Does Favicon Notifications have any unpatched vulnerabilities?

No. All known vulnerabilities in Favicon Notifications have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Favicon Notifications compatible with WordPress 3.7.41?

According to WordPress.org data, Favicon Notifications 0.3 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is Favicon Notifications updated?

Favicon Notifications was last updated on Jan 18, 2014. Frequent updates are generally a positive security signal.

What is Favicon Notifications's security score?

Favicon Notifications has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Favicon Notifications Security & Risk Analysis

wordpress.org/plugins/favicon-notifications

Animate your favicon with animated notification badge.

10 active installs v0.3 PHP + WP 3.0.1+ Updated Jan 18, 2014

badgefaviconnotificationspostsvisitor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Favicon Notifications Safe to Use in 2026?

Generally Safe

Score 85/100

Favicon Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "favicon-notifications" plugin v0.3 exhibits a concerning security posture due to its unprotected AJAX handlers. While the plugin demonstrates good practices in using prepared statements for all SQL queries and a high percentage of properly escaped output, the lack of authentication checks on its two AJAX entry points presents a significant risk. This means any unauthenticated user could potentially interact with these handlers, leading to unintended actions or information disclosure.

The static analysis reveals no dangerous functions, file operations, or external HTTP requests, which are positive signs. The absence of critical or high severity taint flows is also reassuring. However, the complete lack of nonce checks and only one instance of a capability check, coupled with the unprotected AJAX handlers, indicates a potential for Cross-Site Request Forgery (CSRF) attacks or unauthorized actions by malicious actors.

The plugin's vulnerability history is clean, with no recorded CVEs. This suggests that in the past, the plugin has not had publicly disclosed security flaws. This clean history, combined with the strong SQL practices, implies a developer who may be attentive to some security aspects. Nevertheless, the immediate and evident risks from the unprotected AJAX handlers cannot be overlooked. The plugin's overall security is weakened by these critical entry points lacking proper authorization.

Key Concerns

2 AJAX handlers without auth checks
0 Nonce checks
1 Capability check (low coverage)

Vulnerabilities

None known

Favicon Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Favicon Notifications Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared18 total queries

Output Escaping

88% escaped8 total outputs

Attack Surface

2 unprotected

Favicon Notifications Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_ajax_faviconset.php:20

authwp_ajax_ajax_faviconset.php:21

WordPress Hooks 8

actionplugins_loadedfavicon-notifications.php:106

filterthe_contentfavicon-track.php:39

actionwp_enqueue_scriptsset.php:11

actionadmin_enqueue_scriptsset.php:14

actionadmin_print_stylesset.php:17

actionwp_enqueue_scriptsset.php:18

actionadmin_menusettings.php:14

actionadmin_initsettings.php:15

Maintenance & Trust

Favicon Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedJan 18, 2014

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Favicon Notifications Alternatives

WP Telegram (Auto Post and Notifications)

wptelegram

100

Integrate your WordPress site perfectly with Telegram with full control.

30K No CVEs

Gabfire Widget Pack

gabfire-widget-pack

The Gabfire Widget Pack contains over a dozen useful widgets to extend your WordPress site. It is a free plugin that will work with ANY theme.

700 No CVEs

Contributor Notifications

contributor-notifications

100

An incredibly simple and lightweight solution for alerting you of new pending posts from contributors and alerting contributors when their submissions …

80 No CVEs

Posts Visitors

posts-visitors

A plugin allows you to display how many times the post had been visited.

40 No CVEs

Home Badges

home-badges

Quickly access your Blog and Home page in the Wordpress Admin.

10 No CVEs

Developer Profile

Favicon Notifications Developer Profile

dilana

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Favicon Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/favicon-notifications/js/favico.js/wp-content/plugins/favicon-notifications/js/favicon.js/wp-content/plugins/favicon-notifications/js/colpick.js/wp-content/plugins/favicon-notifications/js/admin-favico.js/wp-content/plugins/favicon-notifications/css/colpick.css

Script Paths

Version Parameters

favicon-notifications/js/favico.js?ver=favicon-notifications/js/favicon.js?ver=favicon-notifications/js/colpick.js?ver=favicon-notifications/js/admin-favico.js?ver=favicon-notifications/css/colpick.css

HTML / DOM Fingerprints

JS Globals

wp_favicon

FAQ