WP-Safety

Push Notifications for WP – Self Hosted Web Push Notifications Security & Risk Analysis

wordpress.org/plugins/push-notification

Push Notifications for WP - Self Hosted Web Push Notifications makes it easy to send Web Push notifications to your users for FREE with 2 minutes setu …

6K active installs v1.48 PHP 5.6.20+ WP 3.0+ Updated Feb 2, 2026
desktop-notificationsmobile-notificationpushpush-notificationweb-push
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Push Notifications for WP – Self Hosted Web Push Notifications Safe to Use in 2026?

Generally Safe

Score 100/100

Push Notifications for WP – Self Hosted Web Push Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "push-notification" plugin v1.48 presents a generally good security posture with a notable absence of known historical vulnerabilities and a robust implementation of security best practices in its code. The plugin demonstrates strong adherence to WordPress security standards by implementing nonce checks and capability checks on all its AJAX handlers and having no unprotected entry points. Furthermore, the SQL query preparation is reasonably high, with 75% using prepared statements, and a significant majority of output is properly escaped, mitigating common injection and XSS risks. The presence of bundled Select2, while not inherently a security flaw, is a point to monitor for potential outdated versions in future analyses. However, the taint analysis reveals two flows with unsanitized paths, which, despite not being classified as critical or high severity in this report, represent a potential risk. These unsanitized paths should be investigated and addressed to ensure complete security. The plugin's history of zero CVEs is highly encouraging and suggests a diligent development team. Overall, the plugin is well-secured, with the taint analysis being the primary area requiring attention to achieve a truly secure state.

Key Concerns

  • Taint flows with unsanitized paths (High severity)
  • SQL queries not using prepared statements (75%)
  • Output escaping not properly implemented (21%)
Vulnerabilities
None known

Push Notifications for WP – Self Hosted Web Push Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Push Notifications for WP – Self Hosted Web Push Notifications Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
6 prepared
Unescaped Output
118
453 escaped
Nonce Checks
22
Capability Checks
20
File Operations
0
External Requests
13
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

75% prepared8 total queries

Output Escaping

79% escaped571 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
pn_send_notification (inc\admin\admin.php:1938)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Push Notifications for WP – Self Hosted Web Push Notifications Attack Surface

Entry Points23
Unprotected0

AJAX Handlers 22

authwp_ajax_pn_verify_userinc\admin\admin.php:23
authwp_ajax_pn_refresh_userinc\admin\admin.php:24
authwp_ajax_pn_revoke_keysinc\admin\admin.php:25
authwp_ajax_pn_subscribers_datainc\admin\admin.php:26
authwp_ajax_pn_send_notificationinc\admin\admin.php:27
authwp_ajax_pn_send_query_messageinc\admin\admin.php:28
authwp_ajax_pn_get_compaignsinc\admin\admin.php:29
authwp_ajax_pn_delete_campaigninc\admin\admin.php:30
authwp_ajax_pn_delete_subscribersinc\admin\admin.php:31
authwp_ajax_pn_subscribe_newsletterinc\admin\admin.php:32
authwp_ajax_pn_select2_author_datainc\admin\admin.php:2946
authwp_ajax_pn_select2_category_datainc\admin\admin.php:2990
authwp_ajax_pn_include_visibility_condition_callbackinc\admin\admin.php:3077
authwp_ajax_pn_include_visibility_setting_callbackinc\admin\admin.php:3117
authwp_ajax_pn_get_select2_data_by_catinc\admin\admin.php:3334
authwp_ajax_update_pn_metainc\admin\admin.php:3386
authwp_ajax_pn_send_feedbackinc\admin\feedback-helper-functions.php:115
authwp_ajax_pn_register_subscribersinc\frontend\pn-frontend.php:91
noprivwp_ajax_pn_register_subscribersinc\frontend\pn-frontend.php:92
authwp_ajax_pn_noteclick_subscribersinc\frontend\pn-frontend.php:119
noprivwp_ajax_pn_noteclick_subscribersinc\frontend\pn-frontend.php:120
authwp_ajax_pn_get_compaigns_frontinc\frontend\pn-frontend.php:141

Shortcodes 1

[pn_campaigns] inc\frontend\pn-frontend.php:140
WordPress Hooks 76
actionadmin_noticesinc\admin\admin.php:13
actionadmin_menuinc\admin\admin.php:15
actionadmin_post_save_push_notification_settingsinc\admin\admin.php:18
actionadmin_initinc\admin\admin.php:21
actionadmin_enqueue_scriptsinc\admin\admin.php:22
actionwoocommerce_order_status_changedinc\admin\admin.php:34
filterpwaforwp_sw_js_templateinc\admin\admin.php:44
filterpwaforwp_pn_configinc\admin\admin.php:45
filterpwaforwp_pn_use_swinc\admin\admin.php:46
filterpwaforwp_sw_register_templateinc\admin\admin.php:47
actiontransition_post_statusinc\admin\admin.php:2541
actionpush_notification_pro_notifyform_beforeinc\admin\admin.php:2761
actionadmin_enqueue_scriptsinc\admin\admin.php:3399
actionadmin_enqueue_scriptsinc\admin\feedback-helper-functions.php:117
filteradmin_footerinc\admin\feedback-helper-functions.php:132
filterpushnotification_localize_filterinc\admin\newsletter.php:8
actionadd_meta_boxesinc\admin\PnMetaBox.php:23
actionsave_postinc\admin\PnMetaBox.php:24
actionnetwork_admin_menuinc\admin\pn_multisite.php:15
actionum_after_new_messageinc\compatibility\ultimate-member.php:22
actionum_activity_after_wall_post_publishedinc\compatibility\ultimate-member.php:23
actionum_groups_after_wall_post_publishedinc\compatibility\ultimate-member.php:24
filterpre_get_document_titleinc\frontend\amp-pn-subscribe.php:3
filterpwaforwp_manifestinc\frontend\pn-frontend.php:49
actionwp_enqueue_scriptsinc\frontend\pn-frontend.php:51
filtersuperpwa_manifestinc\frontend\pn-frontend.php:55
actionwp_enqueue_scriptsinc\frontend\pn-frontend.php:56
filtersuperpwa_sw_templateinc\frontend\pn-frontend.php:58
actionrest_api_initinc\frontend\pn-frontend.php:61
actionwp_footerinc\frontend\pn-frontend.php:62
actionwp_footerinc\frontend\pn-frontend.php:63
actionwp_headinc\frontend\pn-frontend.php:66
actionrest_api_initinc\frontend\pn-frontend.php:69
actionwp_enqueue_scriptsinc\frontend\pn-frontend.php:71
actionparse_queryinc\frontend\pn-frontend.php:76
actioninitinc\frontend\pn-frontend.php:79
actionpn_tokenid_registration_idinc\frontend\pn-frontend.php:80
actionpeepso_action_group_user_invitation_sendinc\frontend\pn-frontend.php:83
actionpeepso_friends_requests_after_addinc\frontend\pn-frontend.php:85
actionpeepso_friends_requests_after_acceptinc\frontend\pn-frontend.php:86
actionpeepso_activity_after_add_postinc\frontend\pn-frontend.php:88
actionpeepso_after_add_commentinc\frontend\pn-frontend.php:89
actionpn_tokenid_registration_idinc\frontend\pn-frontend.php:95
actionbp_activity_comment_postedinc\frontend\pn-frontend.php:96
actionmessages_message_sentinc\frontend\pn-frontend.php:97
actionbp_invitations_send_invitation_by_id_before_sendinc\frontend\pn-frontend.php:98
filterfriends_friendship_requestedinc\frontend\pn-frontend.php:99
filterfriends_friendship_acceptedinc\frontend\pn-frontend.php:100
actionbp_activity_after_saveinc\frontend\pn-frontend.php:101
actionpn_tokenid_registration_idinc\frontend\pn-frontend.php:106
actiongform_after_save_forminc\frontend\pn-frontend.php:107
actionpn_tokenid_registration_idinc\frontend\pn-frontend.php:112
actionfluent_community/feed/createdinc\frontend\pn-frontend.php:113
actionfluent_community/comment_addedinc\frontend\pn-frontend.php:114
actionfluent_community/feed/react_addedinc\frontend\pn-frontend.php:115
actionpre_amp_render_postinc\frontend\pn-frontend.php:122
actiontemplate_redirectinc\frontend\pn-frontend.php:125
filtertemplate_includeinc\frontend\pn-frontend.php:127
actionpn_tokenid_registration_idinc\frontend\pn-frontend.php:132
actionwp_logininc\frontend\pn-frontend.php:135
filterpn_token_existsinc\frontend\pn-frontend.php:137
actionwp_enqueue_scriptsinc\frontend\pn-frontend.php:138
actionwp_footerinc\frontend\pn-frontend.php:139
actionamp_post_template_headinc\frontend\pn-frontend.php:896
actionampforwp_after_headerinc\frontend\pn-frontend.php:903
actionamp_post_template_cssinc\frontend\pn-frontend.php:904
actionwp_headinc\frontend\pn-frontend.php:1031
actionwp_body_openinc\frontend\pn-frontend.php:1035
actionwp_footerinc\frontend\pn-frontend.php:1040
filteroption_autoptimize_js_excludeinc\frontend\pn-frontend.php:2399
actionplugins_loadedpush-notification.php:26
actionadmin_noticespush-notification.php:43
actionplugins_loadedpush-notification.php:123
actionadmin_initpush-notification.php:161
actionupgrader_process_completepush-notification.php:278
actionadmin_footerpush-notification.php:291
Maintenance & Trust

Push Notifications for WP – Self Hosted Web Push Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version5.6.20
Downloads205K

Community Trust

Rating100/100
Number of ratings4
Active installs6K
Alternatives

Push Notifications for WP – Self Hosted Web Push Notifications Alternatives

SendPulse Free Web Push

SendPulse Free Web Push

sendpulse-web-push

A
98

Web push notifications for your website. Available in Chrome (Android and desktop), Firefox (Android and desktop) and Safari (desktop).

600 2 CVEs
OneSignal – Web Push Notifications

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

A
98

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 2 CVEs
Notix – Web Push Notifications

Notix – Web Push Notifications

notix-web-push-notifications

A
85

Bring more repeat traffic to your WordPress site with Notix. Best engine for web push subscribers collection and notifications delivery.

800 No CVEs
Push7 Subscribe button

Push7 Subscribe button

simple-push-subscribe-button

A
85

Easy setup Push7 Subscribe Button, and inject Jetpack

70 No CVEs
AlertWise: Mobile & Web Push Notification Service

AlertWise: Mobile & Web Push Notification Service

alertwise

A
100

AlertWise is a powerful push notification plugin; that helps you engage users in real time.

10 No CVEs
Developer Profile

Push Notifications for WP – Self Hosted Web Push Notifications Developer Profile

Magazine3

13 plugins · 739K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
327 days
View full developer profile
Detection Fingerprints

How We Detect Push Notifications for WP – Self Hosted Web Push Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/push-notification/assets/css/pn-style.css/wp-content/plugins/push-notification/assets/js/pn-script.js/wp-content/plugins/push-notification/assets/js/pn-admin.js
Script Paths
/wp-content/plugins/push-notification/assets/js/pn-script.js
Version Parameters
push-notification/assets/css/pn-style.css?ver=push-notification/assets/js/pn-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
push-notification-subscribe-button
HTML Comments
<!-- push-notification-subscribe-button --><!-- push-notification-subscriber-count -->
Data Attributes
data-push-notification-iddata-push-notification-text
JS Globals
PN_APIpn_script
REST Endpoints
/wp-json/push-notification/v1/subscribe/wp-json/push-notification/v1/unsubscribe
Shortcode Output
[push_notification_subscribe_button][push_notification_subscriber_count]
FAQ

Frequently Asked Questions about Push Notifications for WP – Self Hosted Web Push Notifications