WP-Safety

SALERT – Fake Sales Notification WooCommerce Security & Risk Analysis

wordpress.org/plugins/salert

Display beautiful popup sales notification on your website with just few clicks.

9K active installs v1.3.0 PHP + WP + Updated Jan 23, 2026
fake-notificationnotificationsales-notificationwoocommerce
99
A · Safe
CVEs total2
Unpatched0
Last CVEMay 9, 2023
Plugin page Download
Safety Verdict

Is SALERT – Fake Sales Notification WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

SALERT – Fake Sales Notification WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: May 9, 2023Updated 3mo ago
Risk Assessment

The 'salert' plugin v1.3.0 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and not performing file operations or external HTTP requests, significant concerns arise from its attack surface and output escaping. Two out of three AJAX handlers lack authentication checks, presenting a direct pathway for unauthorized actions. Furthermore, a concerningly low 41% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX endpoints. The plugin's history of two medium-severity vulnerabilities, specifically XSS and Missing Authorization, directly aligns with the current code analysis findings, suggesting a recurring pattern of these weaknesses. Despite the absence of critical taint flows and dangerous functions in this static analysis, the combination of unprotected entry points and poor output sanitization, coupled with historical vulnerability trends, makes this version of the plugin moderately risky.

Key Concerns

  • AJAX handlers without auth checks
  • Low percentage of properly escaped output
  • Medium severity XSS and Missing Authorization history
Vulnerabilities
2 published

SALERT – Fake Sales Notification WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2023-32118medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SALERT <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

May 9, 2023 Patched in 1.2.2 (259d)
CVE-2023-32126medium · 4.3Missing Authorization

SALERT <= 1.2.1 - Missing Authorization via salert_save_settings_with_ajax()

May 9, 2023 Patched in 1.2.2 (259d)
Version History

SALERT – Fake Sales Notification WooCommerce Release Timeline

v1.3.0Current
v1.2.9
v1.2.8
v1.2.7
v1.2.6
v1.2.5
v1.2.4
v1.2.3
v1.2.2
v1.2.12 CVEs
CVE-2023-32118 CVE-2023-32126
v1.2.02 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.92 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.82 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.72 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.62 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.52 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.42 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.32 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.22 CVEs
CVE-2023-32118 CVE-2023-32126
v1.1.12 CVEs
CVE-2023-32118 CVE-2023-32126
Code Analysis
Analyzed Mar 16, 2026

SALERT – Fake Sales Notification WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
74
51 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

41% escaped125 total outputs
Attack Surface
2 unprotected

SALERT – Fake Sales Notification WooCommerce Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_salert_save_settings_with_ajaxinc\settings.php:77
authwp_ajax_salert_get_contentsalert.php:43
noprivwp_ajax_salert_get_contentsalert.php:44
WordPress Hooks 5
actionadmin_menuinc\settings.php:76
actioninitsalert.php:36
actionadmin_enqueue_scriptssalert.php:37
actionwp_enqueue_scriptssalert.php:41
actionwp_footersalert.php:42
Maintenance & Trust

SALERT – Fake Sales Notification WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 23, 2026
PHP min version
Downloads170K

Community Trust

Rating78/100
Number of ratings16
Active installs9K
Alternatives

SALERT – Fake Sales Notification WooCommerce Alternatives

PiWeb Live sales notification for WooCommerce

PiWeb Live sales notification for WooCommerce

live-sales-notifications-for-woocommerce

B
73

Fake sales alert for WooCommerce or Live sales notification for WooCommerce. Boost sales by encouraging your visitors to buy when they see your live n &hellip;

60K 1 unpatched
NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar

NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar

notificationx

B
77

Want to boost business trust & conversions? 97% of visitors hesitate to buy because of credibility. Instantly succeed with WooCommerce Sales Alert!

40K 9 CVEs
Live Sales Notification (Recent Sales Popups)

Live Sales Notification (Recent Sales Popups)

sales-pop

A
85

Beautiful live sales popups to feed recent orders to visitors. Best social proof to motivate customers to purchase and build brand trust.

400 No CVEs
WP Live Social-Proof

WP Live Social-Proof

wp-real-time-social-proof

A
100

The best animated, live, social-proof plugin for WooCommerce, Easy Digital Downloads or webinars and subscriptions to compel buyer action.

100 No CVEs
Elite Notification – Sales Popup, Social Proof, FOMO Notification for WooCommerce

Elite Notification – Sales Popup, Social Proof, FOMO Notification for WooCommerce

elite-notification

A
91

ELITE-NOTIFICATION is the best FOMO, Sales Pop-up, Comment, Review & WooCommerce notification with social proof wordpress plugin.

50 1 CVE
Developer Profile

SALERT – Fake Sales Notification WooCommerce Developer Profile

wpoperations

11 plugins · 17K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect SALERT – Fake Sales Notification WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/salert/assets/frontend/css/style.css/wp-content/plugins/salert/assets/frontend/js/main.js/wp-content/plugins/salert/assets/backend/css/salert-admin.css/wp-content/plugins/salert/assets/backend/css/animate.css/wp-content/plugins/salert/assets/backend/css/sweetalert2.min.css/wp-content/plugins/salert/assets/backend/js/core.js/wp-content/plugins/salert/assets/backend/js/sweetalert2.min.js/wp-content/plugins/salert/assets/backend/js/custom.js+1 more
Script Paths
/wp-content/plugins/salert/assets/frontend/js/main.js/wp-content/plugins/salert/assets/backend/js/core.js/wp-content/plugins/salert/assets/backend/js/sweetalert2.min.js/wp-content/plugins/salert/assets/backend/js/custom.js/wp-content/plugins/salert/assets/backend/js/salert-admin.js
Version Parameters
salert/style.css?ver=salert-main-css?ver=animate-css?ver=salert-admin-css?ver=sweetalert2.min.css?ver=core.js?ver=sweetalert2.min.js?ver=custom.js?ver=salert-admin.js?ver=main.js?ver=

HTML / DOM Fingerprints

CSS Classes
sale_alert_wrapperpopup_positionpopup_boxpopup_templateanimatedclearfix
Data Attributes
id="salertWrapper"
JS Globals
admin_settings
REST Endpoints
/wp-json/salert_get_content
FAQ

Frequently Asked Questions about SALERT – Fake Sales Notification WooCommerce