Does iZooto – Web Push Notifications have any unpatched vulnerabilities?

No. All known vulnerabilities in iZooto – Web Push Notifications have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is iZooto – Web Push Notifications compatible with WordPress 6.9.4?

According to WordPress.org data, iZooto – Web Push Notifications 3.7.20 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is iZooto – Web Push Notifications updated?

iZooto – Web Push Notifications was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is iZooto – Web Push Notifications's security score?

iZooto – Web Push Notifications has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iZooto – Web Push Notifications Security & Risk Analysis

wordpress.org/plugins/izooto-web-push

Engage your audience and drive repeat traffic by delivering relevant and personalized push notifications - across web browsers, Android, iOS and Messe …

1K active installs v3.7.20 PHP + WP 3.0.1+ Updated Jan 20, 2026

app-push-notificationsbrowser-push-notificationsmessenger-push-notificationspush-notificationsweb-push-notifications

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is iZooto – Web Push Notifications Safe to Use in 2026?

Generally Safe

Score 100/100

iZooto – Web Push Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The izooto-web-push plugin v3.7.20 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and a high percentage of properly escaped output, there are significant concerns regarding its attack surface and lack of authentication checks.

The static analysis reveals one AJAX handler that lacks any authentication checks, presenting a direct entry point for potential malicious activity. Although taint analysis did not uncover critical or high severity vulnerabilities, the two identified flows with unsanitized paths are concerning and warrant further investigation, especially in conjunction with the unprotected AJAX handler. The absence of capability checks and the presence of external HTTP requests also add to the potential attack vectors.

The plugin's vulnerability history is remarkably clean, with no known CVEs. This lack of past issues is a positive indicator, suggesting either a strong development focus on security or limited exposure to sophisticated attacks. However, the presence of unprotected entry points in the current version means that this clean history could be a temporary state. Overall, the plugin has strengths in its handling of SQL and output, but the unprotected AJAX handler and unsanitized paths represent tangible risks that need to be addressed.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths detected
Missing capability checks

Vulnerabilities

None known

iZooto – Web Push Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

iZooto – Web Push Notifications Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

88% escaped59 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

izooto_curl_request (includes\class-izwoocommeventshelper.php:210)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

iZooto – Web Push Notifications Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_error_alertincludes\class-init.php:325

WordPress Hooks 16

actioninitincludes\admin.php:12

actionadmin_menuincludes\admin.php:13

actionadmin_enqueue_scriptsincludes\admin.php:14

actionadmin_noticesincludes\izootometa.php:19

actionadd_meta_boxesincludes\izootometa.php:421

actionsave_postincludes\izootometa.php:424

actionadmin_initincludes\izootometa.php:426

actiontransition_post_statusincludes\izootometa.php:429

filterquery_varsincludes\izootosdk.php:105

actionwp_headincludes\izootosdk.php:106

actionwp_footerincludes\izootosdk.php:107

actionparse_requestincludes\izootosdk.php:108

actionwoocommerce_add_to_cartincludes\izwoocommevents.php:233

actionwoocommerce_thankyouincludes\izwoocommevents.php:236

actionwoocommerce_after_single_productincludes\izwoocommevents.php:239

actionwoocommerce_after_main_contentincludes\izwoocommevents.php:242

Maintenance & Trust

iZooto – Web Push Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 20, 2026

PHP min version

Downloads59K

Community Trust

Rating100/100

Number of ratings4

Active installs1K

Alternatives

iZooto – Web Push Notifications Alternatives

RollerAds – Web Push Notifications

rollerads

RollerAds - clear and flexible web-push service for webmasters. Push notifications are successfully used to send promotional content, user information …

100 No CVEs

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

pushengage

100

Send order updates, recover abandoned carts, and boost retention with push notifications, WhatsApp automation + multichannel Chat widget.

10K No CVEs

Web Push Notifications – Webpushr

webpushr-web-push-notifications

Fastest growing & lightweight plugin for Web Push Notifications. Add browser push notifications to your WordPress & WooCommerce site.

10K 4 CVEs

Perfecty Push Notifications

perfecty-push-notifications

100

Push Notifications that are self-hosted, you don't need API keys to integrate with external Push Notifications providers that will charge you lat …

5K No CVEs

Gravitec.net – Web Push Notifications

gravitec-net-web-push-notifications

Easy-to-use and smart push notifications for your website. Increase subscriptions and repeat visits with minimal effort.

1K 1 CVE

Developer Profile

iZooto – Web Push Notifications Developer Profile

shrikantkale

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect iZooto – Web Push Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/izooto-web-push/assets/css/unminified/admin_style.css/wp-content/plugins/izooto-web-push/assets/css/unminified/iznotify_style.css/wp-content/plugins/izooto-web-push/assets/js/unminified/admin_init.js/wp-content/plugins/izooto-web-push/assets/js/unminified/cookies.js/wp-content/plugins/izooto-web-push/assets/js/unminified/iznotify_editor_script.js/wp-content/plugins/izooto-web-push/assets/js/unminified/iznotify_script.js

Script Paths

https://fonts.googleapis.com/icon?family=Material+Icons

HTML / DOM Fingerprints

CSS Classes

izooto-wordpressizooto-logoshadow-cardcard-container-heightsection-twoizooto-footerform-control

HTML Comments

+4 more

Data Attributes

id="token"name="token"id="edit-token"id="tokensubmit"name="tokensubmit"id="freshUser"+1 more

JS Globals

params

FAQ