[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGhDtV92UUgf-USkOJArxh2mQvGxdrrDOVY-5dFtsLJc":3,"$fDhKg_BEIVW9i3aNl0ZBP2fvlOZ7lyI8TZAquKeFGkAk":316,"$fZbIAKzJKnm_jSZV1hqyYf5A5_mCSiO6BHe9ahko9bSA":320},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":62,"fingerprints":293},"push-notification-sender","Push Notification Sender for WP","1.0.0","bishal.saha","https:\u002F\u002Fprofiles.wordpress.org\u002Fbishalsaha\u002F","\u003Cp>Launch push notification to all iOS and Android devices automatically when an Add\u002FEdit a Post\u002FPage and even when a new comment is added to any post. No any third party software integration required. You can also send a custom push notification to any individual registered member.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>Supports following methods\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Apple Push Notification service (APNs)\u003C\u002Fli>\n\u003Cli>Google Cloud Messaging (GCM)\u003C\u002Fli>\n\u003Cli>Firebase Cloud Messaging (FCM)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin have options to:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Launch push notification to WordPress users separately.\u003C\u002Fli>\n\u003Cli>Launch push notification to users when a new page\u002Fpost is published or when new comment is added to the post (administrator user)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Required Settings\u003C\u002Fh3>\n\u003Cp>To launch push notification to android devices, you need to enter the Google GCM API Key\u003C\u002Fp>\n\u003Cp>To launch push notification to iOS devices, you need to upload the Apple APNs pem certification file.\u003C\u002Fp>\n\u003Cp>This plugin have a separate API to register any devices to receive push notification. You may use this API in your mobile application and send the token to API to register the device.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress 4.4 or greater\u003C\u002Fli>\n\u003Cli>PHP version 5.2.4 or greater\u003C\u002Fli>\n\u003Cli>MySQL version 5.0 or greater\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English – default, always included\u003C\u002Fli>\n\u003C\u002Ful>\n","Easiest way to launch push notification from your WordPress website to iOs and Android devices. Ready to go, no third party any integration required.",10,1744,0,"2017-08-30T19:05:00.000Z","4.7.33","3.0.1","",[4,19,20,21,22],"send-push-notification","send-to-android","send-to-iphone","send-to-mobile","http:\u002F\u002Fgentryx.com\u002Fwp-plugin\u002Fpush-notification-sender","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-notification-sender.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"bishalsaha",1,30,84,"2026-05-20T04:11:37.907Z",[37],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":59,"download_link":60,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":61},"pd-android-fcm","pd Android FCM Push Notification","1.1.8","Proficient Designers","https:\u002F\u002Fprofiles.wordpress.org\u002Fproficientdesigners\u002F","\u003Cp>pd Android FCM Push Notification is a plugin through which you can send push notifications directly from your WordPress site to android devices via \u003Ca href='https:\u002F\u002Ffirebase.google.com\u002F' rel=\"nofollow ugc\">Firebase Cloud Messaging\u003C\u002Fa> service. When a new blog is posted or existing blog is updated, a push notification sent to android device.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Included:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Can send push notification for each blog post.\u003C\u002Fli>\n\u003Cli>Even can send custom notifications to the registered devices.\u003C\u002Fli>\n\u003Cli>Devices are subscribed in category wise, so that the notifications can also be sent based on the category.\u003C\u002Fli>\n\u003Cli>Featured image support is available (above android version 4.4).\u003C\u002Fli>\n\u003Cli>Push notifications can be scheduled.\u003C\u002Fli>\n\u003Cli>A checkbox is available at the right side to choose whether to send push notification in post publish or update.\u003C\u002Fli>\n\u003Cli>For more documentation and screenshots, please visit \u003Ca href=\"https:\u002F\u002Fproficientdesigners.in\u002Fcreations\u002Fpd-android-fcm-push-notification\u002F\" rel=\"nofollow ugc\">proficientdesigners.in\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Demo:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_fffaw9fFwY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Using 3rd party service:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please note that this plugin is relying on a 3rd party service, which is the Google Firebase Cloud Messaging service (FCM) and your data is being sent through their servers via HTTP API \u003Cem>(https:\u002F\u002Ffcm.googleapis.com\u002Ffcm\u002Fsend)\u003C\u002Fem>. This is very legal to use the  Google Firebase Cloud Messaging service (FCM), based on their terms and conditions \u003Ca href='https:\u002F\u002Ffirebase.google.com\u002Fterms\u002F' rel=\"nofollow ugc\">https:\u002F\u002Ffirebase.google.com\u002Fterms\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Demo Android App:\u003C\u002Fstrong>\u003Cbr \u002F>\nWe have a demo android app in the Google Play Store for this plugin’s testing purpose. You can get the link from our official documentation page.\u003C\u002Fp>\n","pd Android FCM Push Notification is a plugin through which you can send push notifications directly from your WordPress site to android devices via Fi &hellip;",20,73246,100,2,"2020-11-04T03:16:00.000Z","5.5.18","4.0","5.6",[54,55,56,57,58],"android-push-notification","fcm","google-firebase-cloud-messaging-service","push-notification","send-push-notification-from-wordpress-site-to-android-devices","https:\u002F\u002Fproficientdesigners.in\u002Fcreations\u002Fpd-android-fcm-push-notification\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpd-android-fcm.1.1.8.zip","2026-04-16T10:56:18.058Z",{"attackSurface":63,"codeSignals":117,"taintFlows":175,"riskAssessment":276,"analyzedAt":292},{"hooks":64,"ajaxHandlers":106,"restRoutes":107,"shortcodes":115,"cronEvents":116,"entryPointCount":32,"unprotectedCount":32},[65,71,74,76,79,82,85,89,92,95,98,100,103],{"type":66,"name":67,"callback":68,"file":69,"line":70},"action","plugins_loaded","anonymous","includes\\class-push-notification-sender.php",139,{"type":66,"name":72,"callback":68,"file":69,"line":73},"admin_enqueue_scripts",154,{"type":66,"name":72,"callback":68,"file":69,"line":75},155,{"type":66,"name":77,"callback":68,"file":69,"line":78},"admin_menu",156,{"type":66,"name":80,"callback":68,"file":69,"line":81},"publish_post",157,{"type":66,"name":83,"callback":68,"file":69,"line":84},"publish_page",158,{"type":86,"name":87,"callback":68,"file":69,"line":88},"filter","upload_dir",160,{"type":86,"name":90,"callback":68,"file":69,"line":91},"upload_mimes",161,{"type":86,"name":93,"callback":68,"file":69,"line":94},"post_updated_messages",162,{"type":66,"name":96,"callback":68,"file":69,"line":97},"wp_enqueue_scripts",176,{"type":66,"name":96,"callback":68,"file":69,"line":99},177,{"type":66,"name":101,"callback":68,"file":69,"line":102},"rest_api_init",178,{"type":66,"name":104,"callback":68,"file":69,"line":105},"wp_insert_comment",179,[],[108],{"namespace":4,"route":109,"methods":110,"callback":112,"permissionCallback":26,"file":113,"line":114},"\u002Fregister",[111],"GET","push_notification_sender_add_device_token","public\\class-push-notification-sender-public.php",110,[],[],{"dangerousFunctions":118,"sqlUsage":119,"outputEscaping":149,"fileOperations":32,"externalRequests":32,"nonceChecks":173,"capabilityChecks":48,"bundledLibraries":174},[],{"prepared":48,"raw":11,"locations":120},[121,125,129,131,134,137,139,141,144,147],{"file":122,"line":123,"context":124},"admin\\class-push-notification-sender-admin.php",232,"$wpdb->get_results() with variable interpolation",{"file":126,"line":127,"context":128},"admin\\class-push-notification-sender-list-table.php",196,"$wpdb->query() with variable interpolation",{"file":126,"line":130,"context":124},221,{"file":126,"line":132,"context":133},227,"$wpdb->get_var() with variable interpolation",{"file":135,"line":136,"context":124},"admin\\partials\\custom-push-notification-sender-display.php",52,{"file":135,"line":138,"context":124},63,{"file":135,"line":140,"context":124},123,{"file":113,"line":142,"context":143},257,"$wpdb->get_row() with variable interpolation",{"file":145,"line":146,"context":128},"uninstall.php",39,{"file":145,"line":148,"context":128},40,{"escaped":150,"rawEcho":11,"locations":151},32,[152,155,157,159,161,164,165,167,169,171],{"file":126,"line":153,"context":154},201,"raw output",{"file":135,"line":156,"context":154},238,{"file":158,"line":33,"context":154},"admin\\partials\\push-notification-sender-list-display.php",{"file":158,"line":160,"context":154},37,{"file":162,"line":163,"context":154},"admin\\partials\\push-notification-sender-settings-display.php",59,{"file":162,"line":138,"context":154},{"file":162,"line":166,"context":154},207,{"file":162,"line":168,"context":154},212,{"file":162,"line":170,"context":154},314,{"file":113,"line":172,"context":154},173,4,[],[176,194,203,212,224,235,245,255,268],{"entryPoint":177,"graph":178,"unsanitizedCount":32,"severity":193},"process_bulk_action (admin\\class-push-notification-sender-list-table.php:187)",{"nodes":179,"edges":190},[180,185],{"id":181,"type":182,"label":183,"file":126,"line":184},"n0","source","$_REQUEST",199,{"id":186,"type":187,"label":188,"file":126,"line":153,"wp_function":189},"n1","sink","echo() [XSS]","echo",[191],{"from":181,"to":186,"sanitized":192},false,"medium",{"entryPoint":195,"graph":196,"unsanitizedCount":32,"severity":202},"\u003Cclass-push-notification-sender-list-table> (admin\\class-push-notification-sender-list-table.php:0)",{"nodes":197,"edges":200},[198,199],{"id":181,"type":182,"label":183,"file":126,"line":184},{"id":186,"type":187,"label":188,"file":126,"line":153,"wp_function":189},[201],{"from":181,"to":186,"sanitized":192},"low",{"entryPoint":204,"graph":205,"unsanitizedCount":32,"severity":202},"\u003Cpush-notification-sender-list-display> (admin\\partials\\push-notification-sender-list-display.php:0)",{"nodes":206,"edges":210},[207,209],{"id":181,"type":182,"label":208,"file":158,"line":160},"$_REQUEST['page']",{"id":186,"type":187,"label":188,"file":158,"line":160,"wp_function":189},[211],{"from":181,"to":186,"sanitized":192},{"entryPoint":213,"graph":214,"unsanitizedCount":173,"severity":202},"save_general_options (admin\\partials\\push-notification-sender-settings-display.php:145)",{"nodes":215,"edges":222},[216,219],{"id":181,"type":182,"label":217,"file":162,"line":218},"$_POST (x4)",148,{"id":186,"type":187,"label":220,"file":162,"line":78,"wp_function":221},"update_option() [Settings Manipulation]","update_option",[223],{"from":181,"to":186,"sanitized":192},{"entryPoint":225,"graph":226,"unsanitizedCount":234,"severity":202},"save_ios_options (admin\\partials\\push-notification-sender-settings-display.php:223)",{"nodes":227,"edges":232},[228,231],{"id":181,"type":182,"label":229,"file":162,"line":230},"$_POST (x3)",225,{"id":186,"type":187,"label":220,"file":162,"line":156,"wp_function":221},[233],{"from":181,"to":186,"sanitized":192},3,{"entryPoint":236,"graph":237,"unsanitizedCount":234,"severity":202},"save_android_options (admin\\partials\\push-notification-sender-settings-display.php:327)",{"nodes":238,"edges":243},[239,241],{"id":181,"type":182,"label":229,"file":162,"line":240},329,{"id":186,"type":187,"label":220,"file":162,"line":242,"wp_function":221},333,[244],{"from":181,"to":186,"sanitized":192},{"entryPoint":246,"graph":247,"unsanitizedCount":13,"severity":202},"\u003Cpush-notification-sender-settings-display> (admin\\partials\\push-notification-sender-settings-display.php:0)",{"nodes":248,"edges":252},[249,251],{"id":181,"type":182,"label":250,"file":162,"line":218},"$_POST (x10)",{"id":186,"type":187,"label":220,"file":162,"line":78,"wp_function":221},[253],{"from":181,"to":186,"sanitized":254},true,{"entryPoint":256,"graph":257,"unsanitizedCount":32,"severity":267},"push_notification_sender_comment_inserted (public\\class-push-notification-sender-public.php:243)",{"nodes":258,"edges":265},[259,262],{"id":181,"type":182,"label":260,"file":113,"line":261},"$_POST",248,{"id":186,"type":187,"label":263,"file":113,"line":142,"wp_function":264},"get_row() [SQLi]","get_row",[266],{"from":181,"to":186,"sanitized":192},"high",{"entryPoint":269,"graph":270,"unsanitizedCount":32,"severity":267},"\u003Cclass-push-notification-sender-public> (public\\class-push-notification-sender-public.php:0)",{"nodes":271,"edges":274},[272,273],{"id":181,"type":182,"label":260,"file":113,"line":261},{"id":186,"type":187,"label":263,"file":113,"line":142,"wp_function":264},[275],{"from":181,"to":186,"sanitized":192},{"summary":277,"deductions":278},"The \"push-notification-sender\" plugin version 1.0.0 exhibits a concerning security posture due to a significant number of unsanitized taint flows and an unprotected REST API endpoint. While the plugin boasts no known vulnerabilities and implements some good practices like capability checks and a reasonable percentage of properly escaped outputs, the presence of 8 flows with unsanitized paths, including 2 of high severity, is a major red flag. These flows, combined with the single unprotected REST API route, create a clear pathway for potential injection attacks.  The absence of known CVEs is positive, but it does not negate the risks identified in the static analysis. The plugin needs immediate attention to sanitize its data handling and secure its API endpoints.",[279,281,284,287,290],{"reason":280,"points":11},"REST API route without permission callback",{"reason":282,"points":283},"Taint flow: High severity (x2)",15,{"reason":285,"points":286},"Flows with unsanitized paths (x8)",8,{"reason":288,"points":289},"SQL queries using prepared statements (83% not)",5,{"reason":291,"points":234},"Output escaping (24% not properly)","2026-03-17T00:54:38.019Z",{"wat":294,"direct":309},{"assetPaths":295,"generatorPatterns":302,"scriptPaths":303,"versionParams":304},[296,297,298,299,300,301],"\u002Fwp-content\u002Fplugins\u002Fpush-notification-sender\u002Fadmin\u002Fcss\u002Fjquery-ui-min.css","\u002Fwp-content\u002Fplugins\u002Fpush-notification-sender\u002Fadmin\u002Fcss\u002Fpush-notification-sender-admin.css","\u002Fwp-content\u002Fplugins\u002Fpush-notification-sender\u002Fadmin\u002Fcss\u002Fpqselect.dev.css","\u002Fwp-content\u002Fplugins\u002Fpush-notification-sender\u002Fadmin\u002Fjs\u002Fpush-notification-sender-admin.js","\u002Fwp-content\u002Fplugins\u002Fpush-notification-sender\u002Fadmin\u002Fjs\u002Fjquery.validate.min.js","\u002Fwp-content\u002Fplugins\u002Fpush-notification-sender\u002Fadmin\u002Fjs\u002Fpqselect.dev.js",[],[299,300,301],[305,306,307,308],"push-notification-sender\u002Fadmin\u002Fcss\u002Fjquery-ui-min.css?ver=","push-notification-sender\u002Fadmin\u002Fcss\u002Fpush-notification-sender-admin.css?ver=","push-notification-sender\u002Fadmin\u002Fjs\u002Fpush-notification-sender-admin.js?ver=","push-notification-sender\u002Fadmin\u002Fjs\u002Fpqselect.dev.js?ver=1.0.0",{"cssClasses":310,"htmlComments":311,"htmlAttributes":312,"restEndpoints":313,"jsGlobals":314,"shortcodeOutput":315},[],[],[],[],[],[],{"error":254,"url":317,"statusCode":318,"statusMessage":319,"message":319},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fpush-notification-sender\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":32,"versions":321},[322],{"version":323,"download_url":324,"svn_tag_url":325,"released_at":26,"has_diff":192,"diff_files_changed":326,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":327,"is_current":192},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-notification-sender.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpush-notification-sender\u002Ftags\u002F1.0\u002F",[],[]]