Does Push Notifier for Firebase have any unpatched vulnerabilities?

No. All known vulnerabilities in Push Notifier for Firebase have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Push Notifier for Firebase compatible with WordPress 6.8.5?

According to WordPress.org data, Push Notifier for Firebase 1.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Push Notifier for Firebase compatible with PHP 7.4+?

Push Notifier for Firebase requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Push Notifier for Firebase updated?

Push Notifier for Firebase was last updated on Oct 14, 2025. Frequent updates are generally a positive security signal.

What is Push Notifier for Firebase's security score?

Push Notifier for Firebase has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Push Notifier for Firebase Security & Risk Analysis

wordpress.org/plugins/techvoot-app-firebase

Seamlessly integrate WordPress with Firebase Firestore for real-time sync & automated notifications. Ideal for eCommerce & membership sites! 🚀

10 active installs v1.0.3 PHP 7.4+ WP 5.0+ Updated Oct 14, 2025

firebasenotification

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Push Notifier for Firebase Safe to Use in 2026?

Generally Safe

Score 100/100

Push Notifier for Firebase has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The techvoot-app-firebase plugin version 1.0.3 exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities, including no known CVEs, which suggests a generally well-maintained codebase. The taint analysis shows no critical or high severity flows, and a good percentage (85%) of output is properly escaped. The SQL queries also show a reasonable adoption of prepared statements (61%).

However, significant concerns arise from the attack surface. With 5 AJAX handlers, a concerning 4 of them lack authentication checks. This represents a substantial entry point for potential unauthorized actions. While no direct dangerous functions were identified, the presence of file operations and external HTTP requests, combined with a lack of robust authentication on key entry points, could be leveraged by an attacker if specific vulnerabilities are discovered in how these functions are used. The plugin also bundles the Select2 library, which, if outdated, could introduce its own vulnerabilities.

In conclusion, while the absence of historical vulnerabilities and good output escaping practices are strengths, the lack of proper authorization on a majority of AJAX handlers is a critical weakness. This significantly increases the risk of privilege escalation or unauthorized data manipulation, even in the absence of identified critical flaws in the current version. Further investigation into the functionality of these unprotected AJAX endpoints is highly recommended.

Key Concerns

Unprotected AJAX handlers
Bundled library (Select2)
File operations detected
External HTTP requests detected

Vulnerabilities

None known

Push Notifier for Firebase Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Push Notifier for Firebase Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

178 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

61% prepared23 total queries

Output Escaping

85% escaped210 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

handle_firebase_config_form (classes\settings\class-tv-settings-configuration.php:264)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Push Notifier for Firebase Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 5

authwp_ajax_firebase_get_load_users_dataclasses\settings\class-tv-settings-firebase-user.php:27

authwp_ajax_get_tvfb_firebase_post_event_listnotification\notification-post.php:376

noprivwp_ajax_get_tvfb_firebase_post_event_listnotification\notification-post.php:379

authwp_ajax_tvfb_firebase_notification_category_listnotification\notification-post.php:382

noprivwp_ajax_tvfb_firebase_notification_category_listnotification\notification-post.php:385

WordPress Hooks 43

actionadmin_noticesclasses\class-tv-firebase.php:34

actionadmin_enqueue_scriptsclasses\class-tv2be-enqueue.php:76

actionadmin_enqueue_scriptsclasses\class-tv2be-enqueue.php:77

actionadmin_enqueue_scriptsclasses\class-tv2be-enqueue.php:78

actionadmin_footerclasses\class-tv2be-enqueue.php:79

actionadmin_footerclasses\class-tv2be-enqueue.php:80

actionwp_enqueue_scriptsclasses\class-tv2be-enqueue.php:82

actionwp_enqueue_styleclasses\class-tv2be-enqueue.php:83

actionwp_enqueue_scriptsclasses\class-tv2be-enqueue.php:84

actionget_footerclasses\class-tv2be-enqueue.php:85

actionget_footerclasses\class-tv2be-enqueue.php:86

actionwp_enqueue_scriptsclasses\class-tv2be-enqueue.php:489

actionadmin_enqueue_scriptsclasses\class-tv2be-enqueue.php:499

actionset_notification_cronjob_hookclasses\cron\class-tv-push-notification_cron.php:28

actioninitclasses\cron\class-tv-push-notification_cron.php:225

actionadmin_menuclasses\settings\class-tv-settings-configuration.php:29

actionadmin_menuclasses\settings\class-tv-settings-firebase-notifications-log-list.php:27

actionadmin_menuclasses\settings\class-tv-settings-firebase-user.php:23

actioninitclasses\settings\class-tv-settings-firebase-user.php:24

actioninitclasses\settings\class-tv-settings-firebase-user.php:25

actiontvfb_daily_user_sync_cronclasses\settings\class-tv-settings-firebase-user.php:26

actioninitclasses\settings\class-tv-settings-firebase-user.php:28

filtercron_schedulesclasses\settings\class-tv-settings-firebase-user.php:68

actionadmin_menuclasses\settings\class-tv-settings-page.php:29

actionTVFB_Post_tab_settings_formclasses\settings\tab-settings\class-techvoot-setting-tab.php:44

actionadmin_menuclasses\settings\tab-settings\class-techvoot-setting-tab.php:45

filtertv_settings_page_tabclasses\settings\tab-settings\class-techvoot-setting-tab.php:55

actionshow_user_profileclasses\settings\user\class-tv-user-settings-configuration.php:29

actionpersonal_options_updateclasses\settings\user\class-tv-user-settings-configuration.php:30

filtertv_firebase_deregister_admin_assetsincludes\enqueue-admin-assets.php:20

filtertv_firebase_admin_stylesincludes\enqueue-admin-assets.php:90

filtertv_firebase_admin_scriptsincludes\enqueue-admin-assets.php:167

actioninitnotification\notification-post.php:30

actionadd_meta_boxesnotification\notification-post.php:31

actionsave_postnotification\notification-post.php:32

actionplugins_loadedtechvoot-app-firebase.php:40

actionplugins_loadedtechvoot-app-firebase.php:54

actionadmin_inittechvoot-app-firebase.php:62

actionwp_enqueue_scriptstechvoot-app-firebase.php:119

actionadmin_enqueue_scriptstechvoot-app-firebase.php:120

actionadmin_enqueue_scriptstechvoot-app-firebase.php:157

filtercron_schedulestechvoot-app-firebase.php:219

actionset_notification_cronjob_hooktechvoot-app-firebase.php:244

Scheduled Events 2

tvfb_daily_user_sync_cron

set_notification_cronjob_hook

Maintenance & Trust

Push Notifier for Firebase Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 14, 2025

PHP min version7.4

Downloads739

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Push Notifier for Firebase Alternatives

FCM Push Notification from WP

fcm-push-notification-from-wp

Notify your users using Firebase Cloud Messaging (FCM) when content is published or updated.

600 No CVEs

Push notification for Mobile and Web app

push-notification-mobile-and-web-app

Push notification for Android, iOS and the Web

500 1 CVE

Push Notification for Post and BuddyPress

push-notification-for-post-and-buddypress

Send free push notifications for post/custom post, BuddyPress from WordPress sites or using mobile app webview and to generate PWA.

200 4 CVEs

pd Android FCM Push Notification

pd-android-fcm

100

pd Android FCM Push Notification is a plugin through which you can send push notifications directly from your WordPress site to android devices via Fi …

20 No CVEs

HI FCM

hi-fcm-firebase-cloud-messaging

This plugin gives you the ability to push notifications through Firebase Cloud Messaging

0 No CVEs

Developer Profile

Push Notifier for Firebase Developer Profile

Techvoot Solutions

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Push Notifier for Firebase

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/techvoot-app-firebase/assets/js/firebase.js/wp-content/plugins/techvoot-app-firebase/assets/css/datatable.css/wp-content/plugins/techvoot-app-firebase/assets/js/datatable.js

Script Paths

/wp-content/plugins/techvoot-app-firebase/assets/js/firebase.js/wp-content/plugins/techvoot-app-firebase/assets/js/datatable.js

Version Parameters

techvoot-app-firebase/assets/js/firebase.js?ver=techvoot-app-firebase/assets/css/datatable.css?ver=techvoot-app-firebase/assets/js/datatable.js?ver=

HTML / DOM Fingerprints

FAQ