WP-Safety

Notification – Custom Notifications and Alerts for WordPress Security & Risk Analysis

wordpress.org/plugins/notification

Take full control of WordPress emails and notifications. Replace default messages, add custom triggers, and send alerts via email, webhook, Slack, and …

10K active installs v9.0.10 PHP 7.4+ WP 5.8+ Updated Mar 11, 2026
alertemailmailnotificationnotify
100
A · Safe
CVEs total1
Unpatched0
Last CVEOct 25, 2021
Download
Safety Verdict

Is Notification – Custom Notifications and Alerts for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Notification – Custom Notifications and Alerts for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 25, 2021Updated 23d ago
Risk Assessment

The "notification" plugin v9.0.10 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped output, a significant concern arises from its attack surface. All four identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated users to interact with potentially sensitive functionality. The absence of any critical or high-severity taint flows is a positive indicator, suggesting that sensitive data is generally handled with care within the codebase. However, the single known medium-severity vulnerability related to Cross-Site Scripting, though patched, indicates a historical tendency for input sanitization issues.

Despite the lack of unpatched CVEs and the generally good code hygiene in areas like SQL and output handling, the presence of unprotected AJAX endpoints is a critical weakness. This could allow for denial-of-service attacks or unauthorized actions if the AJAX handlers perform any operations that should be restricted. The plugin's strengths lie in its adherence to secure coding practices for database queries and output rendering. However, the significant number of unprotected entry points overshadows these strengths, making it a moderate risk due to potential abuse of the exposed AJAX functionality.

Key Concerns

  • 4 AJAX handlers without auth checks
  • 1 known medium severity CVE
Vulnerabilities
1

Notification – Custom Notifications and Alerts for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2021-39340medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 - Authenticated Stored Cross-Site Scripting

Oct 25, 2021 Patched in 8.0.0 (820d)
Code Analysis
Analyzed Mar 16, 2026

Notification – Custom Notifications and Alerts for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
29 prepared
Unescaped Output
20
399 escaped
Nonce Checks
16
Capability Checks
15
File Operations
5
External Requests
7
Bundled Libraries
0

SQL Query Safety

81% prepared36 total queries

Output Escaping

95% escaped419 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
exportRequest (src\Admin\ImportExport.php:63)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Notification – Custom Notifications and Alerts for WordPress Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_notification_import_jsoncompat\register-hooks.php:34
authwp_ajax_change_notification_statuscompat\register-hooks.php:50
authwp_ajax_get_merge_tags_for_triggercompat\register-hooks.php:78
authwp_ajax_notification_synccompat\register-hooks.php:84
WordPress Hooks 135
actionnotification/initcompat\register-hooks.php:15
filtercron_schedulescompat\register-hooks.php:16
actionadmin_initcompat\register-hooks.php:17
actionadmin_initcompat\register-hooks.php:18
actionnotification_check_licensescompat\register-hooks.php:19
actionnotification/initcompat\register-hooks.php:20
actionnotification/carrier/pre-sendcompat\register-hooks.php:21
actionadmin_menucompat\register-hooks.php:22
actionnotification/initcompat\register-hooks.php:23
actionnotification/initcompat\register-hooks.php:24
actionnotification/initcompat\register-hooks.php:25
actionnotification/initcompat\register-hooks.php:26
actionnotification/data/savedcompat\register-hooks.php:27
actiondelete_postcompat\register-hooks.php:28
actionnotification/trigger/registeredcompat\register-hooks.php:29
actionshutdowncompat\register-hooks.php:30
actionnotification_background_processingcompat\register-hooks.php:31
actionnotification/settings/registercompat\register-hooks.php:32
actionadmin_post_notification_exportcompat\register-hooks.php:33
actionnotification/settings/registercompat\register-hooks.php:35
actionnotification/settings/registercompat\register-hooks.php:36
actionnotification/settings/registercompat\register-hooks.php:37
actionnotification/settings/registercompat\register-hooks.php:38
filternotification/settings/triggers/valid_post_typescompat\register-hooks.php:39
filterwp_kses_allowed_htmlcompat\register-hooks.php:40
filterpost_row_actionscompat\register-hooks.php:41
actionadmin_post_notification_duplicatecompat\register-hooks.php:42
actioninitcompat\register-hooks.php:43
filterpost_updated_messagescompat\register-hooks.php:44
filterbulk_post_updated_messagescompat\register-hooks.php:45
filterviews_edit-notificationcompat\register-hooks.php:46
actionwp_trash_postcompat\register-hooks.php:47
actionafter_delete_postcompat\register-hooks.php:48
actionsave_post_notificationcompat\register-hooks.php:49
filtermanage_notification_posts_columnscompat\register-hooks.php:51
filtermanage_edit-notification_columnscompat\register-hooks.php:52
actionmanage_notification_posts_custom_columncompat\register-hooks.php:53
filterdisplay_post_statescompat\register-hooks.php:54
filterpost_row_actionscompat\register-hooks.php:55
filterpost_row_actionscompat\register-hooks.php:56
filterbulk_actions-edit-notificationcompat\register-hooks.php:57
filterhandle_bulk_actions-edit-notificationcompat\register-hooks.php:58
actionadmin_noticescompat\register-hooks.php:59
actionadmin_menucompat\register-hooks.php:60
actionadmin_initcompat\register-hooks.php:61
actionadmin_post_notification_activate_extensioncompat\register-hooks.php:62
actionadmin_post_notification_refresh_all_licensescompat\register-hooks.php:63
actionadmin_post_notification_deactivate_extensioncompat\register-hooks.php:64
actionadmin_noticescompat\register-hooks.php:65
actionadmin_noticescompat\register-hooks.php:66
actionnotification/admin/extensions/premium/precompat\register-hooks.php:67
actionadmin_enqueue_scriptscompat\register-hooks.php:68
actionload-post.phpcompat\register-hooks.php:69
actionedit_form_after_titlecompat\register-hooks.php:70
actionnotification/post/column/maincompat\register-hooks.php:71
actionnotification/post/column/maincompat\register-hooks.php:72
actionnotification/admin/carrierscompat\register-hooks.php:73
actionadd_meta_boxescompat\register-hooks.php:74
actionadd_meta_boxescompat\register-hooks.php:75
actionadd_meta_boxescompat\register-hooks.php:76
actioncurrent_screencompat\register-hooks.php:77
actionadmin_menucompat\register-hooks.php:79
actioncurrent_screencompat\register-hooks.php:80
actionadmin_post_save_notification_wizardcompat\register-hooks.php:81
actionadmin_post_save_notification_wizardcompat\register-hooks.php:82
actionnotification/settings/registercompat\register-hooks.php:83
actionnotification/settings/registercompat\register-hooks.php:85
actionadmin_noticescompat\register-hooks.php:86
actionadmin_post_notification_clear_logscompat\register-hooks.php:87
actionadd_meta_boxescompat\register-hooks.php:88
actionnotification/metabox/trigger/tags/groups/aftercompat\register-hooks.php:89
actionnotification/admin/metabox/save/postcompat\register-hooks.php:90
actionnotification/settings/registercompat\register-hooks.php:91
actionnotification/settings/section/triggers/beforecompat\register-hooks.php:92
actionnotification/settings/section/carriers/beforecompat\register-hooks.php:93
actionnotification/carrier/list/aftercompat\register-hooks.php:94
actionnotification/settings/sidebar/aftercompat\register-hooks.php:95
actionnotification/initcompat\register-hooks.php:96
filternotification/background_processing/trigger_keycompat\register-hooks.php:97
actionwp_insert_commentcompat\register-hooks.php:98
actioncomment_postcompat\register-hooks.php:99
actiontransition_comment_statuscompat\register-hooks.php:100
actionnotification/initcompat\register-hooks.php:101
filternotify_post_authorcompat\register-hooks.php:102
filternotify_moderatorcompat\register-hooks.php:103
actionnotification/initcompat\register-hooks.php:104
actionnotification/initcompat\register-hooks.php:105
actionnotification/initcompat\register-hooks.php:106
filtersend_site_admin_email_change_emailcompat\register-hooks.php:107
filtersend_password_change_emailcompat\register-hooks.php:108
filterretrieve_password_messagecompat\register-hooks.php:109
filtersend_email_change_emailcompat\register-hooks.php:110
filterauto_core_update_send_emailcompat\register-hooks.php:111
actionnotification/trigger/registeredcompat\register-hooks.php:112
actiontwo_factor_user_authenticatedcompat\register-hooks.php:113
actionrest_api_initcompat\register-hooks.php:114
actionadmin_noticescompat\register-hooks.php:115
actionadmin_noticescompat\register-hooks.php:116
filternotification/from/jsoncompat\register-hooks.php:117
filternotification/to/jsoncompat\register-hooks.php:118
filternotification/from/arraycompat\register-hooks.php:119
filternotification/to/arraycompat\register-hooks.php:120
filternotification/carrier/form/data/valuescompat\register-hooks.php:121
filtercontent_save_precompat\src-deprecated\Adapter\WordPress.php:132
actionnotification/settings/registercompat\src-deprecated\functions.php:605
actionadmin_noticesdependencies\micropackage\requirements\src\Requirements.php:267
actioninitload.php:19
filterfilesystem_methodnotification.php:136
actioninitnotification.php:138
filternotification/admin/allow_metabox/notification_savesrc\Admin\Screen.php:256
filternotification/admin/allow_metabox/notification_merge_tagssrc\Admin\Screen.php:303
filternotification/admin/allow_metabox/notification_conditionalssrc\Admin\Upsell.php:47
filternotification/load/default/triggerssrc\Core\Whitelabel.php:44
filternotification/upsellingsrc\Core\Whitelabel.php:62
filternotification/whitelabel/cpt/parentsrc\Core\Whitelabel.php:69
filternotification/whitelabel/extensionssrc\Core\Whitelabel.php:79
filternotification/whitelabel/settingssrc\Core\Whitelabel.php:87
filternotification/whitelabel/settings/accesssrc\Core\Whitelabel.php:98
actionregister_new_usersrc\Integration\WordPressEmails.php:34
actionedit_user_created_usersrc\Integration\WordPressEmails.php:35
actionnetwork_site_new_created_usersrc\Integration\WordPressEmails.php:41
actionnetwork_site_users_created_usersrc\Integration\WordPressEmails.php:42
actionnetwork_user_new_created_usersrc\Integration\WordPressEmails.php:43
filterwoocommerce_disable_password_change_notificationsrc\Integration\WordPressEmails.php:132
filternew_user_email_contentsrc\Integration\WordPressEmails.php:153
filternew_admin_email_contentsrc\Integration\WordPressEmails.php:179
actionnotification/trigger/merge_tagssrc\Register.php:181
filterwp_mail_content_typesrc\Repository\Carrier\Email.php:185
filterallow_password_resetsrc\Repository\Trigger\User\UserRegistered.php:126
filternotification/trigger/wordpress/user_password_reset_request/bail_for_registrationsrc\Repository\Trigger\User\UserRegistered.php:131
filterpre_set_site_transient_update_pluginssrc\Utils\EDDUpdater.php:101
filterplugins_apisrc\Utils\EDDUpdater.php:105
actionafter_plugin_rowsrc\Utils\EDDUpdater.php:111
actionadmin_initsrc\Utils\EDDUpdater.php:112
actionadmin_initsrc\Utils\Settings.php:90

Scheduled Events 2

notification_check_licenses
notification_background_processing
Maintenance & Trust

Notification – Custom Notifications and Alerts for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.4
Downloads402K

Community Trust

Rating92/100
Number of ratings124
Active installs10K
Alternatives

Notification – Custom Notifications and Alerts for WordPress Alternatives

Customize WordPress Emails and Alerts – Better Notifications for WP

Customize WordPress Emails and Alerts – Better Notifications for WP

bnfw

A
99

Supercharge your WordPress email notifications using a WYSIWYG editor and shortcodes. Default and new notifications available. Add-ons available.

30K 2 CVEs
Email Notification on Login

Email Notification on Login

email-notification-on-login

B
78

Receive an email after each successful login with the user information

1K 1 unpatched
Simple Login Notification

Simple Login Notification

simple-login-notification

A
100

Sends a notification email when admins and other users log in to your site.

1K No CVEs
Post Status Notifier Lite

Post Status Notifier Lite

post-status-notifier-lite

A
90

Notify on every post change: Flexible rules, custom placeholders and support for all post types and taxonomies.

800 3 CVEs
Email notification on admin login

Email notification on admin login

email-notification-on-admin-login

A
85

Sends an email to a pointed email address when an admin user logs in

200 No CVEs
Developer Profile

Notification – Custom Notifications and Alerts for WordPress Developer Profile

Kuba Mikita

9 plugins · 51K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
237 days
View full developer profile
Detection Fingerprints

How We Detect Notification – Custom Notifications and Alerts for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/notification/resources/js/dist/scripts.js/wp-content/plugins/notification/resources/css/dist/style.css
Script Paths
/wp-content/plugins/notification/resources/js/dist/scripts.js

HTML / DOM Fingerprints

CSS Classes
notification-fieldnotification-code-editor-field
Data Attributes
data-settings
JS Globals
notification
REST Endpoints
/notification/v1/repeater-field/select//notification/v1/repeater-field//notification/v1/section-repeater-field/
FAQ

Frequently Asked Questions about Notification – Custom Notifications and Alerts for WordPress