress 6.9.4?

According to WordPress.org data, Easy Notify Lite 1.1.39 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Easy Notify Lite updated?

Easy Notify Lite was last updated on Dec 13, 2025. Frequent updates are generally a positive security signal.

What is Easy Notify Lite's security score?

Easy Notify Lite has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Notify Lite Security & Risk Analysis

wordpress.org/plugins/easy-notify-lite

The best Popup Builder plugin to display image, video, notify or announcement with very ease and elegant.

400 active installs v1.1.39 PHP + WP 3.3+ Updated Dec 13, 2025

advertisingemail-listmarketingoptinpopup-builder

A · Safe

CVEs total5

Unpatched0

Last CVEDec 12, 2025

Plugin page Download

Safety Verdict

Is Easy Notify Lite Safe to Use in 2026?

Generally Safe

Score 92/100

Easy Notify Lite has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 12, 2025Updated 3mo ago

Risk Assessment

The static analysis of Easy Notify Lite v1.1.39 shows a generally good security posture with a significant focus on secure coding practices. The plugin demonstrates strong adherence to using prepared statements for all SQL queries and a very high percentage of properly escaped output, minimizing the risk of common web vulnerabilities like Cross-Site Scripting (XSS). Furthermore, the absence of direct file operations and external HTTP requests in the analyzed code is a positive indicator. All identified entry points (AJAX handlers, shortcodes, cron events) appear to have authentication and capability checks, which is a crucial security measure.

However, despite these strengths, the plugin's vulnerability history raises significant concerns. The presence of five known CVEs, including a high-severity one and four medium-severity ones, indicates a pattern of past security weaknesses. The types of past vulnerabilities, such as Missing Authorization, PHP Remote File Inclusion, and Cross-site Scripting, suggest that while current code might be cleaner, historical issues point to potential underlying architectural flaws or recurring development oversight. The fact that the last vulnerability was very recent (December 2025) despite being marked as 'currently unpatched: 0' might indicate data lag or a misunderstanding of the reporting structure, but it nonetheless signifies a recent history of insecurity. The taint analysis showing two flows with unsanitized paths, while not critical or high severity, still warrants attention as it suggests potential for input-related vulnerabilities if not handled meticulously by developers or if further analysis reveals more complex scenarios.

In conclusion, Easy Notify Lite v1.1.39 has made commendable progress in secure coding practices, particularly regarding SQL and output sanitization. The robust use of nonce and capability checks on its entry points is also a strong positive. Nevertheless, the plugin's extensive history of medium and high-severity vulnerabilities, including critical types like RFI and XSS, indicates a past that cannot be ignored. Users should be aware that while the current version might appear secure based on static analysis, the historical pattern suggests a higher than average risk profile for potential future discoveries or overlooked edge cases, especially concerning input sanitization. The bundled Select2 library also requires vigilance for potential vulnerabilities within its own dependencies.

Key Concerns

Bundled outdated library (Select2)
Vulnerability history: 1 high severity CVE
Vulnerability history: 4 medium severity CVEs
Taint analysis: 2 flows with unsanitized paths

Vulnerabilities

Easy Notify Lite Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-14446medium · 6.5Missing Authorization

Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset

Dec 12, 2025 Patched in 1.1.39 (7d)

CVE-2025-46230high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Popup Builder <= 1.1.35 - Authenticated (Subscriber+) Local File Inclusion

Apr 22, 2025 Patched in 1.1.37 (9d)

CVE-2025-26882medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Popup Builder <= 1.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 22, 2025 Patched in 1.1.35 (10d)

CVE-2024-3236medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Popup Builder <= 1.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 27, 2024 Patched in 1.1.33 (23d)

CVE-2024-34567medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Popup Builder <= 1.1.29 - Authenticated (Author+) Stored Cross-Site Scripting

May 14, 2024 Patched in 1.1.30 (7d)

Code Analysis

Analyzed Mar 16, 2026

Easy Notify Lite Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

652 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

99% escaped657 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

easynotify_generate_preview (inc\functions\enoty-functions.php:322)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Easy Notify Lite Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 5

noprivwp_ajax_easynotify_ajax_contentinc\functions\enoty-functions.php:65

authwp_ajax_easynotify_ajax_contentinc\functions\enoty-functions.php:66

authwp_ajax_easynotify_cp_resetinc\functions\enoty-functions.php:258

authwp_ajax_easynotify_generate_previewinc\functions\enoty-functions.php:364

authwp_ajax_enoty_enable_auto_updateinc\functions\enoty-functions.php:833

Shortcodes 1

[easy-notify] inc\enoty-shortcode.php:76

WordPress Hooks 48

actionplugins_loadedeasy-notify-lite.php:78

actionadmin_initeasy-notify-lite.php:79

actioniniteasy-notify-lite.php:80

actioniniteasy-notify-lite.php:81

actionadmin_menueasy-notify-lite.php:82

filtermanage_edit-easynotify_columnseasy-notify-lite.php:83

filtermanage_posts_custom_columneasy-notify-lite.php:84

filterpost_row_actionseasy-notify-lite.php:85

filterplugin_action_linkseasy-notify-lite.php:86

actionadmin_initeasy-notify-lite.php:87

actionadmin_headeasy-notify-lite.php:88

filterwidget_texteasy-notify-lite.php:89

filterthe_excerpteasy-notify-lite.php:90

filterthe_excerpteasy-notify-lite.php:91

actionenoty_auto_updateeasy-notify-lite.php:384

actionadmin_menuinc\enoty-featured.php:8

actionadmin_menuinc\enoty-freeplugins.php:8

filterthe_contentinc\enoty-frontend.php:16

filterwp_footerinc\enoty-frontend.php:17

filterthe_contentinc\enoty-frontend.php:21

filterthe_contentinc\enoty-frontend.php:27

filterwp_footerinc\enoty-frontend.php:28

filterthe_contentinc\enoty-frontend.php:125

actiondo_meta_boxesinc\enoty-metaboxes.php:13

actionadmin_headinc\enoty-metaboxes.php:19

actionadmin_enqueue_scriptsinc\enoty-metaboxes.php:20

actionadmin_footerinc\enoty-metaboxes.php:43

actionadd_meta_boxesinc\enoty-metaboxes.php:934

actionsave_postinc\enoty-metaboxes.php:1547

actionadmin_noticesinc\enoty-notice.php:6

actionadmin_initinc\enoty-notice.php:33

actionadmin_initinc\enoty-settings.php:12

actionadmin_headinc\enoty-settings.php:76

actionadmin_enqueue_scriptsinc\enoty-settings.php:77

actionadmin_menuinc\enoty-settings.php:613

actionenoty_wp_print_layoutinc\enoty-shortcode.php:65

actionenoty_wp_print_stylesinc\enoty-shortcode.php:66

actionadmin_initinc\functions\enoty-functions.php:45

actionwp_enqueue_scriptsinc\functions\enoty-functions.php:60

filtergettextinc\functions\enoty-functions.php:105

actionadmin_headinc\functions\enoty-functions.php:286

actionadmin_bar_menuinc\functions\enoty-functions.php:448

actionadmin_print_footer_scriptsinc\functions\enoty-functions.php:464

actionadmin_menuinc\functions\enoty-functions.php:511

actionadmin_menuinc\functions\enoty-functions.php:567

actionadmin_enqueue_scriptsinc\functions\enoty-functions.php:580

actionenoty_wp_print_layoutlayouts\enoty-preview.php:77

actionwp_print_styleslayouts\enoty-preview.php:78

Scheduled Events 1

enoty_auto_update

Maintenance & Trust

Easy Notify Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 13, 2025

PHP min version

Downloads85K

Community Trust

Rating66/100

Number of ratings18

Active installs400

Alternatives

Easy Notify Lite Alternatives

Advanced Popups

advanced-popups

100

Display high-converting newsletter popups, a cookie notice, or a notification with the light-weight yet feature-rich plugin.

70K 1 CVE

Easy Popup Maker

easy-popup-maker

100

This plugin will help you create effective marketing popups for your blog. Create the most optimal popup to boost your site sales.

30 No CVEs

Epic Popup Creator

epic-popup-creator

An easy to use and light plugin for creating popup with user friendly interface.

0 No CVEs

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs

Developer Profile

Easy Notify Lite Developer Profile

GhozyLab

10 plugins · 21K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

872 days

View full developer profile

Detection Fingerprints

How We Detect Easy Notify Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-notify-lite/assets/css/enoty-admin.css/wp-content/plugins/easy-notify-lite/assets/css/enoty-frontend.css/wp-content/plugins/easy-notify-lite/assets/js/enoty-admin.js/wp-content/plugins/easy-notify-lite/assets/js/enoty-frontend.js

Version Parameters

easy-notify-lite/assets/css/enoty-admin.css?ver=easy-notify-lite/assets/css/enoty-frontend.css?ver=easy-notify-lite/assets/js/enoty-admin.js?ver=easy-notify-notify-lite/assets/js/enoty-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

enoty-btnenoty-formenoty-subscribeenoty-contentenoty-notifyenoty-notify-itemenoty-notify-wrapeasynotify-style-custom+7 more

HTML Comments

+4 more

Data Attributes

data-enoty-iddata-enoty-typedata-enoty-positiondata-enoty-widthdata-enoty-heightdata-enoty-color+12 more

JS Globals

easynotify_vars

Shortcode Output

[easy_notify_lite_subscribe_form][easy_notify_lite_subscribe_form]

FAQ