Does Hey Notify have any unpatched vulnerabilities?

No. All known vulnerabilities in Hey Notify have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hey Notify compatible with WordPress 6.8.5?

According to WordPress.org data, Hey Notify 2.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Hey Notify compatible with PHP 7.2+?

Hey Notify requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hey Notify updated?

Hey Notify was last updated on Jun 27, 2025. Frequent updates are generally a positive security signal.

What is Hey Notify's security score?

Hey Notify has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hey Notify Security & Risk Analysis

wordpress.org/plugins/hey-notify

Get notified when things happen in WordPress.

200 active installs v2.1.1 PHP 7.2+ WP 4.3+ Updated Jun 27, 2025

alertdiscordemailnotificationsslack

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hey Notify Safe to Use in 2026?

Generally Safe

Score 100/100

Hey Notify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The "hey-notify" plugin v2.1.1 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a very high percentage of its outputs. It also shows a history of no known vulnerabilities, which is a strong indicator of a well-maintained and secure codebase. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced risk profile in these areas.

However, there are significant security concerns stemming from the static analysis. The plugin exposes three entry points via the REST API, all of which lack permission callbacks. This means any unauthenticated user can potentially interact with these endpoints, creating a considerable attack surface. While the taint analysis did not reveal any flows, the lack of proper authorization on these REST API routes is a critical oversight that could lead to unauthorized actions or data exposure if malicious input is crafted.

In conclusion, while the "hey-notify" plugin benefits from a clean vulnerability history and good internal coding practices like prepared statements and output escaping, the exposed and unprotected REST API routes represent a substantial risk. The plugin's total reliance on external WordPress authorization mechanisms for these critical entry points is a weakness that needs immediate attention. The absence of capability checks on these routes is a direct path for potential abuse.

Key Concerns

3 REST API routes without permission callbacks
3 total entry points, 3 unprotected
0 capability checks found

Vulnerabilities

None known

Hey Notify Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Hey Notify Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

130 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

98% escaped133 total outputs

Attack Surface

3 unprotected

Hey Notify Attack Surface

Entry Points3

Unprotected3

REST API Routes 3

POST/wp-json/heynotify/v1/cptrefreshincludes\rest-api.php:26

POST/wp-json/heynotify/v1/service_avatarincludes\rest-api.php:36

POST/wp-json/heynotify/v1/metabox/service_changeincludes\rest-api.php:46

WordPress Hooks 125

actionadmin_initincludes\admin\class-metabox.php:37

actionadmin_enqueue_scriptsincludes\admin\class-metabox.php:38

filterhey_notify_settings_page_tabsincludes\admin\class-page-tabs.php:27

filterhey_notify_settings_page_tabsincludes\admin\class-page-tabs.php:28

filterhey_notify_settings_page_actionsincludes\admin\class-page-tabs.php:29

actionadmin_menuincludes\admin\class-pages.php:27

actionadd_meta_boxesincludes\admin\metabox\class-builder.php:118

actionsave_postincludes\admin\metabox\class-builder.php:119

actionadmin_enqueue_scriptsincludes\admin\metabox\class-builder.php:120

actionadmin_initincludes\admin\settings\class-general.php:29

actionadmin_initincludes\admin\settings\class-licenses.php:29

actionadmin_initincludes\admin\settings\class-uninstall.php:29

filterhey_notify_event_typesincludes\class-event.php:68

filterhey_notify_event_actionsincludes\class-event.php:69

filterhey_notify_event_namesincludes\class-event.php:70

actioninitincludes\cpt.php:16

actionmanage_hey_notify_posts_custom_columnincludes\cpt.php:17

actionadmin_headincludes\cpt.php:18

actionadmin_menuincludes\cpt.php:19

actionadmin_noticesincludes\cpt.php:20

actionadmin_noticesincludes\cpt.php:21

filteruse_block_editor_for_post_typeincludes\cpt.php:24

filtergutenberg_can_edit_post_typeincludes\cpt.php:25

filtermanage_hey_notify_posts_columnsincludes\cpt.php:26

actioncomment_postincludes\events\comment\class-comment-event.php:85

actionauto-draft_to_draftincludes\events\cpt\class-cpt-event.php:117

actionfuture_to_draftincludes\events\cpt\class-cpt-event.php:118

actionnew_to_draftincludes\events\cpt\class-cpt-event.php:119

actionpending_to_draftincludes\events\cpt\class-cpt-event.php:120

actionprivate_to_draftincludes\events\cpt\class-cpt-event.php:121

actionpublish_to_draftincludes\events\cpt\class-cpt-event.php:122

actiontrash_to_draftincludes\events\cpt\class-cpt-event.php:123

actionauto-draft_to_publishincludes\events\cpt\class-cpt-event.php:126

actiondraft_to_publishincludes\events\cpt\class-cpt-event.php:127

actionfuture_to_publishincludes\events\cpt\class-cpt-event.php:128

actionnew_to_publishincludes\events\cpt\class-cpt-event.php:129

actionpending_to_publishincludes\events\cpt\class-cpt-event.php:130

actionprivate_to_publishincludes\events\cpt\class-cpt-event.php:131

actiontrash_to_publishincludes\events\cpt\class-cpt-event.php:132

actionauto-draft_to_futureincludes\events\cpt\class-cpt-event.php:135

actiondraft_to_futureincludes\events\cpt\class-cpt-event.php:136

actionnew_to_futureincludes\events\cpt\class-cpt-event.php:137

actionpending_to_futureincludes\events\cpt\class-cpt-event.php:138

actionprivate_to_futureincludes\events\cpt\class-cpt-event.php:139

actionpublish_to_futureincludes\events\cpt\class-cpt-event.php:140

actiontrash_to_futureincludes\events\cpt\class-cpt-event.php:141

actionauto-draft_to_pendingincludes\events\cpt\class-cpt-event.php:144

actiondraft_to_pendingincludes\events\cpt\class-cpt-event.php:145

actionfuture_to_pendingincludes\events\cpt\class-cpt-event.php:146

actionnew_to_pendingincludes\events\cpt\class-cpt-event.php:147

actionprivate_to_pendingincludes\events\cpt\class-cpt-event.php:148

actionpublish_to_pendingincludes\events\cpt\class-cpt-event.php:149

actiontrash_to_pendingincludes\events\cpt\class-cpt-event.php:150

actionpublish_to_publishincludes\events\cpt\class-cpt-event.php:153

actiontrashed_postincludes\events\cpt\class-cpt-event.php:156

actionauto-draft_to_draftincludes\events\page\class-page-event.php:90

actionfuture_to_draftincludes\events\page\class-page-event.php:91

actionnew_to_draftincludes\events\page\class-page-event.php:92

actionpending_to_draftincludes\events\page\class-page-event.php:93

actionprivate_to_draftincludes\events\page\class-page-event.php:94

actionpublish_to_draftincludes\events\page\class-page-event.php:95

actiontrash_to_draftincludes\events\page\class-page-event.php:96

actionauto-draft_to_publishincludes\events\page\class-page-event.php:99

actiondraft_to_publishincludes\events\page\class-page-event.php:100

actionfuture_to_publishincludes\events\page\class-page-event.php:101

actionnew_to_publishincludes\events\page\class-page-event.php:102

actionpending_to_publishincludes\events\page\class-page-event.php:103

actionprivate_to_publishincludes\events\page\class-page-event.php:104

actiontrash_to_publishincludes\events\page\class-page-event.php:105

actionauto-draft_to_futureincludes\events\page\class-page-event.php:108

actiondraft_to_futureincludes\events\page\class-page-event.php:109

actionnew_to_futureincludes\events\page\class-page-event.php:110

actionpending_to_futureincludes\events\page\class-page-event.php:111

actionprivate_to_futureincludes\events\page\class-page-event.php:112

actionpublish_to_futureincludes\events\page\class-page-event.php:113

actiontrash_to_futureincludes\events\page\class-page-event.php:114

actionauto-draft_to_pendingincludes\events\page\class-page-event.php:117

actiondraft_to_pendingincludes\events\page\class-page-event.php:118

actionfuture_to_pendingincludes\events\page\class-page-event.php:119

actionnew_to_pendingincludes\events\page\class-page-event.php:120

actionprivate_to_pendingincludes\events\page\class-page-event.php:121

actionpublish_to_pendingincludes\events\page\class-page-event.php:122

actiontrash_to_pendingincludes\events\page\class-page-event.php:123

actionpublish_to_publishincludes\events\page\class-page-event.php:126

actiontrashed_postincludes\events\page\class-page-event.php:129

actionauto-draft_to_draftincludes\events\post\class-post-event.php:91

actionfuture_to_draftincludes\events\post\class-post-event.php:92

actionnew_to_draftincludes\events\post\class-post-event.php:93

actionpending_to_draftincludes\events\post\class-post-event.php:94

actionprivate_to_draftincludes\events\post\class-post-event.php:95

actionpublish_to_draftincludes\events\post\class-post-event.php:96

actiontrash_to_draftincludes\events\post\class-post-event.php:97

actionauto-draft_to_publishincludes\events\post\class-post-event.php:100

actiondraft_to_publishincludes\events\post\class-post-event.php:101

actionfuture_to_publishincludes\events\post\class-post-event.php:102

actionnew_to_publishincludes\events\post\class-post-event.php:103

actionpending_to_publishincludes\events\post\class-post-event.php:104

actionprivate_to_publishincludes\events\post\class-post-event.php:105

actiontrash_to_publishincludes\events\post\class-post-event.php:106

actionauto-draft_to_futureincludes\events\post\class-post-event.php:109

actiondraft_to_futureincludes\events\post\class-post-event.php:110

actionnew_to_futureincludes\events\post\class-post-event.php:111

actionpending_to_futureincludes\events\post\class-post-event.php:112

actionprivate_to_futureincludes\events\post\class-post-event.php:113

actionpublish_to_futureincludes\events\post\class-post-event.php:114

actiontrash_to_futureincludes\events\post\class-post-event.php:115

actionauto-draft_to_pendingincludes\events\post\class-post-event.php:118

actiondraft_to_pendingincludes\events\post\class-post-event.php:119

actionfuture_to_pendingincludes\events\post\class-post-event.php:120

actionnew_to_pendingincludes\events\post\class-post-event.php:121

actionprivate_to_pendingincludes\events\post\class-post-event.php:122

actionpublish_to_pendingincludes\events\post\class-post-event.php:123

actiontrash_to_pendingincludes\events\post\class-post-event.php:124

actionpublish_to_publishincludes\events\post\class-post-event.php:127

actiontrashed_postincludes\events\post\class-post-event.php:130

actionuser_registerincludes\events\user\class-user-event.php:87

actionwp_loginincludes\events\user\class-user-event.php:90

actionwp_login_failedincludes\events\user\class-user-event.php:93

filterhey_notify_event_fieldsincludes\filters.php:16

actioninitincludes\languages.php:16

actionadmin_initincludes\licenses.php:16

actionplugins_loadedincludes\notifications.php:18

actionrest_api_initincludes\rest-api.php:18

actionadmin_enqueue_scriptsincludes\scripts.php:15

actioninitincludes\upgrades.php:16

Maintenance & Trust

Hey Notify Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 27, 2025

PHP min version7.2

Downloads6K

Community Trust

Rating100/100

Number of ratings5

Active installs200

Alternatives

Hey Notify Alternatives

Admin Backend and Update Helper

admin-backend-and-update-helper

100

Intelligent update management and system monitoring for WordPress.

0 No CVEs

Alertify – Back in Stock WooCommerce Alerts & Email Notifications

alertify

Alertify - Back in Stock WooCommerce Alerts & Email Notifications

0 No CVEs

Back In Stock Notifications

back-in-stock-notifications

100

Notify customers when your products are restocked.

0 No CVEs

Got A Sale – Order Notifications for WooCommerce

got-a-sale

100

Send WooCommerce order notifications to Telegram, Discord, and Slack instantly.

0 No CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Developer Profile

Hey Notify Developer Profile

FireTree Design

3 plugins · 310 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hey Notify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hey-notify/assets/css/metabox.css/wp-content/plugins/hey-notify/assets/js/metabox.js

Version Parameters

hey-notify/assets/css/metabox.css?ver=hey-notify/assets/js/metabox.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-hey-notify-servicedata-hey-notify-event

JS Globals

hey_notify_admin

REST Endpoints

/wp-json/hey-notify/v1/services/wp-json/hey-notify/v1/events/wp-json/hey-notify/v1/webhooks

FAQ

Hey Notify Security & Risk Analysis

Is Hey Notify Safe to Use in 2026?

Generally Safe

Key Concerns

Hey Notify Security Vulnerabilities

Hey Notify Code Analysis

SQL Query Safety

Output Escaping

Hey Notify Attack Surface

REST API Routes 3

Hey Notify Maintenance & Trust

Maintenance Signals

Community Trust

Hey Notify Alternatives

Admin Backend and Update Helper

Alertify – Back in Stock WooCommerce Alerts & Email Notifications

Back In Stock Notifications

Got A Sale – Order Notifications for WooCommerce

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Hey Notify Developer Profile

How We Detect Hey Notify

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Hey Notify