Does PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Security & Risk Analysis

wordpress.org/plugins/pushengage

The #1 push notification plugin for WordPress & WooCommerce. Recover abandoned carts, automate alerts, and grow subscribers — no code needed.

10K active installs v4.2.1 PHP 5.6+ WP 4.5.0+ Updated Mar 16, 2026

cart-abandonmentnotificationspush-notificationsweb-pushwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Safe to Use in 2026?

Generally Safe

Score 100/100

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The Pushengage plugin v4.2.1 demonstrates some good security practices, particularly its high percentage of prepared SQL statements and properly escaped outputs. The absence of known CVEs and a clean vulnerability history are positive indicators. However, the plugin has a notable attack surface with 10 AJAX handlers, 4 of which lack authentication checks. This is a significant concern as it potentially allows unauthenticated users to trigger plugin functionality. While taint analysis did not reveal critical or high-severity issues, the presence of 5 flows with unsanitized paths warrants further investigation to ensure they do not lead to exploitable vulnerabilities in conjunction with the unprotected AJAX endpoints. The plugin also has file operations and external HTTP requests, which could be vectors if not handled securely in combination with other weaknesses.

Key Concerns

4 unprotected AJAX handlers present
5 flows with unsanitized paths detected
File operations present (potential vector)
External HTTP requests present (potential vector)

Vulnerabilities

None known

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Release Timeline

v4.2.1Current

v4.2.0

v4.1.6

v4.1.5

v4.1.4.1

v4.1.4

v4.1.3

v4.1.2

v4.1.1.1

v4.1.1

v4.1.0

v4.0.12

v4.0.11

v4.0.10

v4.0.9

v4.0.8.1

v4.0.8

v4.0.7.1

v4.0.7

v4.0.6

Code Analysis

Analyzed Mar 16, 2026

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

193 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

79% prepared29 total queries

Output Escaping

92% escaped210 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths

view_debug_log_file (app\Ajax.php:2080)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Attack Surface

Entry Points10

Unprotected4

AJAX Handlers 10

authwp_ajax_pe_subscriber_syncapp\Includes\SubscriberSync.php:27

authwp_ajax_pe_woocommerce_order_actionapp\Integrations\WooCommerce\NotificationActions.php:98

authwp_ajax_pe_woo_send_product_import_notificationapp\Integrations\WooCommerce\NotificationActions.php:99

authwp_ajax_pushengage_save_cart_abandonment_dataapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:58

noprivwp_ajax_pushengage_save_cart_abandonment_dataapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:59

authwp_ajax_pe_dismiss_woo_noticeapp\Integrations\WooCommerce\Woo.php:25

authwp_ajax_pe_get_woo_noticeapp\Integrations\WooCommerce\Woo.php:26

authwp_ajax_pe_dismiss_review_noticeapp\ReviewNotice.php:27

authwp_ajax_pe_get_review_noticeapp\ReviewNotice.php:28

authwp_ajax_pe_dismiss_whats_new_noticeapp\WhatsNew.php:41

WordPress Hooks 94

actionadmin_initapp\Admin.php:23

actionadmin_enqueue_scriptsapp\Admin.php:24

actionadmin_noticesapp\Admin.php:25

actionadmin_noticesapp\Admin.php:26

actionadmin_enqueue_scriptsapp\Admin.php:28

actionadmin_bar_menuapp\AdminBarMenu.php:34

actionadmin_headapp\AdminBarMenu.php:36

actionwp_headapp\AdminBarMenu.php:38

actioninitapp\Core.php:56

actionwp_enqueue_scriptsapp\Core.php:59

actionwp_enqueue_scriptsapp\Core.php:67

actiontransition_post_statusapp\Core.php:70

actioninitapp\Core.php:78

actionadmin_noticesapp\Core.php:79

actionenqueue_block_editor_assetsapp\Core.php:86

actionpe_wpcode_wc_browse_scriptapp\Core.php:110

actionpe_wpcode_wc_cart_scriptapp\Core.php:111

actionpe_wpcode_wc_cart_ajax_scriptapp\Core.php:112

actionpe_wpcode_wc_checkout_scriptapp\Core.php:113

actionpe_wpcode_edd_browse_scriptapp\Core.php:121

actionpe_wpcode_edd_cart_scriptapp\Core.php:122

actionpe_wpcode_edd_checkout_scriptapp\Core.php:123

actionwoocommerce_after_single_productapp\Core.php:134

actionwp_headapp\Core.php:139

actionwoocommerce_add_to_cartapp\Core.php:140

actionwoocommerce_thankyouapp\Core.php:145

actionwoocommerce_thankyouapp\Core.php:148

filterrocket_excluded_inline_js_contentapp\Core.php:191

actionadd_meta_boxesapp\Core.php:271

actionadd_meta_boxesapp\Core.php:277

actionsave_postapp\Core.php:280

actionwp_dashboard_setupapp\DashboardWidget.php:33

actionadmin_enqueue_scriptsapp\EnqueueAssets.php:34

filteradmin_footer_textapp\EnqueueAssets.php:52

actionwp_enqueue_scriptsapp\Includes\AttributesMetaSync.php:27

actionadmin_footerapp\Includes\PluginFeedback.php:38

actionadmin_enqueue_scriptsapp\Includes\PluginFeedback.php:39

filterplugin_row_metaapp\Includes\PluginFeedback.php:41

actionwp_enqueue_scriptsapp\Includes\SubscriberSync.php:26

filtercron_schedulesapp\Includes\WPMetricsCron.php:63

actioninitapp\Includes\WPMetricsCron.php:66

actionpushengage_send_weekly_metricsapp\Includes\WPMetricsCron.php:70

filtermanage_edit-shop_order_columnsapp\Integrations\WooCommerce\NotificationActions.php:37

filtermanage_woocommerce_page_wc-orders_columnsapp\Integrations\WooCommerce\NotificationActions.php:39

actionmanage_shop_order_posts_custom_columnapp\Integrations\WooCommerce\NotificationActions.php:42

actionmanage_woocommerce_page_wc-orders_custom_columnapp\Integrations\WooCommerce\NotificationActions.php:44

filterbulk_actions-woocommerce_page_wc-ordersapp\Integrations\WooCommerce\NotificationActions.php:47

filterhandle_bulk_actions-woocommerce_page_wc-ordersapp\Integrations\WooCommerce\NotificationActions.php:48

actionadmin_noticesapp\Integrations\WooCommerce\NotificationActions.php:49

actionadmin_initapp\Integrations\WooCommerce\NotificationActions.php:51

filterwoocommerce_order_actionsapp\Integrations\WooCommerce\NotificationActions.php:54

actionwoocommerce_order_action_pe_send_status_updateapp\Integrations\WooCommerce\NotificationActions.php:56

actionwoocommerce_order_action_pe_send_review_requestapp\Integrations\WooCommerce\NotificationActions.php:57

actionwoocommerce_order_action_pe_send_retry_purchaseapp\Integrations\WooCommerce\NotificationActions.php:58

filterpushengage_post_settings_metabox_priorityapp\Integrations\WooCommerce\NotificationActions.php:71

filterpushengage_site_not_connected_metabox_priorityapp\Integrations\WooCommerce\NotificationActions.php:72

actionpushengage_send_review_request_notificationapp\Integrations\WooCommerce\NotificationHandler.php:90

filterwoocommerce_settings_tabs_arrayapp\Integrations\WooCommerce\NotificationSettings.php:22

actionwoocommerce_settings_pe_notificationsapp\Integrations\WooCommerce\NotificationSettings.php:23

actionadmin_enqueue_scriptsapp\Integrations\WooCommerce\NotificationSettings.php:26

actionadmin_footerapp\Integrations\WooCommerce\NotificationSettings.php:29

actionadmin_noticesapp\Integrations\WooCommerce\NotificationSettings.php:32

actioninitapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\CartAbandonmentTracker.php:40

actionwoocommerce_after_checkout_formapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\CartAbandonmentTracker.php:55

actionwoocommerce_blocks_enqueue_checkout_block_scripts_afterapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\CartAbandonmentTracker.php:56

actionwoocommerce_after_calculate_totalsapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:42

actionwoocommerce_cart_item_removedapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:43

actionwoocommerce_new_orderapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:46

filtercron_schedulesapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:49

actioninitapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:52

actionpushengage_check_abandoned_cartsapp\Integrations\WooCommerce\Whatsapp\CartAbandonment\Tracker.php:55

actionwp_enqueue_scriptsapp\Integrations\WooCommerce\Whatsapp\WhatsappClickToChat.php:39

actionwp_footerapp\Integrations\WooCommerce\Whatsapp\WhatsappClickToChat.php:40

actionwoocommerce_new_orderapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:71

actionwoocommerce_order_status_processingapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:72

actionwoocommerce_order_status_on-holdapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:73

actionwoocommerce_order_status_completedapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:74

actionwoocommerce_order_status_cancelledapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:75

actionwoocommerce_order_status_failedapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:76

actionwoocommerce_order_status_refundedapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:77

actionpushengage_send_abandoned_cart_notificationapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:81

actionadmin_noticesapp\Integrations\WooCommerce\Whatsapp\WhatsappNotification.php:91

actionpost_submitbox_misc_actionsapp\Integrations\WooCommerce\Woo.php:29

actionadmin_menuapp\NavMenu.php:37

actionadmin_footerapp\NavMenu.php:38

actionplugins_loadedapp\Pushengage.php:160

actioninitapp\Pushengage.php:175

actionadmin_initapp\Pushengage.php:179

actionadmin_initapp\ReviewNotice.php:24

actionnetwork_admin_noticesapp\ReviewNotice.php:41

actionadmin_noticesapp\ReviewNotice.php:43

actionadmin_initapp\WhatsNew.php:26

actionadmin_noticesapp\WhatsNew.php:29

actionadmin_enqueue_scriptsapp\WhatsNew.php:30

Scheduled Events 2

pushengage_send_weekly_metrics

pushengage_check_abandoned_carts

Maintenance & Trust

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 16, 2026

PHP min version5.6

Downloads426K

Community Trust

Rating84/100

Number of ratings34

Active installs10K

Alternatives

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Alternatives

CleverPush

cleverpush

CleverPush lets you send browser push notifications to your users in the simplest way possible.

200 No CVEs

Digital Conversion – Push Notifications & Marketing Hub

digital-conversion

100

Smart Web Push with unlimited subscribers, AI insights, A/B testing, automation, WooCommerce integration, and personalization.

0 No CVEs

Web Push Notifications – Webpushr

webpushr-web-push-notifications

Fastest growing & lightweight plugin for Web Push Notifications. Add browser push notifications to your WordPress & WooCommerce site.

10K 4 CVEs

Perfecty Push Notifications

perfecty-push-notifications

100

Push Notifications that are self-hosted, you don't need API keys to integrate with external Push Notifications providers that will charge you lat …

5K No CVEs

Gravitec.net – Web Push Notifications

gravitec-net-web-push-notifications

Easy-to-use and smart push notifications for your website. Increase subscriptions and repeat visits with minimal effort.

1K 1 CVE

Developer Profile

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

752 days

View full developer profile

Detection Fingerprints

How We Detect PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pushengage/assets/css/admin-menu.css/wp-content/plugins/pushengage/assets/img/pushengage.svg

Version Parameters

pushengage/assets/css/admin-menu.css?ver=

HTML / DOM Fingerprints

CSS Classes

pushengage-main-logo

HTML Comments

Data Attributes

data-pushengage-site-id

JS Globals

pushengage_settings

REST Endpoints

/wp-json/pushengage/v1/settings/wp-json/pushengage/v1/site_settings

FAQ