Does Push Notifications For Web have any unpatched vulnerabilities?

No. All known vulnerabilities in Push Notifications For Web have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Push Notifications For Web compatible with WordPress 6.8.5?

According to WordPress.org data, Push Notifications For Web 2.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Push Notifications For Web compatible with PHP 5.6+?

Push Notifications For Web requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Push Notifications For Web updated?

Push Notifications For Web was last updated on Aug 28, 2025. Frequent updates are generally a positive security signal.

What is Push Notifications For Web's security score?

Push Notifications For Web has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Push Notifications For Web Security & Risk Analysis

wordpress.org/plugins/push-notifications-for-web

Free, fastest growing & lightweight plugin for Web Push Notifications. Add Free browser push notifications to your WordPress.

10 active installs v2.0 PHP 5.6+ WP 6.3+ Updated Aug 28, 2025

chrome-pushfirefox-pushpush-notificationpush-notificationsweb-push-notifications

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Push Notifications For Web Safe to Use in 2026?

Generally Safe

Score 100/100

Push Notifications For Web has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The plugin "push-notifications-for-web" v2.0 exhibits a mixed security posture. While it has a clean vulnerability history with no known CVEs, the static analysis reveals significant areas of concern. The plugin has two AJAX entry points, both of which lack authentication checks, creating a substantial attack surface that could be exploited by unauthenticated users. Furthermore, all SQL queries are executed without prepared statements, posing a high risk of SQL injection vulnerabilities. The taint analysis indicates two high-severity flows with unsanitized paths, which, combined with the lack of proper SQL sanitization, suggests potential for malicious data manipulation. Although the plugin has a good number of output escaping checks, the presence of unsanitized paths and raw SQL queries overshadows this strength. The absence of critical or high vulnerabilities in its history is positive, but the static analysis findings point to potential weaknesses that could be exploited if not addressed.

Key Concerns

AJAX handlers without auth checks
SQL queries without prepared statements
High severity taint flows with unsanitized paths
Limited capability checks

Vulnerabilities

None known

Push Notifications For Web Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Push Notifications For Web Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

89 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

55% escaped163 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

save_notification_setting (inc\admin\class.zpn.admin.action.php:392)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Push Notifications For Web Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_notification_tokeninc\class.zpn.php:44

noprivwp_ajax_notification_tokeninc\class.zpn.php:45

WordPress Hooks 15

actionadmin_initinc\admin\class.zpn.admin.action.php:26

actionadmin_menuinc\admin\class.zpn.admin.action.php:27

actionadd_meta_boxesinc\admin\class.zpn.admin.action.php:28

actionpublish_postinc\admin\class.zpn.admin.action.php:29

actionpublish_pageinc\admin\class.zpn.admin.action.php:30

actionplugins_loadedinc\admin\class.zpn.admin.action.php:738

filterupload_mimesinc\admin\class.zpn.admin.filter.php:24

actionplugins_loadedinc\admin\class.zpn.admin.filter.php:94

actionplugins_loadedinc\admin\class.zpn.admin.php:66

actionplugins_loadedinc\class.zpn.php:39

actioninitinc\class.zpn.php:71

actionwp_enqueue_scriptsinc\front\class.zpn.front.action.php:24

actionplugins_loadedinc\front\class.zpn.front.action.php:77

actionplugins_loadedinc\front\class.zpn.front.filter.php:51

actionplugins_loadedinc\front\class.zpn.front.php:66

Maintenance & Trust

Push Notifications For Web Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 28, 2025

PHP min version5.6

Downloads3K

Community Trust

Rating100/100

Number of ratings6

Active installs10

Alternatives

Push Notifications For Web Alternatives

Gravitec.net – Web Push Notifications

gravitec-net-web-push-notifications

Easy-to-use and smart push notifications for your website. Increase subscriptions and repeat visits with minimal effort.

1K 1 CVE

Feedify – Web Push Notifications

push-notification-by-feedify

Engage your customer with Web Push Notifications. Send them personalised messages even when they aren't on your website.

100 3 CVEs

Web Push Notifications by Aimtell

aimtell-web-push-notifications

100

Aimtell enables users to re-engage their website visitors with highly targeted mobile & desktop web push notifications.

60 No CVEs

informvisitors

100

With informvisitors, you can start sending browser push notifications to your clients in less than a minute.Just install the plugin and enjoy.

10 No CVEs

Notificare

notificare-website-push

Smart push notifications for WordPress websites.

10 No CVEs

Developer Profile

Push Notifications For Web Developer Profile

ZealousWeb

18 plugins · 7K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

88 days

View full developer profile

Detection Fingerprints

How We Detect Push Notifications For Web

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/push-notifications-for-web/css/admin.style.css/wp-content/plugins/push-notifications-for-web/js/admin.script.js/wp-content/plugins/push-notifications-for-web/js/front.script.js/wp-content/plugins/push-notifications-for-web/inc/admin/css/admin.style.css/wp-content/plugins/push-notifications-for-web/inc/admin/js/admin.script.js/wp-content/plugins/push-notifications-for-web/inc/front/js/front.script.js

Script Paths

/wp-content/plugins/push-notifications-for-web/inc/admin/js/admin.script.js/wp-content/plugins/push-notifications-for-web/inc/front/js/front.script.js

Version Parameters

push-notifications-for-web/css/admin.style.css?ver=push-notifications-for-web/js/admin.script.js?ver=push-notifications-for-web/js/front.script.js?ver=push-notifications-for-web/inc/admin/css/admin.style.css?ver=push-notifications-for-web/inc/admin/js/admin.script.js?ver=push-notifications-for-web/inc/front/js/front.script.js?ver=

HTML / DOM Fingerprints

CSS Classes

zealwpn-notificationzealwpn-setupzealwpn-configurationzealwpn-send-notification

Data Attributes

data-tab

JS Globals

ZPN_PREFIXZPN_VERSIONZPN_URL

FAQ