Notification : Signature Security & Risk Analysis
wordpress.org/plugins/signature-notificationAdd your own Signature to Notification Emails
10 active installs v4.0.0 PHP + WP 3.6+ Updated Aug 25, 2025
emailmailnotificationnotifysignature
Safety Verdict
Is Notification : Signature Safe to Use in 2026?
Generally Safe
Score 100/100Notification : Signature has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
No known CVEs Updated 7mo ago
Risk Assessment
The 'signature-notification' plugin v4.0.0 exhibits a mixed security posture. On the positive side, its vulnerability history is clean, with no recorded CVEs, suggesting a commitment to security or a lack of past exploitation. The static analysis also shows a commendable use of prepared statements for all SQL queries and a significant percentage of properly escaped outputs. However, several concerning signals are present in the code analysis. The substantial number of 'dangerous functions' like `assert`, `exec`, and `unserialize` raises a red flag, as these can be exploited if not handled with extreme care and robust sanitization. Furthermore, the taint analysis reveals four flows with unsanitized paths, indicating potential avenues for data injection or manipulation, even if they were not classified as critical or high severity in this analysis. The complete absence of capability checks for any entry points, coupled with a lack of nonce checks on the single identified entry point, presents a significant risk for unauthorized actions.
Key Concerns
- High number of dangerous functions used
- Unsanitized paths in taint flows
- No capability checks on entry points
- Missing nonce checks on entry points
Vulnerabilities
None knownNotification : Signature Security Vulnerabilities
No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026Notification : Signature Code Analysis
Dangerous Functions
110
Raw SQL Queries
0
17 prepared
Unescaped Output
6
15 escaped
Nonce Checks
1
Capability Checks
0
File Operations
306
External Requests
2
Bundled Libraries
0
Dangerous Functions Found
assertassert(is_string($name));dependencies\composer\class-map-generator\src\PhpFileParser.php:84
assertassert($this->composer instanceof Composer);dependencies\composer\composer\src\Composer\Command\BaseCommand.php:107
execif (exec('which '.$candidate)) {dependencies\composer\composer\src\Composer\Command\ConfigCommand.php:240
systemsystem($editor . ' ' . $file . (Platform::isWindows() ? '' : ' > `tty`'));dependencies\composer\composer\src\Composer\Command\ConfigCommand.php:251
assertassert(is_string($match['name']));dependencies\composer\composer\src\Composer\Command\InitCommand.php:476
execexec('fltmc.exe filters', $output, $exitCode);dependencies\composer\composer\src\Composer\Command\SelfUpdateCommand.php:587
execexec('"'.$script.'"');dependencies\composer\composer\src\Composer\Command\SelfUpdateCommand.php:637
assertassert(isset($versions));dependencies\composer\composer\src\Composer\Command\ShowCommand.php:334
assertassert(is_string($require['name']));dependencies\composer\composer\src\Composer\Command\ShowCommand.php:1341
assertassert(is_string($require['version']));dependencies\composer\composer\src\Composer\Command\ShowCommand.php:1342
assertassert(is_string($match[1]));dependencies\composer\composer\src\Composer\Config.php:537
assertassert(is_string($matches[1]));dependencies\composer\composer\src\Composer\Console\HtmlOutputFormatter.php:87
assertassert(count($urls) > 0);dependencies\composer\composer\src\Composer\Downloader\FileDownloader.php:155
assertassert($this->composer instanceof Composer, new \LogicException('This should only be reached with a dependencies\composer\composer\src\Composer\EventDispatcher\EventDispatcher.php:134
assertassert($this->composer instanceof Composer, new \LogicException('This should only be reached with a dependencies\composer\composer\src\Composer\EventDispatcher\EventDispatcher.php:153
assertassert($this->composer instanceof Composer, new \LogicException('This should only be reached with a dependencies\composer\composer\src\Composer\EventDispatcher\EventDispatcher.php:171
assertassert(is_string($path[0]));dependencies\composer\composer\src\Composer\EventDispatcher\EventDispatcher.php:392
assertassert($this->composer instanceof Composer, new \LogicException('This should only be reached with a dependencies\composer\composer\src\Composer\EventDispatcher\EventDispatcher.php:580
assertassert($this->downloadManager instanceof DownloadManager, new \LogicException(self::class.' should bdependencies\composer\composer\src\Composer\Installer\LibraryInstaller.php:346
assertassert($this->composer instanceof Composer, new \LogicException(self::class.' should be initialized dependencies\composer\composer\src\Composer\Installer\PluginInstaller.php:139
assertassert(is_string($matches[1]));dependencies\composer\composer\src\Composer\IO\BufferIO.php:60
assertassert(is_string($matches[2]));dependencies\composer\composer\src\Composer\IO\BufferIO.php:61
assertassert(is_string($match[1]));dependencies\composer\composer\src\Composer\Json\JsonFormatter.php:76
assertassert(is_string($match[2]));dependencies\composer\composer\src\Composer\Json\JsonFormatter.php:77
assertassert(is_string($matches['start']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:79
assertassert(is_string($matches['value']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:80
assertassert(is_string($matches['end']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:81
assertassert(is_string($packageMatches['package']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:89
assertassert(is_string($match['start']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:271
assertassert(is_string($match['content']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:272
assertassert(is_string($match['end']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:273
assertassert(is_string($match['start']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:368
assertassert(is_string($match['content']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:369
assertassert(is_string($match['end']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:370
assertassert(is_string($match));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:396
assertassert(is_string($matches['content']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:442
assertassert(is_string($matches['start']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:513
assertassert(is_string($matches['removal']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:514
assertassert(is_string($matches['end']));dependencies\composer\composer\src\Composer\Json\JsonManipulator.php:515
assertassert(is_string($match[0]));dependencies\composer\composer\src\Composer\Package\Version\VersionBumper.php:102
assertassert(is_string($matches[1]));dependencies\composer\composer\src\Composer\Package\Version\VersionGuesser.php:414
assertassert(null !== $this->globalComposer);dependencies\composer\composer\src\Composer\Plugin\PluginManager.php:566
assertassert($baseUrl !== '');dependencies\composer\composer\src\Composer\Repository\ComposerRepository.php:185
assertassert(is_string($match[3]));dependencies\composer\composer\src\Composer\Repository\Vcs\GitHubDriver.php:71
assertassert(is_string($match[4]));dependencies\composer\composer\src\Composer\Repository\Vcs\GitHubDriver.php:72
assertassert(is_string($match['parts']));dependencies\composer\composer\src\Composer\Repository\Vcs\GitLabDriver.php:105
assertassert(is_string($match['repo']));dependencies\composer\composer\src\Composer\Repository\Vcs\GitLabDriver.php:106
assertassert(is_string($match['parts']));dependencies\composer\composer\src\Composer\Repository\Vcs\GitLabDriver.php:574
assertassert(is_string($match['repo']));dependencies\composer\composer\src\Composer\Repository\Vcs\GitLabDriver.php:575
assertassert($url !== '');dependencies\composer\composer\src\Composer\Util\ComposerMirror.php:48
assertassert(is_string($m[0]));dependencies\composer\composer\src\Composer\Util\Filesystem.php:616
assertassert($sourceHandle !== false, 'Could not open "'.$source.'" for reading.');dependencies\composer\composer\src\Composer\Util\Filesystem.php:913
assertassert($targetHandle !== false, 'Could not open "'.$target.'" for writing.');dependencies\composer\composer\src\Composer\Util\Filesystem.php:915
assertassert($aHandle !== false, 'Could not open "'.$a.'" for reading.');dependencies\composer\composer\src\Composer\Util\Filesystem.php:938
assertassert($bHandle !== false, 'Could not open "'.$b.'" for reading.');dependencies\composer\composer\src\Composer\Util\Filesystem.php:940
assertassert(isset($job['resolve']));dependencies\composer\composer\src\Composer\Util\HttpDownloader.php:321
assertassert(isset($job['reject']));dependencies\composer\composer\src\Composer\Util\HttpDownloader.php:322
assertassert(isset($this->jobs[$index]['exception']));dependencies\composer\composer\src\Composer\Util\HttpDownloader.php:426
assertassert(is_string($matches['var']));dependencies\composer\composer\src\Composer\Util\Platform.php:108
assertassert('' !== $matches['var']);dependencies\composer\composer\src\Composer\Util\Platform.php:109
assertassert(is_string($m['user']));dependencies\composer\composer\src\Composer\Util\ProcessExecutor.php:463
assertassert($downloader instanceof DownloaderInterface || $downloader instanceof DownloadManager);dependencies\composer\composer\src\Composer\Util\SyncHelper.php:40
assertassert($url !== '');dependencies\composer\composer\src\Composer\Util\Url.php:63
assertassert(is_string($m['user']));dependencies\composer\composer\src\Composer\Util\Url.php:118
proc_open$process = proc_open($cmd, [], $pipes);dependencies\composer\xdebug-handler\src\XdebugHandler.php:302
assertassert(\is_callable($canceller));dependencies\react\promise\src\functions.php:40
assertassert($callback instanceof \Closure || \is_string($callback));dependencies\react\promise\src\functions.php:279
assertassert($typeToMatch instanceof \ReflectionNamedType);dependencies\react\promise\src\functions.php:321
assertassert(isset($matches));dependencies\react\promise\src\functions.php:327
assertassert($type instanceof \ReflectionNamedType);dependencies\react\promise\src\functions.php:329
assertassert(\method_exists($cancellable, 'cancel'));dependencies\react\promise\src\Internal\CancellationQueue.php:51
assertassert($parent instanceof self);dependencies\react\promise\src\Promise.php:70
assertassert($callback instanceof \Closure || \is_string($callback));dependencies\react\promise\src\Promise.php:269
assertassert(isset($symbol));dependencies\seld\jsonlint\src\Seld\JsonLint\JsonParser.php:261
assertassert(isset($symbol));dependencies\seld\jsonlint\src\Seld\JsonLint\JsonParser.php:350
assertassert(\is_array($this->vstack[$len]));dependencies\seld\jsonlint\src\Seld\JsonLint\JsonParser.php:469
assertassert(\is_array($this->vstack[$len]));dependencies\seld\jsonlint\src\Seld\JsonLint\JsonParser.php:484
assertassert(\is_array($this->vstack[$len-2]));dependencies\seld\jsonlint\src\Seld\JsonLint\JsonParser.php:486
assertassert($this->vstack[$len-2] instanceof stdClass);dependencies\seld\jsonlint\src\Seld\JsonLint\JsonParser.php:510
assertassert(\is_array($this->vstack[$len-2]));dependencies\seld\jsonlint\src\Seld\JsonLint\JsonParser.php:549
proc_open$process = proc_open($command, $descriptorspec, $pipes);dependencies\seld\phar-utils\src\Linter.php:71
unserialize$value = unserialize($value);dependencies\symfony\cache\Adapter\ArrayAdapter.php:381
unserializeself::$signalingException ?? self::$signalingException = unserialize("O:9:\"Exception\":1:{s:16:\"\0dependencies\symfony\cache\LockRegistry.php:102
unserializeif (false !== $value = unserialize($value)) {dependencies\symfony\cache\Marshaller\DefaultMarshaller.php:82
shell_exec$sttyMode = shell_exec('stty -g');dependencies\symfony\console\Application.php:1009
shell_execshell_exec('stty '.$sttyMode);dependencies\symfony\console\Application.php:1013
proc_open$isTtySupported = (bool) @proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/dependencies\symfony\console\Cursor.php:189
shell_exec$sttyMode = shell_exec('stty -g');dependencies\symfony\console\Cursor.php:196
shell_execshell_exec('stty -icanon -echo');dependencies\symfony\console\Cursor.php:197
shell_execshell_exec(sprintf('stty %s', $sttyMode));dependencies\symfony\console\Cursor.php:203
shell_exec$sttyMode = shell_exec('stty -g');dependencies\symfony\console\Helper\QuestionHelper.php:267
shell_execshell_exec('stty -icanon -echo');dependencies\symfony\console\Helper\QuestionHelper.php:273
shell_execshell_exec('stty '.$sttyMode);dependencies\symfony\console\Helper\QuestionHelper.php:288
shell_execshell_exec('stty '.$sttyMode);dependencies\symfony\console\Helper\QuestionHelper.php:393
shell_exec$sExec = shell_exec('"'.$exe.'"');dependencies\symfony\console\Helper\QuestionHelper.php:433
shell_exec$sttyMode = shell_exec('stty -g');dependencies\symfony\console\Helper\QuestionHelper.php:445
shell_execshell_exec('stty -echo');dependencies\symfony\console\Helper\QuestionHelper.php:446
shell_execshell_exec('stty '.$sttyMode);dependencies\symfony\console\Helper\QuestionHelper.php:454
shell_execreturn self::$stty = (bool) shell_exec('stty 2> '.('\\' === \DIRECTORY_SEPARATOR ? 'NUL' : '/dev/nuldependencies\symfony\console\Terminal.php:74
proc_open$process = proc_open($command, $descriptorspec, $pipes, null, null, ['suppress_errors' => true]);dependencies\symfony\console\Terminal.php:163
execif ($php = strtok(exec($command.' '.escapeshellarg($php)), \PHP_EOL)) {dependencies\symfony\process\PhpExecutableFinder.php:41
proc_open$this->process = @proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $envdependencies\symfony\process\Process.php:355
proc_open$isTtySupported = (bool) @proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/dependencies\symfony\process\Process.php:1263
proc_openreturn $result = (bool) @proc_open('echo 1 >/dev/null', [['pty'], ['pty'], ['pty']], $pipes);dependencies\symfony\process\Process.php:1286
execexec(sprintf('taskkill /F /T /PID %d 2>&1', $pid), $output, $exitCode);dependencies\symfony\process\Process.php:1525
proc_open} elseif ($ok = proc_open(sprintf('kill -%d %d', $signal, $pid), [2 => ['pipe', 'w']], $pipes)) {dependencies\symfony\process\Process.php:1538
unserialize$wrappedInstance = [unserialize('C:'.\strlen($class).':"'.$class.'":0:{}')];dependencies\symfony\var-exporter\Instantiator.php:71
unserialize$wrappedInstance = [unserialize('O:'.\strlen($class).':"'.$class.'":0:{}')];dependencies\symfony\var-exporter\Instantiator.php:73
unserialize$objects[$k] = unserialize($v);dependencies\symfony\var-exporter\Internal\Registry.php:45
unserialize$proto = @unserialize($proto.\strlen($class).':"'.$class.'":0:{}');dependencies\symfony\var-exporter\Internal\Registry.php:96
SQL Query Safety
100% prepared17 total queries
Output Escaping
71% escaped21 total outputs
Data Flows
4 unsanitizedData Flow Analysis
4 flows4 with unsanitized paths
execute (dependencies\composer\composer\src\Composer\Command\SelfUpdateCommand.php:83)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
Notification : Signature Attack Surface
Entry Points0
Unprotected0
WordPress Hooks 5
Maintenance & Trust
Notification : Signature Maintenance & Trust
Maintenance Signals
WordPress version tested6.8.5
Last updatedAug 25, 2025
PHP min version
Downloads2K
Community Trust
Rating0/100
Number of ratings0
Active installs10
Alternatives
Notification : Signature Alternatives
Customize WordPress Emails and Alerts – Better Notifications for WP
bnfw
A
99
Supercharge your WordPress email notifications using a WYSIWYG editor and shortcodes. Default and new notifications available. Add-ons available.
30K 2 CVEs
Notification – Custom Notifications and Alerts for WordPress
notification
A
100
Take full control of WordPress emails and notifications. Replace default messages, add custom triggers, and send alerts via email, webhook, Slack, and …
10K 1 CVE
Email Notification on Login
email-notification-on-login
B
78
Receive an email after each successful login with the user information
1K 1 unpatched
Simple Login Notification
simple-login-notification
A
100
Sends a notification email when admins and other users log in to your site.
1K No CVEs
Post Status Notifier Lite
post-status-notifier-lite
A
90
Notify on every post change: Flexible rules, custom placeholders and support for all post types and taxonomies.
800 3 CVEs
Developer Profile
Notification : Signature Developer Profile
Kuba Mikita
9 plugins · 51K total installs
76
trust score
Avg Security Score
95/100
Avg Patch Time
237 days
Detection Fingerprints
How We Detect Notification : Signature
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
Asset Paths
/wp-content/plugins/signature-notification/assets/css/signature-notification.cssVersion Parameters
signature-notification/assets/css/signature-notification.css?ver=HTML / DOM Fingerprints
CSS Classes
signature-notification-wrapsignature-notification-containersignature-notification-editorsignature-notification-buttonsHTML Comments
<!-- signature-notification: add your signature below --><!-- signature-notification: signature wrapper -->Data Attributes
data-signature-iddata-signature-fielddata-signature-templateJS Globals
window.NotificationSignatureEditorShortcode Output
[signature_notification_editor][signature_notification_preview] FAQ