WP-Safety

Send Notifications from Woocommerce, Form Plugins and More! Security & Risk Analysis

wordpress.org/plugins/notifier

WhatsApp API integration to send WhatsApp notifications from Woocommerce, Contact Form 7, Gravity Forms, WPForms & more.

1K active installs v2.7.13 PHP 7.4+ WP 5.7+ Updated Feb 6, 2026
whatsappwhatsapp-apiwhatsapp-chatwhatsapp-notificationwoocommerce-whatsapp
54
C · Use Caution
CVEs total3
Unpatched2
Last CVEJan 20, 2026
Plugin page Download
Safety Verdict

Is Send Notifications from Woocommerce, Form Plugins and More! Safe to Use in 2026?

Use With Caution

Score 54/100

Send Notifications from Woocommerce, Form Plugins and More! has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

3 known CVEs 2 unpatched Last CVE: Jan 20, 2026Updated 1mo ago
Risk Assessment

The 'notifier' plugin version 2.7.13 exhibits a mixed security posture. While it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, there are concerning signals. The presence of unsanitized paths in the taint analysis, particularly a high-severity flow, is a significant risk. This indicates a potential for attackers to manipulate file paths or other inputs that are not adequately validated, which could lead to various security issues like unauthorized file access or manipulation.

The vulnerability history for 'notifier' is a major concern, with three known CVEs, two of which remain unpatched. The common vulnerability types, Missing Authorization and Cross-site Scripting (XSS), directly correlate with the potential risks identified in the static analysis, especially the unsanitized path flow. The fact that the last vulnerability was dated in the future (2026-01-20) is likely a data anomaly but the historical trend of past vulnerabilities is concerning. The plugin's attack surface, while protected by authorization checks for its AJAX handlers, still presents entry points that, when combined with past vulnerabilities and current taint analysis findings, warrant careful consideration.

In conclusion, 'notifier' v2.7.13 has strengths in its SQL and output handling but suffers from critical weaknesses. The unpatched vulnerabilities and the identified unsanitized path flow represent immediate threats. Users of this plugin should be aware of the historical and current risks and prioritize updating to a version that addresses these issues, if available, or consider alternatives. The plugin's historical pattern of authorization and XSS vulnerabilities, coupled with the current taint analysis, suggests a recurring need for diligent security auditing and patching.

Key Concerns

  • Unpatched CVEs
  • High severity taint flow with unsanitized path
  • Bundled library (Select2) without version check
Vulnerabilities
3

Send Notifications from Woocommerce, Form Plugins and More! Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025 · unpatched
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-68020medium · 5.3Missing Authorization

WANotifier <= 2.7.12 - Missing Authorization

Jan 20, 2026Unpatched
CVE-2025-49976medium · 4.3Missing Authorization

WANotifier <= 2.7.7 - Missing Authorization

Jun 19, 2025Unpatched
CVE-2024-6165medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WANotifier – Send Message Notifications Using WhatsApp API <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 10, 2024 Patched in 2.6.1 (24d)
Code Analysis
Analyzed Mar 16, 2026

Send Notifications from Woocommerce, Form Plugins and More! Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
23 prepared
Unescaped Output
23
289 escaped
Nonce Checks
8
Capability Checks
5
File Operations
2
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

92% prepared25 total queries

Output Escaping

93% escaped312 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

9 flows1 with unsanitized paths
handle_webhook_validation_form (includes\classes\class-notifier-dashboard.php:42)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Send Notifications from Woocommerce, Form Plugins and More! Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_notifier_change_trigger_statusincludes\classes\class-notifier-notification-triggers.php:24
authwp_ajax_notifier_fetch_trigger_fieldsincludes\classes\class-notifier-notification-triggers.php:25
authwp_ajax_notifier_preview_btn_styleincludes\classes\class-notifier-settings.php:16
authwp_ajax_fetch_activity_logs_by_dateincludes\classes\class-notifier-tools.php:15
authwp_ajax_notifier_save_cart_abandonment_dataincludes\classes\integrations\class-notifier-woocommerce.php:22
noprivwp_ajax_notifier_save_cart_abandonment_dataincludes\classes\integrations\class-notifier-woocommerce.php:23
WordPress Hooks 65
actionafter_setup_themeincludes\class-notifier.php:85
actionafter_setup_themeincludes\class-notifier.php:86
actionafter_setup_themeincludes\class-notifier.php:87
actionafter_setup_themeincludes\class-notifier.php:88
actionafter_setup_themeincludes\class-notifier.php:89
actionafter_setup_themeincludes\class-notifier.php:90
actionadmin_enqueue_scriptsincludes\class-notifier.php:91
actionwp_enqueue_scriptsincludes\class-notifier.php:92
actionin_admin_headerincludes\class-notifier.php:93
actionafter_setup_themeincludes\class-notifier.php:95
actionafter_setup_themeincludes\class-notifier.php:96
actionwp_loadedincludes\class-notifier.php:98
actionnotifier_clean_old_logsincludes\class-notifier.php:99
actionwp_loadedincludes\class-notifier.php:101
actionadmin_noticesincludes\classes\class-notifier-admin-notices.php:22
actionadmin_noticesincludes\classes\class-notifier-admin-notices.php:36
actionadmin_menuincludes\classes\class-notifier-dashboard.php:13
actionadmin_initincludes\classes\class-notifier-dashboard.php:14
actionwp_footerincludes\classes\class-notifier-frontend.php:11
filternotifier_notification_merge_tagsincludes\classes\class-notifier-notification-merge-tags.php:18
filternotifier_notification_merge_tagsincludes\classes\class-notifier-notification-merge-tags.php:19
filternotifier_notification_merge_tagsincludes\classes\class-notifier-notification-merge-tags.php:20
filternotifier_notification_merge_tagsincludes\classes\class-notifier-notification-merge-tags.php:21
filternotifier_notification_recipient_fieldsincludes\classes\class-notifier-notification-merge-tags.php:22
filternotifier_notification_recipient_fieldsincludes\classes\class-notifier-notification-merge-tags.php:23
filterinitincludes\classes\class-notifier-notification-triggers.php:13
actionadmin_menuincludes\classes\class-notifier-notification-triggers.php:14
actioninitincludes\classes\class-notifier-notification-triggers.php:15
actionadd_meta_boxesincludes\classes\class-notifier-notification-triggers.php:16
actionpost_submitbox_minor_actionsincludes\classes\class-notifier-notification-triggers.php:17
actionsave_post_wa_notifier_triggerincludes\classes\class-notifier-notification-triggers.php:18
filterbulk_actions-wa_notifier_triggerincludes\classes\class-notifier-notification-triggers.php:19
filterpost_row_actionsincludes\classes\class-notifier-notification-triggers.php:20
filtergettextincludes\classes\class-notifier-notification-triggers.php:21
filterpost_updated_messagesincludes\classes\class-notifier-notification-triggers.php:22
filterenter_title_hereincludes\classes\class-notifier-notification-triggers.php:23
filtermanage_wa_notifier_trigger_posts_columnsincludes\classes\class-notifier-notification-triggers.php:26
actionmanage_wa_notifier_trigger_posts_custom_columnincludes\classes\class-notifier-notification-triggers.php:27
actionnotifier_send_trigger_requestincludes\classes\class-notifier-notification-triggers.php:28
actionadmin_menuincludes\classes\class-notifier-settings.php:13
actionadmin_initincludes\classes\class-notifier-settings.php:14
actionadmin_initincludes\classes\class-notifier-settings.php:15
actionadmin_menuincludes\classes\class-notifier-tools.php:13
actionadmin_initincludes\classes\class-notifier-tools.php:14
filternotifier_notification_triggersincludes\classes\integrations\class-notifier-cf7.php:13
filternotifier_notification_triggersincludes\classes\integrations\class-notifier-fluentforms.php:13
filternotifier_notification_triggersincludes\classes\integrations\class-notifier-formidable.php:13
filternotifier_notification_triggersincludes\classes\integrations\class-notifier-gravityforms.php:13
filternotifier_notification_triggersincludes\classes\integrations\class-notifier-ninjaforms.php:13
filternotifier_notification_triggersincludes\classes\integrations\class-notifier-wcar.php:13
filternotifier_notification_merge_tagsincludes\classes\integrations\class-notifier-wcar.php:14
filternotifier_notification_recipient_fieldsincludes\classes\integrations\class-notifier-wcar.php:15
filternotifier_notification_triggersincludes\classes\integrations\class-notifier-woocommerce.php:13
filternotifier_notification_merge_tagsincludes\classes\integrations\class-notifier-woocommerce.php:14
filternotifier_notification_recipient_fieldsincludes\classes\integrations\class-notifier-woocommerce.php:15
actionwoocommerce_review_order_before_submitincludes\classes\integrations\class-notifier-woocommerce.php:16
actionwoocommerce_checkout_update_order_metaincludes\classes\integrations\class-notifier-woocommerce.php:17
actionadd_meta_boxesincludes\classes\integrations\class-notifier-woocommerce.php:18
actionwoocommerce_admin_order_data_after_billing_addressincludes\classes\integrations\class-notifier-woocommerce.php:19
actionwoocommerce_process_shop_order_metaincludes\classes\integrations\class-notifier-woocommerce.php:20
actionwoocommerce_cart_updatedincludes\classes\integrations\class-notifier-woocommerce.php:24
actionnotifier_check_cart_abandonmentincludes\classes\integrations\class-notifier-woocommerce.php:25
actionwoocommerce_new_orderincludes\classes\integrations\class-notifier-woocommerce.php:27
actionwpincludes\classes\integrations\class-notifier-woocommerce.php:29
filternotifier_notification_triggersincludes\classes\integrations\class-notifier-wpforms.php:13
Maintenance & Trust

Send Notifications from Woocommerce, Form Plugins and More! Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 6, 2026
PHP min version7.4
Downloads33K

Community Trust

Rating94/100
Number of ratings13
Active installs1K
Alternatives

Send Notifications from Woocommerce, Form Plugins and More! Alternatives

Notiqoo – Order Notification & Customer Chat for WooCommerce

Notiqoo – Order Notification & Customer Chat for WooCommerce

wc-messaging

A
100

Send WooCommerce WhatsApp notifications via official WhatsApp API for instant order updates, customer chat, and abandoned cart recovery

800 No CVEs
Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Social Chat – Click To Chat App Button

Social Chat – Click To Chat App Button

wp-whatsapp-chat

A
100

WhatsApp Chat🔥 allows you to enhance customer engagement! Integrate "WhatsApp" or "WhatsApp Business" with a single click.

200K 1 CVE
WP Chat App

WP Chat App

wp-whatsapp

A
97

Integrate WhatsApp experience directly into your WordPress website.

100K 6 CVEs
OneClick Chat to Order

OneClick Chat to Order

oneclick-whatsapp-order

A
92

Transform your WooCommerce store with seamless WhatsApp integration. Enable customers to order products instantly via WhatsApp with enhanced features.

40K 6 CVEs
Developer Profile

Send Notifications from Woocommerce, Form Plugins and More! Developer Profile

WANotifier

1 plugin · 1K total installs

62
trust score
Avg Security Score
54/100
Avg Patch Time
24 days
View full developer profile
Detection Fingerprints

How We Detect Send Notifications from Woocommerce, Form Plugins and More!

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/notifier/assets/js/select2.min.js/wp-content/plugins/notifier/assets/js/admin.js/wp-content/plugins/notifier/assets/css/admin.css/wp-content/plugins/notifier/assets/css/frontend.css
Script Paths
/wp-content/plugins/notifier/assets/js/select2.min.js/wp-content/plugins/notifier/assets/js/admin.js
Version Parameters
notifier/assets/js/select2.min.js?ver=notifier/assets/js/admin.js?ver=notifier/assets/css/admin.css?ver=notifier/assets/css/frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes
notifier-modal-contentnotifier-modal-headernotifier-modal-bodynotifier-modal-footernotifier-titlenotifier-settings-sectionnotifier-switchnotifier-input-field+15 more
HTML Comments
<!-- Start of Notifier Settings --><!-- End of Notifier Settings --><!-- Start of Notifier Activity Log --><!-- End of Notifier Activity Log -->+7 more
Data Attributes
data-notifier-modal-targetdata-notifier-modal-closedata-notifier-trigger-iddata-notifier-trigger-status
JS Globals
notifierObj
REST Endpoints
/wp-json/notifier/v1/settings/wp-json/notifier/v1/activity-logs/wp-json/notifier/v1/triggers
Shortcode Output
[notifier_settings][notifier_activity_log][notifier_dashboard][notifier_triggers]
FAQ

Frequently Asked Questions about Send Notifications from Woocommerce, Form Plugins and More!