[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fknFZdE1w_EYY793jfYklSTnAmz2xTryqOX-RAN-e7uw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":13,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":135,"fingerprints":251},"pusher-pushing-mobile-notifications-with-fcm","Pusher – Pushing mobile notification with FCM","1.0.0","Kemal YAZICI","https:\u002F\u002Fprofiles.wordpress.org\u002Fkyazici\u002F","\u003Cp>Has your wordpress website a mobile application? Do you want to push notifications from wordpress website to your application?\u003Cbr \u002F>\nPusher plugin can achieve this job if you use Firebase Cloud Messaging in your application.\u003Cbr \u002F>\nIf you make the settings in the mobile application correctly, the plugin will push a notification in every new post.\u003C\u002Fp>\n\u003Cp>You can find all Firebase Cloud Messaging related information at \u003Ca href=\"https:\u002F\u002Ffirebase.google.com\u002Fdocs\u002Fcloud-messaging\" rel=\"nofollow ugc\">this address.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to push notification to mobile app\u003C\u002Fh3>\n\u003Cp>You can send a notification to all users who have subscribed to the topic you set from within your application.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffirebase.google.com\u002Fdocs\u002Fcloud-messaging\u002Fios\u002Ftopic-messaging\" rel=\"nofollow ugc\">Send messages to topics on iOS\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffirebase.google.com\u002Fdocs\u002Fcloud-messaging\u002Fandroid\u002Ftopic-messaging\" rel=\"nofollow ugc\">Topic messaging on Android\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","If your wordpress site has a mobile application, you can push a notification to the users of your mobile application via this plugin.",0,1153,"","5.7.15","4.7","5.2",[18,19,20,21,22],"android","firebase","ios","mobile","notification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpusher-pushing-mobile-notifications-with-fcm.1.0.0.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"kyazici",3,150,95,30,91,"2026-04-04T12:30:16.344Z",[37,63,82,95,110],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":11,"num_ratings":11,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":11,"last_vuln_date":61,"fetched_at":62},"push-notification-mobile-and-web-app","Push notification for Mobile and Web app","2.0.4","App Cheap","https:\u002F\u002Fprofiles.wordpress.org\u002Fappcheap\u002F","\u003Cp>Support push notification for mobile and the web app.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fcirilla-multipurpose-flutter-wordpress-app\u002F31940668\" rel=\"nofollow ugc\">Demo app\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Push services support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Firebase HTTP V1\u003C\u002Fli>\n\u003Cli>Firebase HTTP legacy\u003C\u002Fli>\n\u003Cli>OneSignal\u003C\u002Fli>\n\u003Cli>Debug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How does it work\u003C\u002Fh3>\n\u003Cp>The Push Notification plugin is built with five part:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trigger: When WordPress action execution (Post saved, Order status changed …)\u003C\u002Fli>\n\u003Cli>Recipients: One\u002F More recipients get the notification ( topic, registration ID, role, user, merge tag …)\u003C\u002Fli>\n\u003Cli>Conditionals: Determine whether notification send\u003C\u002Fli>\n\u003Cli>Action: The action when the user click to notification on device\u003C\u002Fli>\n\u003Cli>Merge Tag: That is dynamic information in that context\u003C\u002Fli>\n\u003Cli>String translation: Replace part of string on title and message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Comment Post: Fires immediately after a comment is inserted into the database.\u003C\u002Fli>\n\u003Cli>Post Type: Fires when a post is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>Save Post: Fires once a post has been saved.\u003C\u002Fli>\n\u003Cli>Order Status Changed: Fires when an order is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>Product Status Changed: Fires when a product is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>WCFM – Direct Messaging: Fires when vendor receive a message.\u003C\u002Fli>\n\u003Cli>BuddyPress: Fires Messages message sent, Activity Posted Update, Friends Friendship Accepted, Friends Friendship Requested, Groups Posted Update, Groups Send Invites\u003C\u002Fli>\n\u003C\u002Ful>\n","Push notification for Android, iOS and the Web",500,15918,"2025-12-06T07:06:00.000Z","6.6.5","5.8","7.4",[52,53,54,55,56],"android-notifications","app-builder","firebase-messages","ios-notifications","push-notification","https:\u002F\u002Fappcheap.io\u002Fpush-notification-mobile-and-web-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-notification-mobile-and-web-app.2.0.4.zip",99,1,"2025-05-16 00:00:00","2026-03-15T15:16:48.613Z",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":24,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":13,"tags":77,"homepage":13,"download_link":80,"security_score":81,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":62},"pushbullet-notification","Pushbullet Notifications for WordPress","1.3.6","ploufs","https:\u002F\u002Fprofiles.wordpress.org\u002Fploufs\u002F","\u003Cp>Using the Pushbullet Notifications application on your Android device in conjunction with your WordPress blog and this plugin, you can be notified of events happening on your blog as Push Notifications on your mobile device.\u003C\u002Fp>\n\u003Cp>Currently supports notifications for new users, comments, pingback\u002Ftrackbacks, user specific password reset notifications, plugin and theme upgrades, core upgrades.\u003C\u002Fp>\n","Pushbullet Notifications allows your WordPress site to send push notifications straight to your Android and iOS device.",10,3022,2,"2014-05-19T20:12:00.000Z","3.9.40","3.0",[18,20,21,78,79],"push-notifications","pushbullet-notifications","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpushbullet-notification.1.3.6.zip",85,{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":11,"downloaded":90,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":91,"requires_at_least":13,"requires_php":13,"tags":92,"homepage":13,"download_link":94,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"better-hints","Better Hints for WordPress","1.3.1","dpoakaspine","https:\u002F\u002Fprofiles.wordpress.org\u002Fdpoakaspine\u002F","\u003Cp>Adds custom notifications\u002Fhints for your visitors based on a condition to your site.\u003C\u002Fp>\n\u003Cp>\u003Cem>NEW\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>new pulse effect\u003C\u002Fli>\n\u003Cli>more conditions (windows etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cul>\n\u003Cli>design your hints easy via the WordPress Customizer\u003C\u002Fli>\n\u003Cli>mobile-friendly and made with usability in mind\u003C\u002Fli>\n\u003Cli>works with WooCommerce\u003C\u002Fli>\n\u003Cli>for devs: add custom classes with code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>add hint for android users\u003C\u002Fli>\n\u003Cli>add hint for a special page\u003C\u002Fli>\n\u003Cli>add hint for users in checkout\u003C\u002Fli>\n\u003C\u002Ful>\n","Target your visitors with better notifications.",1192,"4.9.29",[18,20,21,22,93],"woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-hints.zip",{"slug":96,"name":97,"version":6,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":11,"downloaded":102,"rating":11,"num_ratings":11,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":50,"tags":106,"homepage":108,"download_link":109,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":62},"topic-based-push-notifications-for-firebase","Topic-Based Push Notifications for Firebase","Rizwan Abbasi","https:\u002F\u002Fprofiles.wordpress.org\u002Frizwanabbasi\u002F","\u003Cp>Topic-Based Push Notifications for Firebase enables you to send push notifications from your WordPress admin panel directly to Android mobile applications using Firebase Cloud Messaging (FCM). Perfect for apps that need to notify users about new content, updates, or important announcements.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Topic-Based Targeting\u003C\u002Fstrong>: Send notifications to specific user groups by topic subscription\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rich Notifications\u003C\u002Fstrong>: Support for images, custom links, and detailed messaging\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete Analytics\u003C\u002Fstrong>: Track delivery rates, engagement, and notification performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Engagement Tracking\u003C\u002Fstrong>: Monitor when users open notifications with detailed metrics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>History Management\u003C\u002Fstrong>: View all sent notifications with filtering and search capabilities\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Interface\u003C\u002Fstrong>: Clean, responsive admin interface that works on all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Implementation\u003C\u002Fstrong>: Built with WordPress security best practices\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Upload your Firebase service account JSON file and configure topics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create\u003C\u002Fstrong>: Compose notifications with title, message, optional image, and link\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Target\u003C\u002Fstrong>: Select which topics (user groups) should receive the notification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send\u003C\u002Fstrong>: Deliver notifications instantly to all subscribed Android devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track\u003C\u002Fstrong>: Monitor delivery success rates and user engagement in real-time\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>News and blog websites with mobile apps\u003C\u002Fli>\n\u003Cli>E-commerce stores with Android applications\u003C\u002Fli>\n\u003Cli>Educational platforms with student mobile apps\u003C\u002Fli>\n\u003Cli>Community websites with member applications\u003C\u002Fli>\n\u003Cli>Any WordPress site with an Android companion app\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What You Need\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Firebase project with FCM enabled\u003C\u002Fli>\n\u003Cli>Service account JSON file from Firebase Console\u003C\u002Fli>\n\u003Cli>Android app configured to receive FCM notifications (topic based). This version doesn’t handle token based notifications.\u003C\u002Fli>\n\u003Cli>WordPress 5.0+ and PHP 7.4+\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to Google’s Firebase services to send push notifications to mobile applications. External service connections are required for the plugin’s core functionality.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Google OAuth API (oauth2.googleapis.com)\u003C\u002Fstrong>\u003Cbr \u002F>\n* Purpose: Authentication with Firebase Cloud Messaging service\u003Cbr \u002F>\n* Data sent: Service account credentials (from your uploaded JSON file), authentication tokens\u003Cbr \u002F>\n* When: Every time notifications are sent (to obtain access tokens)\u003Cbr \u002F>\n* Terms of Service: https:\u002F\u002Fdevelopers.google.com\u002Fterms\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Firebase Cloud Messaging API (fcm.googleapis.com)\u003C\u002Fstrong>\u003Cbr \u002F>\n* Purpose: Sending push notifications to Android mobile applications\u003Cbr \u002F>\n* Data sent: Notification content (title, message, image URLs, links), target topics, FCM project ID\u003Cbr \u002F>\n* When: When you send notifications through the plugin interface\u003Cbr \u002F>\n* Terms of Service: https:\u002F\u002Ffirebase.google.com\u002Fterms\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n\u003Ch3>Privacy & Data\u003C\u002Fh3>\n\u003Cp>This plugin processes notification data locally on your WordPress installation. Notifications are sent directly to Google’s Firebase Cloud Messaging service.\u003C\u002Fp>\n\u003Cp>No user data is collected or sent to services other than Google\u002FFirebase for notification delivery. Your Firebase service account credentials are stored securely on your server.\u003C\u002Fp>\n\u003Ch3>Developers\u003C\u002Fh3>\n\u003Cp>The plugin includes hooks and filters for developers to extend functionality:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tbpn_before_send_notification\u003C\u002Fcode> – Filter notification data before sending\u003C\u002Fli>\n\u003Cli>\u003Ccode>tbpn_after_send_notification\u003C\u002Fcode> – Action after notification is sent\u003C\u002Fli>\n\u003Cli>\u003Ccode>tbpn_notification_response\u003C\u002Fcode> – Filter FCM response data\u003C\u002Fli>\n\u003Cli>REST API endpoint for mobile apps to report engagement\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Details\u003C\u002Fh3>\n\u003Ch3>System Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>MySQL 5.6 or MariaDB 10.0\u003C\u002Fli>\n\u003Cli>SSL certificate (recommended for production)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>File Permissions\u003C\u002Fh3>\n\u003Cp>The plugin creates a secure upload directory for Firebase service account files. Ensure your WordPress uploads directory is writable.\u003C\u002Fp>\n\u003Ch3>Database Tables\u003C\u002Fh3>\n\u003Cp>The plugin creates two tables:\u003Cbr \u002F>\n* \u003Ccode>wp_tbpn_notifications\u003C\u002Fcode> – Stores notification history and analytics\u003Cbr \u002F>\n* \u003Ccode>wp_tbpn_engagements\u003C\u002Fcode> – Tracks user engagement with notifications\u003C\u002Fp>\n\u003Ch3>REST API Endpoints\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>POST \u002Fwp-json\u002Fmn\u002Fv1\u002Fengage\u003C\u002Fcode> – Report notification engagement (for mobile apps)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Hooks for Developers\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Actions:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>tbpn_notification_sent\u003C\u002Fcode> – Triggered after notification is sent\u003Cbr \u002F>\n* \u003Ccode>tbpn_notification_failed\u003C\u002Fcode> – Triggered when notification sending fails\u003Cbr \u002F>\n* \u003Ccode>tbpn_engagement_recorded\u003C\u002Fcode> – Triggered when engagement is recorded\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filters:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>tbpn_notification_data\u003C\u002Fcode> – Filter notification data before sending\u003Cbr \u002F>\n* \u003Ccode>tbpn_topics_list\u003C\u002Fcode> – Filter available topics\u003Cbr \u002F>\n* \u003Ccode>tbpn_max_notifications_per_hour\u003C\u002Fcode> – Filter rate limiting\u003C\u002Fp>\n\u003Ch3>Security Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Nonce verification for all forms\u003C\u002Fli>\n\u003Cli>Capability checks for admin actions\u003C\u002Fli>\n\u003Cli>SQL injection prevention with prepared statements\u003C\u002Fli>\n\u003Cli>XSS prevention with proper output escaping\u003C\u002Fli>\n\u003Cli>Secure file upload handling\u003C\u002Fli>\n\u003Cli>Rate limiting for notification sending\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports, please use the WordPress.org support forums.\u003C\u002Fp>\n\u003Cp>For documentation and updates, visit the plugin homepage.\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>This plugin is open source. Contributions, bug reports, and feature requests are welcome on the plugin’s development repository.\u003C\u002Fp>\n","Professional WordPress plugin for sending Firebase Cloud Messaging (FCM) push notifications to Android apps with advanced targeting and analytics.",218,"2025-09-23T05:00:00.000Z","6.8.5","5.0",[18,107,19,21,78],"fcm","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftopic-based-push-notifications-for-firebase\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftopic-based-push-notifications-for-firebase.1.0.0.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":130,"download_link":131,"security_score":132,"vuln_count":133,"unpatched_count":11,"last_vuln_date":134,"fetched_at":62},"wpappninja","WPMobile.App","11.75","Amauri","https:\u002F\u002Fprofiles.wordpress.org\u002Famauric\u002F","\u003Ch4>Android and iOS mobile app\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>💳 \u003Cstrong>LIFETIME LICENCE\u003C\u002Fstrong> – No subscription, no hidden fees.\u003Cbr \u002F>\n\u003Cem>Android 129€ \u002F\u002F iOS 129€ \u002F\u002F Android + iOS 239€\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🎉 \u003Cstrong>FREE TEST\u003C\u002Fstrong> – You can test your mobile app \u003Ca href=\"https:\u002F\u002Fwpmobile.app\u002Fen\u002Ftest-my-app\u002F\" rel=\"nofollow ugc\">with the demo app\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🖌 \u003Cstrong>CUSTOMIZATION\u003C\u002Fstrong> – No mention of our brand or advertisement, the mobile app is white-labeled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📲 \u003Cstrong>GREAT COMPATIBILITY\u003C\u002Fstrong> – The mobile apps is compatible with smartphones and tablets, always up-to-date.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>👌 \u003Cstrong>VERY EASY PUBLISH\u003C\u002Fstrong> – I take care of all the technical work, no software to download or complicated manipulation to do.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>💬 \u003Cstrong>SUPPORT TEAM\u003C\u002Fstrong> – I’m here to help and answer all your requests as quickly as possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>👍 \u003Cstrong>AUTOMATIC APP UPDATE\u003C\u002Fstrong> – When new content is released, the application is automatically updated.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📢 \u003Cstrong>NOTIFICATIONS\u003C\u002Fstrong> – Unlimited push notification: manually or with automated push.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📈 \u003Cstrong>REAL-TIME STATISTICS\u003C\u002Fstrong> – Stats about the app usage, all statistics are real-time and hosted on your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Android and iOS mobile application. Easy setup, free test.",4000,551250,96,161,"2025-12-02T15:54:00.000Z","6.9.4","3.7.0","5.6",[18,127,20,128,129],"android-app","ios-app","mobile-app","https:\u002F\u002Fwpmobile.app\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpappninja.zip",89,9,"2025-10-26 00:00:00",{"attackSurface":136,"codeSignals":155,"taintFlows":189,"riskAssessment":237,"analyzedAt":250},{"hooks":137,"ajaxHandlers":151,"restRoutes":152,"shortcodes":153,"cronEvents":154,"entryPointCount":11,"unprotectedCount":11},[138,143,147],{"type":139,"name":140,"callback":141,"file":142,"line":30},"action","admin_enqueue_scripts","pusherfcm_admin_styles","includes\\Helpers\\actions.php",{"type":139,"name":144,"callback":145,"file":142,"line":146},"admin_menu","pusherfcm_admin_menu",5,{"type":139,"name":148,"callback":149,"priority":71,"file":142,"line":150},"wp_insert_post","pusherfcm_update_post",7,[],[],[],[],{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":166,"fileOperations":11,"externalRequests":73,"nonceChecks":11,"capabilityChecks":60,"bundledLibraries":188},[],{"prepared":11,"raw":73,"locations":158},[159,163],{"file":160,"line":161,"context":162},"includes\\Controllers\\ApiController.php",46,"$wpdb->query() with variable interpolation",{"file":164,"line":165,"context":162},"uninstall.php",8,{"escaped":11,"rawEcho":71,"locations":167},[168,172,174,176,178,180,182,183,185,187],{"file":169,"line":170,"context":171},"includes\\Helpers\\menus\\dashboard.php",73,"raw output",{"file":169,"line":173,"context":171},74,{"file":169,"line":175,"context":171},75,{"file":169,"line":177,"context":171},76,{"file":169,"line":179,"context":171},77,{"file":169,"line":181,"context":171},78,{"file":169,"line":81,"context":171},{"file":169,"line":184,"context":171},88,{"file":169,"line":186,"context":171},94,{"file":169,"line":24,"context":171},[],[190,224],{"entryPoint":191,"graph":192,"unsanitizedCount":60,"severity":223},"pusherfcm_admin_dashboard (includes\\Helpers\\menus\\dashboard.php:2)",{"nodes":193,"edges":217},[194,199,204,207,211],{"id":195,"type":196,"label":197,"file":169,"line":198},"n0","source","$_POST",28,{"id":200,"type":201,"label":202,"file":169,"line":173,"wp_function":203},"n1","sink","echo() [XSS]","echo",{"id":205,"type":196,"label":197,"file":169,"line":206},"n2",50,{"id":208,"type":209,"label":210,"file":169,"line":206},"n3","transform","→ saveSettings()",{"id":212,"type":201,"label":213,"file":214,"line":215,"wp_function":216},"n4","update_option() [Settings Manipulation]","includes\\Controllers\\FCMController.php",37,"update_option",[218,220,222],{"from":195,"to":200,"sanitized":219},true,{"from":205,"to":208,"sanitized":221},false,{"from":208,"to":212,"sanitized":221},"low",{"entryPoint":225,"graph":226,"unsanitizedCount":60,"severity":223},"\u003Cdashboard> (includes\\Helpers\\menus\\dashboard.php:0)",{"nodes":227,"edges":233},[228,229,230,231,232],{"id":195,"type":196,"label":197,"file":169,"line":198},{"id":200,"type":201,"label":202,"file":169,"line":173,"wp_function":203},{"id":205,"type":196,"label":197,"file":169,"line":206},{"id":208,"type":209,"label":210,"file":169,"line":206},{"id":212,"type":201,"label":213,"file":214,"line":215,"wp_function":216},[234,235,236],{"from":195,"to":200,"sanitized":219},{"from":205,"to":208,"sanitized":221},{"from":208,"to":212,"sanitized":221},{"summary":238,"deductions":239},"The \"pusher-pushing-mobile-notifications-with-fcm\" plugin version 1.0.0 exhibits a mixed security posture. On the positive side, the static analysis reveals a very limited attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed without proper authentication or permission checks.  Furthermore, there are no recorded historical vulnerabilities (CVEs), which suggests a history of good security practices or a lack of targeted exploitation.\n\nHowever, significant concerns arise from the code signals. The plugin uses raw SQL queries without prepared statements for 100% of its database interactions. This is a critical flaw that can lead to SQL injection vulnerabilities, especially if user-supplied data is directly incorporated into these queries. Additionally, none of the output escaping is properly implemented, meaning that sensitive data displayed to users could be vulnerable to cross-site scripting (XSS) attacks. The taint analysis also flags two flows with unsanitized paths, indicating potential data leakage or manipulation vulnerabilities that require further investigation. The lack of nonce checks on any entry points, while the attack surface is currently zero, could become a problem if future updates introduce new handlers.\n\nIn conclusion, while the plugin has a clean vulnerability history and a seemingly small attack surface, the presence of unescaped output and raw SQL queries without prepared statements presents a significant security risk. The taint analysis further underscores potential vulnerabilities. It is crucial that these code-level issues are addressed to improve the plugin's overall security.",[240,243,246,248],{"reason":241,"points":242},"SQL queries not using prepared statements",15,{"reason":244,"points":245},"Output escaping not properly implemented",12,{"reason":247,"points":71},"Flows with unsanitized paths detected",{"reason":249,"points":146},"No nonce checks on any entry points","2026-03-17T06:02:06.726Z",{"wat":252,"direct":260},{"assetPaths":253,"generatorPatterns":255,"scriptPaths":256,"versionParams":257},[254],"\u002Fwp-content\u002Fplugins\u002Fpusher-pushing-mobile-notifications-with-fcm\u002Fincludes\u002Fcss\u002Fadmin-style.css",[],[],[258,259],"pusher-pushing-mobile-notifications-with-fcm\u002Fincludes\u002Fcss\u002Fadmin-style.css?v=","pusher-pushing-mobile-notifications-with-fcm\u002Fincludes\u002Fcss\u002Fadmin-style.css?v=1.0",{"cssClasses":261,"htmlComments":262,"htmlAttributes":263,"restEndpoints":264,"jsGlobals":265,"shortcodeOutput":266},[],[],[],[],[],[]]