WP-Safety

Gravitec.net – Web Push Notifications Security & Risk Analysis

wordpress.org/plugins/gravitec-net-web-push-notifications

Easy-to-use and smart push notifications for your website. Increase subscriptions and repeat visits with minimal effort.

1K active installs v2.9.19 PHP + WP 3.8+ Updated Feb 5, 2026
chrome-pushpush-notificationpush-notificationsweb-pushweb-push-notifications
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 6, 2025
Plugin page Download
Safety Verdict

Is Gravitec.net – Web Push Notifications Safe to Use in 2026?

Generally Safe

Score 99/100

Gravitec.net – Web Push Notifications has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 6, 2025Updated 1mo ago
Risk Assessment

The gravitec-net-web-push-notifications plugin v2.9.19 exhibits a generally strong security posture, with excellent adherence to best practices in output escaping and prepared SQL statements. The static analysis reveals a minimal attack surface consisting of a single AJAX handler, which is fortunately protected by authentication checks. Taint analysis also indicates no critical or high-severity vulnerabilities related to unsanitized data flows. However, the plugin does have a history of known vulnerabilities, specifically one medium-severity CVE in its past. While currently unpatched CVEs are zero, this history suggests a need for continued vigilance and timely updates. The plugin's use of external HTTP requests and a cron event, while not inherently insecure, are potential areas to monitor for future issues if not carefully implemented.

Overall, the plugin demonstrates good security hygiene with effective sanitization and authorization checks on its entry points. The lack of critical findings in static and taint analysis is a positive sign. The primary area for concern lies in its historical vulnerability record, which, despite being resolved in the current version, necessitates ongoing monitoring and prompt patching of any future discovered flaws to maintain a robust security profile.

Key Concerns

  • Medium severity CVE in vulnerability history
  • External HTTP requests present
  • Cron event present
Vulnerabilities
1

Gravitec.net – Web Push Notifications Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-62869medium · 4.3Missing Authorization

Gravitec.net – Web Push Notifications <= 2.9.17 - Missing Authorization

Dec 6, 2025 Patched in 2.9.18 (32d)
Code Analysis
Analyzed Mar 16, 2026

Gravitec.net – Web Push Notifications Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
6 prepared
Unescaped Output
3
223 escaped
Nonce Checks
3
Capability Checks
6
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

86% prepared7 total queries

Output Escaping

99% escaped226 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-gravitecnet-admin> (admin\class-gravitecnet-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gravitec.net – Web Push Notifications Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_show_noticeadmin\class-gravitecnet-admin.php:43
WordPress Hooks 27
actionadmin_enqueue_scriptsadmin\class-gravitecnet-admin.php:27
actionadmin_menuadmin\class-gravitecnet-admin.php:145
actionadmin_initadmin\class-gravitecnet-admin.php:147
actionsave_postadmin\class-gravitecnet-admin.php:148
actiontransition_post_statusadmin\class-gravitecnet-admin.php:149
actionwp_footeradmin\class-gravitecnet-admin.php:154
actionwoocommerce_add_to_cartadmin\class-gravitecnet-admin.php:155
actionwoocommerce_cart_item_removedadmin\class-gravitecnet-admin.php:156
actionwoocommerce_cart_item_restoredadmin\class-gravitecnet-admin.php:157
actionwoocommerce_after_calculate_totalsadmin\class-gravitecnet-admin.php:158
actionwoocommerce_thankyouadmin\class-gravitecnet-admin.php:159
filtercron_schedulesadmin\class-gravitecnet-admin.php:163
actionwpadmin\class-gravitecnet-admin.php:164
actiongravitecnet_abandoned_cartadmin\class-gravitecnet-admin.php:165
actiontransition_post_statusadmin\class-gravitecnet-admin.php:167
actionadd_meta_boxesadmin\class-gravitecnet-admin.php:168
actionwp_footeradmin\class-gravitecnet-admin.php:171
actionadd_meta_boxesadmin\class-gravitecnet-admin.php:172
actionadmin_noticesadmin\class-gravitecnet-admin.php:222
actionwoocommerce_product_options_general_product_dataadmin\class-gravitecnet-admin.php:586
actionafter_setup_themegravitecnet.php:119
actioninitgravitecnet.php:134
actionplugins_loadedincludes\class-gravitecnet.php:164
actionadmin_enqueue_scriptsincludes\class-gravitecnet.php:183
actionadmin_enqueue_scriptsincludes\class-gravitecnet.php:184
actionwp_enqueue_scriptsincludes\class-gravitecnet.php:203
actionwp_enqueue_scriptsincludes\class-gravitecnet.php:204

Scheduled Events 1

gravitecnet_abandoned_cart
Maintenance & Trust

Gravitec.net – Web Push Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 5, 2026
PHP min version
Downloads59K

Community Trust

Rating88/100
Number of ratings21
Active installs1K
Alternatives

Gravitec.net – Web Push Notifications Alternatives

Web Push Notifications by Aimtell

Web Push Notifications by Aimtell

aimtell-web-push-notifications

A
100

Aimtell enables users to re-engage their website visitors with highly targeted mobile & desktop web push notifications.

60 No CVEs
Push Notifications For Web

Push Notifications For Web

push-notifications-for-web

A
100

Free, fastest growing & lightweight plugin for Web Push Notifications. Add Free browser push notifications to your WordPress.

10 No CVEs
PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

pushengage

A
100

Send order updates, recover abandoned carts, and boost retention with push notifications, WhatsApp automation + multichannel Chat widget.

10K No CVEs
Web Push Notifications – Webpushr

Web Push Notifications – Webpushr

webpushr-web-push-notifications

A
92

Fastest growing & lightweight plugin for Web Push Notifications. Add browser push notifications to your WordPress & WooCommerce site.

10K 4 CVEs
Perfecty Push Notifications

Perfecty Push Notifications

perfecty-push-notifications

A
100

Push Notifications that are self-hosted, you don't need API keys to integrate with external Push Notifications providers that will charge you lat &hellip;

5K No CVEs
Developer Profile

Gravitec.net – Web Push Notifications Developer Profile

Gravitec.net - Web Push Notifications

1 plugin · 1K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
32 days
View full developer profile
Detection Fingerprints

How We Detect Gravitec.net – Web Push Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravitec-net-web-push-notifications/notice.js/wp-content/plugins/gravitec-net-web-push-notifications/build/index.js/wp-content/plugins/gravitec-net-web-push-notifications/build/index.asset.php/wp-content/plugins/gravitec-net-web-push-notifications/assets/css/gravitec-admin.css/wp-content/plugins/gravitec-net-web-push-notifications/assets/js/gravitec-admin.js
Script Paths
/wp-content/plugins/gravitec-net-web-push-notifications/notice.js/wp-content/plugins/gravitec-net-web-push-notifications/build/index.js/wp-content/plugins/gravitec-net-web-push-notifications/assets/js/gravitec-admin.js
Version Parameters
gravitec-net-web-push-notifications/notice.js?ver=gravitec-net-web-push-notifications/build/index.js?ver=gravitec-net-web-push-notifications/build/index.asset.php?ver=gravitec-net-web-push-notifications/assets/css/gravitec-admin.css?ver=gravitec-net-web-push-notifications/assets/js/gravitec-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
gravitec-contentgravitec-admin-wrapgravitec-button-activegravitec-button-inactivegravitec-spinnergravitec-tooltip
HTML Comments
Gravitec.netGravitecnetFor Gravitec developers: replace cdn domain to test domain.Check if current user can edit this post+3 more
Data Attributes
data-gravitecdata-gravitec-iddata-gravitec-buttondata-gravitec-subscribe
JS Globals
gravitecnet_paramsajax_objectgravitec_paramsgravitec
REST Endpoints
/wp-json/gravitecnet/v1/settings/wp-json/gravitecnet/v1/subscribe
Shortcode Output
[gravitec_subscribe_button][gravitec_notification][gravitec_unsubscribe]
FAQ

Frequently Asked Questions about Gravitec.net – Web Push Notifications