WP-Safety

Web Push Notification Security & Risk Analysis

wordpress.org/plugins/web-push-notification

Boost your readers engagement and send a smart Web Push Notification to your users each time you have new posts even if user is not surfing into your …

10 active installs v1.1 PHP + WP 3.9.0+ Updated Jun 25, 2016
chrome-notificationsengage-your-app-userspush-notificationsuser-interactionswordpress-plugin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Web Push Notification Safe to Use in 2026?

Generally Safe

Score 85/100

Web Push Notification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "web-push-notification" plugin v1.1 exhibits a seemingly strong security posture based on the static analysis. There are no identified dangerous functions, SQL queries are exclusively prepared, and there are no observed file operations or external HTTP requests. The absence of any recorded CVEs or known vulnerabilities further contributes to this positive assessment.

However, a significant concern arises from the extremely low percentage of properly escaped output (8%). This indicates a high potential for Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data, if not properly sanitized before being displayed, could be injected with malicious scripts. Furthermore, the complete lack of nonce checks and capability checks across all entry points (even though the attack surface is reported as zero) suggests a potential blind spot. If any entry points were to be discovered or introduced in future versions, they would be inherently unprotected against various attack vectors.

While the plugin has a clean vulnerability history, the low output escaping percentage and the absence of security checks on its (currently zero) attack surface are critical weaknesses. The lack of taint analysis data also prevents a complete picture of potential data flow risks. The plugin's strength lies in its lack of complex features and external dependencies, but the output escaping and absent security checks present a tangible risk.

Key Concerns

  • Low output escaping percentage
  • No nonce checks detected
  • No capability checks detected
Vulnerabilities
None known

Web Push Notification Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Web Push Notification Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
47
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

8% escaped51 total outputs
Attack Surface

Web Push Notification Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionplugins_loadedindex.php:17
actionadmin_enqueue_scriptswpn\wpn.php:22
actionload-post.phpwpn\wpn.php:23
actionload-post-new.phpwpn\wpn.php:24
actionadmin_menuwpn\wpn.php:25
actionwp_headwpn\wpn.php:26
Maintenance & Trust

Web Push Notification Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedJun 25, 2016
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Web Push Notification Alternatives

Push World

Push World

push-world

A
100

This plugin help send personal and mass push notifications. It also can return customers to abandoned WooCommerce cart through push notifications.

10 No CVEs
OneSignal – Web Push Notifications

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

A
98

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 2 CVEs
Country & Phone Field Contact Form 7

Country & Phone Field Contact Form 7

country-phone-field-contact-form-7

A
100

Add country drop down with flags and phone number with country phone extension fields in contact form 7.

40K No CVEs
Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation

Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation

gs-logo-slider

A
96

Logo Slider: The best responsive plugin for Logo Showcase, Logo Carousel, and displaying clients' logos. Includes shortcode generator with preview!

30K 5 CVEs
Site Offline Or Coming Soon Or Maintenance Mode

Site Offline Or Coming Soon Or Maintenance Mode

site-offline

C
56

Site Offline plugin manage your WordPress website in under construction or maintenance mode or coming soon or landing page.

30K 1 unpatched
Developer Profile

Web Push Notification Developer Profile

Bassem Rabia

5 plugins · 130 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Web Push Notification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/web-push-notification/js/web-push-notifications.js/wp-content/plugins/web-push-notification/css/web-push-notifications.css/wp-content/plugins/web-push-notification/css/web-push-notifications-admin.css/wp-content/plugins/web-push-notification/js/web-push-notifications-admin.js
Script Paths
wpn/js/web-push-notifications.jswpn/js/web-push-notifications-admin.js
Version Parameters
web-push-notifications-style?ver=web-push-notifications-script?ver=web-push-notifications-admin-style?ver=web-push-notifications-admin-script?ver=

HTML / DOM Fingerprints

CSS Classes
web-push-notificationsweb-push-notifications-overlaySendNotificationnotification-responsenotification-response-noticeWebPushNotifications_wrapWebPushNotifications_containeraccordion-header+2 more
HTML Comments
Web Push Notificationsbassem.rabia@gmail.com
Data Attributes
urldata-url
JS Globals
window._webPushApiwebPushApi
Shortcode Output
<div url="" class="SendNotification preview button"></div><div class="notification-response"></div>
FAQ

Frequently Asked Questions about Web Push Notification