Does WP Notification Bell have any unpatched vulnerabilities?

Yes — WP Notification Bell currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Notification Bell compatible with WordPress 6.9.4?

According to WordPress.org data, WP Notification Bell 1.4.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Notification Bell compatible with PHP 5.6+?

WP Notification Bell requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Notification Bell updated?

WP Notification Bell was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is WP Notification Bell's security score?

WP Notification Bell has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Notification Bell Security & Risk Analysis

wordpress.org/plugins/wp-notification-bell

On-site bell notifications. Display notifications custom or triggered (new posts/cpts, WooCommerce order updates, new comment replies, bbPress...)

800 active installs v1.4.7 PHP 5.6+ WP 4.0+ Updated Mar 2, 2026

alertbbpressbuddypressnotificationswoocommerce

B · Generally Safe

CVEs total1

Unpatched1

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is WP Notification Bell Safe to Use in 2026?

Mostly Safe

Score 78/100

WP Notification Bell is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 5, 2025Updated 1mo ago

Risk Assessment

The wp-notification-bell plugin v1.4.7 exhibits a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and proper output escaping, there are significant concerns. The presence of an unprotected AJAX handler significantly increases the attack surface, as it allows unauthenticated users to interact with a potentially vulnerable part of the plugin. Furthermore, the taint analysis reveals four high-severity flows with unsanitized paths, indicating potential for serious vulnerabilities if these flows are exploitable by attackers. The vulnerability history shows a known medium severity CVE that is currently unpatched, along with a recent vulnerability date, suggesting potential ongoing security issues that require prompt attention. Overall, the plugin has strengths in its defensive coding practices but is weakened by critical weaknesses in authentication and data sanitization, compounded by an unpatched historical vulnerability.

Key Concerns

Unprotected AJAX handler found
High severity unsanitized taint flows
Unpatched CVE found (medium severity)
Dangerous function 'unserialize' used
Bundled Freemius v1.0 library

Vulnerabilities

WP Notification Bell Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58821medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Notification Bell <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Notification Bell Code Analysis

Dangerous Functions

Raw SQL Queries

52 prepared

Unescaped Output

396 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$recipients = ( count( $results ) > 0 ? unserialize( $results[0]['usernames'] ) : false );admin\admin.php:356

Bundled Libraries

Freemius1.0

SQL Query Safety

95% prepared55 total queries

Output Escaping

92% escaped431 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

14 flows4 with unsanitized paths

process_wnbell_options (admin\admin.php:86)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Notification Bell Attack Surface

Entry Points7

Unprotected1

AJAX Handlers 5

authwp_ajax_wnbell_seen_notification_ajaxincludes\menu_bell.php:10

authwp_ajax_wnbell_list_ajax_menuincludes\menu_bell.php:11

authwp_ajax_wnbell_list_ajaxincludes\shortcode.php:7

noprivwp_ajax_wnbell_list_ajax_visitor_menuincludes\visitor_menu_bell.php:5

noprivwp_ajax_wnbell_list_ajax_visitorincludes\visitor_shortcode.php:6

Shortcodes 2

[wp-notification-bell] includes\shortcode.php:5

[wp-notification-bell-logged-out] includes\visitor_shortcode.php:5

WordPress Hooks 34

actionadmin_menuadmin\admin.php:4

actionadmin_initadmin\admin.php:5

actionsave_postadmin\admin.php:7

filtermanage_edit-wnbell_notifications_columnsadmin\admin.php:13

actionmanage_wnbell_notifications_posts_custom_columnadmin\admin.php:14

actionadd_meta_boxes_postadmin\admin.php:15

actionadd_meta_boxesadmin\admin.php:16

actionsave_post_postadmin\admin.php:22

actionadmin_head-edit.phpadmin\admin.php:28

actiontrashed_postadmin\admin.php:30

actionadmin_enqueue_scriptsadmin\admin.php:78

actionadmin_post_save_wnbell_optionsadmin\admin.php:82

actiondelete_postadmin\admin.php:83

actiontransition_post_statusadmin\admin.php:835

filterthe_titleadmin\admin.php:866

actionwnbell_custom_post_type_notificationadmin\admin_cpt.php:4

actionwnbell_adding_custom_meta_boxesadmin\admin_cpt.php:149

actionbbp_new_replyincludes\bbpress.php:5

filterwnbell_user_notifications_outputincludes\buddypress.php:5

actioncomment_postincludes\comments.php:4

actiontransition_comment_statusincludes\comments.php:10

actionwp_footerincludes\floating_icon.php:4

filterwalker_nav_menu_start_elincludes\helpers.php:4

filterwp_nav_menu_itemsincludes\menu_bell.php:4

actionwp_headincludes\outputs.php:4

actionwp_enqueue_scriptsincludes\outputs.php:13

actionwp_enqueue_scriptsincludes\shortcode.php:6

actioninitincludes\updates.php:5

actionwoocommerce_order_status_changedincludes\woocommerce.php:6

actionplugins_loadedwp-notification-bell.php:68

actionbefore_woocommerce_initwp-notification-bell.php:81

filteris_submenu_visiblewp-notification-bell.php:93

actioninitwp-notification-bell.php:129

actionafter_uninstallwp-notification-bell.php:130

Maintenance & Trust

WP Notification Bell Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version5.6

Downloads26K

Community Trust

Rating98/100

Number of ratings12

Active installs800

Alternatives

WP Notification Bell Alternatives

Ultimate Push Notifications

ultimate-push-notifications

Receive push notification on Mobile / Desktop from WooCommerce / Multi-vendor (Dokan, WCFM), BuddyPress, WordPress events and more.

60 3 unpatched

Sales Notifications for WooCommerce – Recent Sales Popup

wc-live-sale-notifications

100

Sales Notifications for WooCommerce - Recent Sales Popup boosts sales by showing recent orders in a popup with customer and product details.

50 No CVEs

E-goi SMS Orders Alert/Notifications

sms-orders-alertnotifications-for-woocommerce

100

SMS Order Alerts for WooCommerce: Increase conversions by sending status, shipping, and Multibanco/PagSeguro payment reminders via SMS.

20 No CVEs

MyBotify

mybotify

100

Send automatic WhatsApp notifications for orders, updates, and more. Perfect for WooCommerce stores and WordPress sites!

10 No CVEs

User Notifications

user-notifications

Easily display a notification bell with a badge count in your WordPress menu to notify users of new updates, promotions, and more.

10 No CVEs

Developer Profile

WP Notification Bell Developer Profile

wpdever

2 plugins · 1K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect WP Notification Bell

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-notification-bell/css/style.css/wp-content/plugins/wp-notification-bell/js/main.js

Version Parameters

wp-notification-bell/style.css?ver=wp-notification-bell/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

wnbell-bell-icon

JS Globals

wnbell_ajax_object

FAQ

WP Notification Bell Security & Risk Analysis

Is WP Notification Bell Safe to Use in 2026?

Mostly Safe

Key Concerns

WP Notification Bell Security Vulnerabilities

CVEs by Year

Severity Breakdown

WP Notification Bell Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WP Notification Bell Attack Surface

AJAX Handlers 5

Shortcodes 2

WP Notification Bell Maintenance & Trust

Maintenance Signals

Community Trust

WP Notification Bell Alternatives

Ultimate Push Notifications

Sales Notifications for WooCommerce – Recent Sales Popup

E-goi SMS Orders Alert/Notifications

MyBotify

User Notifications

WP Notification Bell Developer Profile

How We Detect WP Notification Bell

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Notification Bell