WP-Safety

Push Notification Sender for WP Security & Risk Analysis

wordpress.org/plugins/push-notification-sender

Easiest way to launch push notification from your WordPress website to iOs and Android devices. Ready to go, no third party any integration required.

10 active installs v1.0.0 PHP + WP 3.0.1+ Updated Aug 30, 2017
push-notification-sendersend-push-notificationsend-to-androidsend-to-iphonesend-to-mobile
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Push Notification Sender for WP Safe to Use in 2026?

Generally Safe

Score 85/100

Push Notification Sender for WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "push-notification-sender" plugin version 1.0.0 exhibits a concerning security posture due to a significant number of unsanitized taint flows and an unprotected REST API endpoint. While the plugin boasts no known vulnerabilities and implements some good practices like capability checks and a reasonable percentage of properly escaped outputs, the presence of 8 flows with unsanitized paths, including 2 of high severity, is a major red flag. These flows, combined with the single unprotected REST API route, create a clear pathway for potential injection attacks. The absence of known CVEs is positive, but it does not negate the risks identified in the static analysis. The plugin needs immediate attention to sanitize its data handling and secure its API endpoints.

Key Concerns

  • REST API route without permission callback
  • Taint flow: High severity (x2)
  • Flows with unsanitized paths (x8)
  • SQL queries using prepared statements (83% not)
  • Output escaping (24% not properly)
Vulnerabilities
None known

Push Notification Sender for WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Push Notification Sender for WP Release Timeline

v1.0
Code Analysis
Analyzed Mar 17, 2026

Push Notification Sender for WP Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
2 prepared
Unescaped Output
10
32 escaped
Nonce Checks
4
Capability Checks
2
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

17% prepared12 total queries

Output Escaping

76% escaped42 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths
process_bulk_action (admin\class-push-notification-sender-list-table.php:187)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Push Notification Sender for WP Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

GET/wp-json/push-notification-sender/registerpublic\class-push-notification-sender-public.php:110
WordPress Hooks 13
actionplugins_loadedincludes\class-push-notification-sender.php:139
actionadmin_enqueue_scriptsincludes\class-push-notification-sender.php:154
actionadmin_enqueue_scriptsincludes\class-push-notification-sender.php:155
actionadmin_menuincludes\class-push-notification-sender.php:156
actionpublish_postincludes\class-push-notification-sender.php:157
actionpublish_pageincludes\class-push-notification-sender.php:158
filterupload_dirincludes\class-push-notification-sender.php:160
filterupload_mimesincludes\class-push-notification-sender.php:161
filterpost_updated_messagesincludes\class-push-notification-sender.php:162
actionwp_enqueue_scriptsincludes\class-push-notification-sender.php:176
actionwp_enqueue_scriptsincludes\class-push-notification-sender.php:177
actionrest_api_initincludes\class-push-notification-sender.php:178
actionwp_insert_commentincludes\class-push-notification-sender.php:179
Maintenance & Trust

Push Notification Sender for WP Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33
Last updatedAug 30, 2017
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Push Notification Sender for WP Alternatives

pd Android FCM Push Notification

pd Android FCM Push Notification

pd-android-fcm

A
85

pd Android FCM Push Notification is a plugin through which you can send push notifications directly from your WordPress site to android devices via Fi …

20 No CVEs
Developer Profile

Push Notification Sender for WP Developer Profile

bishal.saha

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Push Notification Sender for WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/push-notification-sender/admin/css/jquery-ui-min.css/wp-content/plugins/push-notification-sender/admin/css/push-notification-sender-admin.css/wp-content/plugins/push-notification-sender/admin/css/pqselect.dev.css/wp-content/plugins/push-notification-sender/admin/js/push-notification-sender-admin.js/wp-content/plugins/push-notification-sender/admin/js/jquery.validate.min.js/wp-content/plugins/push-notification-sender/admin/js/pqselect.dev.js
Script Paths
/wp-content/plugins/push-notification-sender/admin/js/push-notification-sender-admin.js/wp-content/plugins/push-notification-sender/admin/js/jquery.validate.min.js/wp-content/plugins/push-notification-sender/admin/js/pqselect.dev.js
Version Parameters
push-notification-sender/admin/css/jquery-ui-min.css?ver=push-notification-sender/admin/css/push-notification-sender-admin.css?ver=push-notification-sender/admin/js/push-notification-sender-admin.js?ver=push-notification-sender/admin/js/pqselect.dev.js?ver=1.0.0

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Push Notification Sender for WP