[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4JQyAsF9N-ytPEY1cZyI9notMACESiM7moO1zkglwdQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":59,"fingerprints":127},"ss-fcm-notifications","Send FCM notifications","1.0","dselvainfotech","https:\u002F\u002Fprofiles.wordpress.org\u002Fdselvainfotech\u002F","\u003Cp>Easily send notifications to all of your android app user by using google Firebase Cloud Messaging key. No third-party service required. You can send custom message to all your android app user in a single click.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>Send Notifications to all of android app user :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Firebase Cloud Messaging (FCM)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Instant notifications.\u003C\u002Fstrong> Notifications appear as message alerts and even sound alerts.\u003C\u002Fp>\n\u003Ch4>Who Is This Plugin For?\u003C\u002Fh4>\n\u003Cp>This plugin is for mobile developers who do not want to develop their server-side back-end. Supporting push notifications is incredibly complicated. This plugin lets you focus on creating the apps, without the hassle. you can send custom notification to all of your android app user in a single click.\u003C\u002Fp>\n","Send notifications to all your Android app user without paying fees as it does not use third-party servers.",100,2480,80,1,"2018-01-09T08:10:00.000Z","4.9.29","3.4","",[20,21,22,23],"bulk-messaging-by-google-firebase","custom-firebase-messaging","google-firebase-cloud-messaging","send-message-to-all-android-app-user","http:\u002F\u002Fdselva.co.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fss-fcm-notifications.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,84,"2026-04-04T08:13:25.751Z",[36],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":46,"last_updated":18,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":56,"download_link":57,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":58},"pd-android-fcm","pd Android FCM Push Notification","1.1.8","Proficient Designers","https:\u002F\u002Fprofiles.wordpress.org\u002Fproficientdesigners\u002F","\u003Cp>pd Android FCM Push Notification is a plugin through which you can send push notifications directly from your WordPress site to android devices via \u003Ca href='https:\u002F\u002Ffirebase.google.com\u002F' rel=\"nofollow ugc\">Firebase Cloud Messaging\u003C\u002Fa> service. When a new blog is posted or existing blog is updated, a push notification sent to android device.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Included:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Can send push notification for each blog post.\u003C\u002Fli>\n\u003Cli>Even can send custom notifications to the registered devices.\u003C\u002Fli>\n\u003Cli>Devices are subscribed in category wise, so that the notifications can also be sent based on the category.\u003C\u002Fli>\n\u003Cli>Featured image support is available (above android version 4.4).\u003C\u002Fli>\n\u003Cli>Push notifications can be scheduled.\u003C\u002Fli>\n\u003Cli>A checkbox is available at the right side to choose whether to send push notification in post publish or update.\u003C\u002Fli>\n\u003Cli>For more documentation and screenshots, please visit \u003Ca href=\"https:\u002F\u002Fproficientdesigners.in\u002Fcreations\u002Fpd-android-fcm-push-notification\u002F\" rel=\"nofollow ugc\">proficientdesigners.in\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Demo:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_fffaw9fFwY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Using 3rd party service:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please note that this plugin is relying on a 3rd party service, which is the Google Firebase Cloud Messaging service (FCM) and your data is being sent through their servers via HTTP API \u003Cem>(https:\u002F\u002Ffcm.googleapis.com\u002Ffcm\u002Fsend)\u003C\u002Fem>. This is very legal to use the  Google Firebase Cloud Messaging service (FCM), based on their terms and conditions \u003Ca href='https:\u002F\u002Ffirebase.google.com\u002Fterms\u002F' rel=\"nofollow ugc\">https:\u002F\u002Ffirebase.google.com\u002Fterms\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Demo Android App:\u003C\u002Fstrong>\u003Cbr \u002F>\nWe have a demo android app in the Google Play Store for this plugin’s testing purpose. You can get the link from our official documentation page.\u003C\u002Fp>\n","pd Android FCM Push Notification is a plugin through which you can send push notifications directly from your WordPress site to android devices via Fi …",20,73124,2,"5.5.18","4.0","5.6",[51,52,53,54,55],"android-push-notification","fcm","google-firebase-cloud-messaging-service","push-notification","send-push-notification-from-wordpress-site-to-android-devices","https:\u002F\u002Fproficientdesigners.in\u002Fcreations\u002Fpd-android-fcm-push-notification\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpd-android-fcm.1.1.8.zip","2026-03-15T10:48:56.248Z",{"attackSurface":60,"codeSignals":72,"taintFlows":100,"riskAssessment":120,"analyzedAt":126},{"hooks":61,"ajaxHandlers":68,"restRoutes":69,"shortcodes":70,"cronEvents":71,"entryPointCount":27,"unprotectedCount":27},[62],{"type":63,"name":64,"callback":65,"file":66,"line":67},"action","admin_menu","ss_fcm","notifications.php",19,[],[],[],[],{"dangerousFunctions":73,"sqlUsage":74,"outputEscaping":76,"fileOperations":27,"externalRequests":14,"nonceChecks":46,"capabilityChecks":46,"bundledLibraries":99},[],{"prepared":27,"raw":27,"locations":75},[],{"escaped":77,"rawEcho":78,"locations":79},3,8,[80,84,86,88,90,92,95,97],{"file":81,"line":82,"context":83},"inc\\fcm-settings.php",28,"raw output",{"file":81,"line":85,"context":83},29,{"file":81,"line":87,"context":83},37,{"file":81,"line":89,"context":83},60,{"file":81,"line":91,"context":83},64,{"file":93,"line":94,"context":83},"inc\\send-msg.php",48,{"file":93,"line":96,"context":83},54,{"file":93,"line":98,"context":83},55,[],[101],{"entryPoint":102,"graph":103,"unsanitizedCount":27,"severity":119},"\u003Cfcm-settings> (inc\\fcm-settings.php:0)",{"nodes":104,"edges":116},[105,110],{"id":106,"type":107,"label":108,"file":81,"line":109},"n0","source","$_POST",7,{"id":111,"type":112,"label":113,"file":81,"line":114,"wp_function":115},"n1","sink","update_option() [Settings Manipulation]",12,"update_option",[117],{"from":106,"to":111,"sanitized":118},true,"low",{"summary":121,"deductions":122},"The ss-fcm-notifications plugin v1.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits the plugin's attack surface. Furthermore, the complete absence of dangerous functions, raw SQL queries, and critical or high-severity taint flows is highly positive. The plugin also demonstrates good practice by consistently using prepared statements for all its SQL queries and employing nonce and capability checks where relevant.\n\nHowever, a notable concern arises from the low percentage (27%) of properly escaped outputs. This indicates a potential risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed to users. While the plugin has no recorded vulnerability history, suggesting a lack of previously exploited weaknesses, the output escaping issue remains a latent risk that could be exploited.\n\nIn conclusion, the plugin has several security strengths, particularly in its limited attack surface and secure database interactions. Nevertheless, the insufficient output escaping is a significant weakness that requires attention to mitigate potential XSS risks. The lack of historical vulnerabilities is a positive indicator, but it does not negate the need to address the identified code-level concerns.",[123],{"reason":124,"points":125},"Low percentage of properly escaped output",6,"2026-03-16T21:15:05.436Z",{"wat":128,"direct":134},{"assetPaths":129,"generatorPatterns":131,"scriptPaths":132,"versionParams":133},[130],"\u002Fwp-content\u002Fplugins\u002Fss-fcm-notifications\u002Fimages\u002Fmail-icon.png",[],[],[],{"cssClasses":135,"htmlComments":136,"htmlAttributes":137,"restEndpoints":138,"jsGlobals":139,"shortcodeOutput":140},[],[],[],[],[],[]]