Does pd Android FCM Push Notification have any unpatched vulnerabilities?

No. All known vulnerabilities in pd Android FCM Push Notification have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is pd Android FCM Push Notification compatible with WordPress 5.5.18?

According to WordPress.org data, pd Android FCM Push Notification 1.1.8 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is pd Android FCM Push Notification compatible with PHP 5.6+?

pd Android FCM Push Notification requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is pd Android FCM Push Notification updated?

pd Android FCM Push Notification was last updated on Unknown. Frequent updates are generally a positive security signal.

What is pd Android FCM Push Notification's security score?

pd Android FCM Push Notification has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

pd Android FCM Push Notification Security & Risk Analysis

wordpress.org/plugins/pd-android-fcm

pd Android FCM Push Notification is a plugin through which you can send push notifications directly from your WordPress site to android devices via Fi …

20 active installs v1.1.8 PHP 5.6+ WP 4.0+ Updated Unknown

android-push-notificationfcmgoogle-firebase-cloud-messaging-servicepush-notificationsend-push-notification-from-wordpress-site-to-android-devices

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is pd Android FCM Push Notification Safe to Use in 2026?

Generally Safe

Score 100/100

pd Android FCM Push Notification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "pd-android-fcm" plugin v1.1.8 exhibits significant security concerns due to a high number of unprotected entry points, presenting a broad attack surface. The static analysis reveals that both of its AJAX handlers and both of its REST API routes lack proper authentication or permission checks. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure. While the plugin does not appear to use dangerous functions, has no file operations, and makes only one external HTTP request, the lack of nonces on AJAX handlers is a notable omission, increasing the risk of Cross-Site Request Forgery (CSRF) attacks. The output escaping is also mediocre at 51%, which could lead to Cross-Site Scripting (XSS) vulnerabilities in certain scenarios. The vulnerability history is clean, with no recorded CVEs. This could indicate either diligent security practices or simply a lack of prior comprehensive auditing. However, the current static analysis findings strongly suggest areas that require immediate attention to mitigate potential security risks.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Missing nonce checks on AJAX
Low output escaping rate

Vulnerabilities

None known

pd Android FCM Push Notification Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

pd Android FCM Push Notification Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

60% prepared10 total queries

Output Escaping

51% escaped37 total outputs

Attack Surface

4 unprotected

pd Android FCM Push Notification Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 2

authwp_ajax_generate_pd_fcm_apiajax\generate_api.php:3

noprivwp_ajax_generate_pd_fcm_apiajax\generate_api.php:4

REST API Routes 2

GET/wp-json/pd/fcm/subscribe/wp_api\api-subscribe.php:25

GET/wp-json/pd/fcm/unsubscribe/wp_api\api-unsubscribe.php:25

WordPress Hooks 28

actioninitfunctions\func_add_taxonomy.php:3

actionpublish_postfunctions\func_fcm_publish.php:27

actionpublish_pdandroidfcm_msgfunctions\func_fcm_publish.php:33

actionadmin_initfunctions\func_fcm_publish.php:38

actionregistered_taxonomyfunctions\func_fcm_publish.php:90

actionadmin_menufunctions\func_misc.php:24

filterbulk_actions-edit-pdandroidfcmfunctions\func_misc.php:33

actionadmin_headfunctions\func_misc.php:42

filteradmin_footer_textfunctions\func_misc.php:54

actioninitfunctions\func_pd_fcm_table.php:118

actiondelete_postfunctions\func_pd_fcm_table.php:120

actioncurrent_screenfunctions\func_rename.php:15

filtergettextfunctions\func_rename.php:23

actionadmin_menupages.php:24

actioninitpd-android-fcm.php:49

actioninitpd-android-fcm.php:50

actioninitpd-android-fcm.php:51

filtermanage_pdandroidfcm_posts_columnspd-android-fcm.php:53

actionmanage_pdandroidfcm_posts_custom_columnpd-android-fcm.php:54

actionmanage_edit-pdandroidfcm_sortable_columnspd-android-fcm.php:55

actionadd_meta_boxespd-android-fcm.php:58

filterplugin_action_linkspd-android-fcm.php:60

filterbulk_actions-edit-postpd-android-fcm.php:61

filterpost_row_actionspd-android-fcm.php:63

actionadmin_footerpd-android-fcm.php:65

actionadmin_initsettings.php:45

actionrest_api_initwp_api\api-subscribe.php:20

actionrest_api_initwp_api\api-unsubscribe.php:20

Maintenance & Trust

pd Android FCM Push Notification Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedUnknown

PHP min version5.6

Downloads73K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

pd Android FCM Push Notification Alternatives

RollerAds – Web Push Notifications

rollerads

RollerAds - clear and flexible web-push service for webmasters. Push notifications are successfully used to send promotional content, user information …

100 No CVEs