WP-Safety

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) Security & Risk Analysis

wordpress.org/plugins/pushengage

Send order updates, recover abandoned carts, and boost retention with push notifications, WhatsApp automation + multichannel Chat widget.

10K active installs v4.2.1 PHP 5.6+ WP 4.5.0+ Updated Jan 6, 2026
cart-abandonmentpush-notificationsweb-push-notificationswhatsappwoocommerce-push-notifications
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) Safe to Use in 2026?

Generally Safe

Score 100/100

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The Pushengage plugin v4.2.1 demonstrates some good security practices, particularly its high percentage of prepared SQL statements and properly escaped outputs. The absence of known CVEs and a clean vulnerability history are positive indicators. However, the plugin has a notable attack surface with 10 AJAX handlers, 4 of which lack authentication checks. This is a significant concern as it potentially allows unauthenticated users to trigger plugin functionality. While taint analysis did not reveal critical or high-severity issues, the presence of 5 flows with unsanitized paths warrants further investigation to ensure they do not lead to exploitable vulnerabilities in conjunction with the unprotected AJAX endpoints. The plugin also has file operations and external HTTP requests, which could be vectors if not handled securely in combination with other weaknesses.

Key Concerns

  • 4 unprotected AJAX handlers present
  • 5 flows with unsanitized paths detected
  • File operations present (potential vector)
  • External HTTP requests present (potential vector)
Vulnerabilities
None known

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
23 prepared
Unescaped Output
17
193 escaped
Nonce Checks
8
Capability Checks
15
File Operations
12
External Requests
6
Bundled Libraries
0

SQL Query Safety

79% prepared29 total queries

Output Escaping

92% escaped210 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
view_debug_log_file (app\Ajax.php:2080)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) Attack Surface

Entry Points10
Unprotected4

AJAX Handlers 10

authwp_ajax_pe_subscriber_syncapp\Includes\SubscriberSync.php:27
authwp_ajax_pe_woocommerce_order_actionapp\Integrations\WooCommerce\NotificationActions.php:98
authwp_ajax_pe_woo_send_product_import_notificationapp\Integrations\WooCommerce\NotificationActions.php:99
authwp_ajax_pushengage_save_cart_abandonment_dataapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:58
noprivwp_ajax_pushengage_save_cart_abandonment_dataapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:59
authwp_ajax_pe_dismiss_woo_noticeapp\Integrations\WooCommerce\Woo.php:25
authwp_ajax_pe_get_woo_noticeapp\Integrations\WooCommerce\Woo.php:26
authwp_ajax_pe_dismiss_review_noticeapp\ReviewNotice.php:27
authwp_ajax_pe_get_review_noticeapp\ReviewNotice.php:28
authwp_ajax_pe_dismiss_whats_new_noticeapp\WhatsNew.php:41
WordPress Hooks 94
actionadmin_initapp\Admin.php:23
actionadmin_enqueue_scriptsapp\Admin.php:24
actionadmin_noticesapp\Admin.php:25
actionadmin_noticesapp\Admin.php:26
actionadmin_enqueue_scriptsapp\Admin.php:28
actionadmin_bar_menuapp\AdminBarMenu.php:34
actionadmin_headapp\AdminBarMenu.php:36
actionwp_headapp\AdminBarMenu.php:38
actioninitapp\Core.php:56
actionwp_enqueue_scriptsapp\Core.php:59
actionwp_enqueue_scriptsapp\Core.php:67
actiontransition_post_statusapp\Core.php:70
actioninitapp\Core.php:78
actionadmin_noticesapp\Core.php:79
actionenqueue_block_editor_assetsapp\Core.php:86
actionpe_wpcode_wc_browse_scriptapp\Core.php:110
actionpe_wpcode_wc_cart_scriptapp\Core.php:111
actionpe_wpcode_wc_cart_ajax_scriptapp\Core.php:112
actionpe_wpcode_wc_checkout_scriptapp\Core.php:113
actionpe_wpcode_edd_browse_scriptapp\Core.php:121
actionpe_wpcode_edd_cart_scriptapp\Core.php:122
actionpe_wpcode_edd_checkout_scriptapp\Core.php:123
actionwoocommerce_after_single_productapp\Core.php:134
actionwp_headapp\Core.php:139
actionwoocommerce_add_to_cartapp\Core.php:140
actionwoocommerce_thankyouapp\Core.php:145
actionwoocommerce_thankyouapp\Core.php:148
filterrocket_excluded_inline_js_contentapp\Core.php:191
actionadd_meta_boxesapp\Core.php:271
actionadd_meta_boxesapp\Core.php:277
actionsave_postapp\Core.php:280
actionwp_dashboard_setupapp\DashboardWidget.php:33
actionadmin_enqueue_scriptsapp\EnqueueAssets.php:34
filteradmin_footer_textapp\EnqueueAssets.php:52
actionwp_enqueue_scriptsapp\Includes\AttributesMetaSync.php:27
actionadmin_footerapp\Includes\PluginFeedback.php:38
actionadmin_enqueue_scriptsapp\Includes\PluginFeedback.php:39
filterplugin_row_metaapp\Includes\PluginFeedback.php:41
actionwp_enqueue_scriptsapp\Includes\SubscriberSync.php:26
filtercron_schedulesapp\Includes\WPMetricsCron.php:63
actioninitapp\Includes\WPMetricsCron.php:66
actionpushengage_send_weekly_metricsapp\Includes\WPMetricsCron.php:70
filtermanage_edit-shop_order_columnsapp\Integrations\WooCommerce\NotificationActions.php:37
filtermanage_woocommerce_page_wc-orders_columnsapp\Integrations\WooCommerce\NotificationActions.php:39
actionmanage_shop_order_posts_custom_columnapp\Integrations\WooCommerce\NotificationActions.php:42
actionmanage_woocommerce_page_wc-orders_custom_columnapp\Integrations\WooCommerce\NotificationActions.php:44
filterbulk_actions-woocommerce_page_wc-ordersapp\Integrations\WooCommerce\NotificationActions.php:47
filterhandle_bulk_actions-woocommerce_page_wc-ordersapp\Integrations\WooCommerce\NotificationActions.php:48
actionadmin_noticesapp\Integrations\WooCommerce\NotificationActions.php:49
actionadmin_initapp\Integrations\WooCommerce\NotificationActions.php:51
filterwoocommerce_order_actionsapp\Integrations\WooCommerce\NotificationActions.php:54
actionwoocommerce_order_action_pe_send_status_updateapp\Integrations\WooCommerce\NotificationActions.php:56
actionwoocommerce_order_action_pe_send_review_requestapp\Integrations\WooCommerce\NotificationActions.php:57
actionwoocommerce_order_action_pe_send_retry_purchaseapp\Integrations\WooCommerce\NotificationActions.php:58
filterpushengage_post_settings_metabox_priorityapp\Integrations\WooCommerce\NotificationActions.php:71
filterpushengage_site_not_connected_metabox_priorityapp\Integrations\WooCommerce\NotificationActions.php:72
actionpushengage_send_review_request_notificationapp\Integrations\WooCommerce\NotificationHandler.php:90
filterwoocommerce_settings_tabs_arrayapp\Integrations\WooCommerce\NotificationSettings.php:22
actionwoocommerce_settings_pe_notificationsapp\Integrations\WooCommerce\NotificationSettings.php:23
actionadmin_enqueue_scriptsapp\Integrations\WooCommerce\NotificationSettings.php:26
actionadmin_footerapp\Integrations\WooCommerce\NotificationSettings.php:29
actionadmin_noticesapp\Integrations\WooCommerce\NotificationSettings.php:32
actioninitapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\CartAbandonmentTracker.php:40
actionwoocommerce_after_checkout_formapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\CartAbandonmentTracker.php:55
actionwoocommerce_blocks_enqueue_checkout_block_scripts_afterapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\CartAbandonmentTracker.php:56
actionwoocommerce_after_calculate_totalsapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:42
actionwoocommerce_cart_item_removedapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:43
actionwoocommerce_new_orderapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:46
filtercron_schedulesapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:49
actioninitapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:52
actionpushengage_check_abandoned_cartsapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:55
actionwp_enqueue_scriptsapp\Integrations\WooCommerce\Whatsapp\WhatsappClickToChat.php:39
actionwp_footerapp\Integrations\WooCommerce\Whatsapp\WhatsappClickToChat.php:40
actionwoocommerce_new_orderapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:71
actionwoocommerce_order_status_processingapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:72
actionwoocommerce_order_status_on-holdapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:73
actionwoocommerce_order_status_completedapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:74
actionwoocommerce_order_status_cancelledapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:75
actionwoocommerce_order_status_failedapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:76
actionwoocommerce_order_status_refundedapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:77
actionpushengage_send_abandoned_cart_notificationapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:81
actionadmin_noticesapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:91
actionpost_submitbox_misc_actionsapp\Integrations\WooCommerce\Woo.php:29
actionadmin_menuapp\NavMenu.php:37
actionadmin_footerapp\NavMenu.php:38
actionplugins_loadedapp\Pushengage.php:160
actioninitapp\Pushengage.php:175
actionadmin_initapp\Pushengage.php:179
actionadmin_initapp\ReviewNotice.php:24
actionnetwork_admin_noticesapp\ReviewNotice.php:41
actionadmin_noticesapp\ReviewNotice.php:43
actionadmin_initapp\WhatsNew.php:26
actionadmin_noticesapp\WhatsNew.php:29
actionadmin_enqueue_scriptsapp\WhatsNew.php:30

Scheduled Events 2

pushengage_send_weekly_metrics
pushengage_check_abandoned_carts
Maintenance & Trust

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 6, 2026
PHP min version5.6
Downloads424K

Community Trust

Rating84/100
Number of ratings33
Active installs10K
Alternatives

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) Alternatives

Web Push Notifications – Webpushr

Web Push Notifications – Webpushr

webpushr-web-push-notifications

A
92

Fastest growing & lightweight plugin for Web Push Notifications. Add browser push notifications to your WordPress & WooCommerce site.

10K 4 CVEs
Perfecty Push Notifications

Perfecty Push Notifications

perfecty-push-notifications

A
100

Push Notifications that are self-hosted, you don't need API keys to integrate with external Push Notifications providers that will charge you lat …

5K No CVEs
Gravitec.net – Web Push Notifications

Gravitec.net – Web Push Notifications

gravitec-net-web-push-notifications

A
99

Easy-to-use and smart push notifications for your website. Increase subscriptions and repeat visits with minimal effort.

1K 1 CVE
iZooto – Web Push Notifications

iZooto – Web Push Notifications

izooto-web-push

A
100

Engage your audience and drive repeat traffic by delivering relevant and personalized push notifications - across web browsers, Android, iOS and Messe …

1K No CVEs
Pushly

Pushly

pushly

A
100

Take user engagement to a whole new level with an easy-to-use platform to engage audiences with targeted content after they leave your site.

900 No CVEs
Developer Profile

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More) Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pushengage/assets/css/admin-menu.css/wp-content/plugins/pushengage/assets/img/pushengage.svg
Version Parameters
pushengage/assets/css/admin-menu.css?ver=

HTML / DOM Fingerprints

CSS Classes
pushengage-main-logo
HTML Comments
<!-- START PushEngage --><!-- END PushEngage --><!-- This file is part of the PushEngage plugin. -->
Data Attributes
data-pushengage-site-id
JS Globals
pushengage_settings
REST Endpoints
/wp-json/pushengage/v1/settings/wp-json/pushengage/v1/site_settings
FAQ

Frequently Asked Questions about PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)