Pushnami – Web Push Notifications Security & Risk Analysis

wordpress.org/plugins/pushnami-web-push-notifications

With push notifications from Pushnami, you can send messages via desktop & mobile browsers with ease. Users opt-in with one click, no email required.

50 active installs v1.1.6 PHP 5.4+ WP 1.0+ Updated Nov 24, 2025
notificationspushpush-notificationssubscribewebpush
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Pushnami – Web Push Notifications Safe to Use in 2026?

Generally Safe

Score 100/100

Pushnami – Web Push Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The 'pushnami-web-push-notifications' plugin v1.1.6 exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, indicating a minimal attack surface. Furthermore, the code demonstrates good security practices with 100% of SQL queries using prepared statements and a high percentage of output properly escaped. The lack of dangerous functions and external HTTP requests further contributes to its secure foundation. The plugin also has a clean vulnerability history, with no recorded CVEs, which suggests consistent security maintenance or a lack of past exploitable issues.

While the static analysis is largely positive, there are a few areas that warrant attention. The presence of file operations, although not directly flagged as a risk in the taint analysis, could potentially be an attack vector if not handled with extreme care. The absence of capability checks is also a point of concern, especially if the plugin interacts with sensitive user data or functionality. Despite these minor observations, the overall security of this plugin appears to be robust. The developer has implemented sound security practices, and the lack of known vulnerabilities is reassuring. Users can generally have confidence in the security of this plugin, but awareness of potential file operation and capability check implications is advised.

Key Concerns

  • No capability checks found
  • File operations present
Vulnerabilities
None known

Pushnami – Web Push Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Pushnami – Web Push Notifications Release Timeline

v1.1.6Current
v1.1.5
v1.1.4
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.1
v1.0.0
v0.0.1
Code Analysis
Analyzed Mar 16, 2026

Pushnami – Web Push Notifications Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
35 escaped
Nonce Checks
4
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

97% escaped36 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<pushnami-settings> (views\admin\pushnami-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Pushnami – Web Push Notifications Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_menuincludes\class-pushnami.php:35
actionwp_enqueue_scriptsincludes\class-pushnami.php:36
actionwp_print_scriptsincludes\class-pushnami.php:37
actionwp_headincludes\class-pushnami.php:38
actionparse_requestincludes\class-pushnami.php:39
filterquery_varsincludes\class-pushnami.php:44
actionwp_print_footer_scriptsincludes\class-pushnami.php:383
actionadmin_initpushnami.php:43
actionadmin_enqueue_scriptsviews\admin\pushnami-settings.php:10
Maintenance & Trust

Pushnami – Web Push Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 24, 2025
PHP min version5.4
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs50
Developer Profile

Pushnami – Web Push Notifications Developer Profile

pushnami

1 plugin · 50 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pushnami – Web Push Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pushnami-web-push-notifications/pushnami.php/wp-content/plugins/pushnami-web-push-notifications/includes/class-pushnami.php

HTML / DOM Fingerprints

HTML Comments
/*pn_wordpress*/
Data Attributes
content="wordpress-plugin"
JS Globals
window.pnwindow.pn.setupwindow.pn.subscribe
FAQ

Frequently Asked Questions about Pushnami – Web Push Notifications