Does WP Notifications Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Notifications Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Notifications Manager compatible with WordPress 3.9.40?

According to WordPress.org data, WP Notifications Manager 1.1 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is WP Notifications Manager updated?

WP Notifications Manager was last updated on Apr 22, 2014. Frequent updates are generally a positive security signal.

What is WP Notifications Manager's security score?

WP Notifications Manager has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Notifications Manager Security & Risk Analysis

wordpress.org/plugins/wp-notifications-manager

Manage new user registration & password change notifications.

20 active installs v1.1 PHP + WP 3.1+ Updated Apr 22, 2014

new-user-registrationnotificationspassword-change

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Notifications Manager Safe to Use in 2026?

Generally Safe

Score 85/100

WP Notifications Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "wp-notifications-manager" v1.1 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the lack of dangerous functions, file operations, external HTTP requests, and any recorded vulnerabilities in its history are all positive indicators of secure development practices.

However, a notable concern arises from the presence of a single SQL query that is not using prepared statements. This is a critical security risk that could lead to SQL injection vulnerabilities, especially if the query involves user-supplied input. The percentage of properly escaped output (62%) also suggests a potential for cross-site scripting (XSS) vulnerabilities in the remaining unescaped outputs, though the absence of taint analysis makes it difficult to quantify this risk precisely.

In conclusion, while the plugin benefits from a minimal attack surface and a clean vulnerability history, the unsanitized SQL query and the incomplete output escaping represent significant security weaknesses. Addressing these specific issues should be a priority to further harden the plugin's security.

Key Concerns

Raw SQL query without prepared statements
Improper output escaping (38% unescaped)

Vulnerabilities

None known

WP Notifications Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Notifications Manager Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

62% escaped13 total outputs

Attack Surface

WP Notifications Manager Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuoptions.php:3

actionadmin_initoptions.php:47

actionplugins_loadedwp-notifications-manager.php:47

Maintenance & Trust

WP Notifications Manager Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedApr 22, 2014

PHP min version

Downloads2K

Community Trust

Rating74/100

Number of ratings3

Active installs20

Alternatives

WP Notifications Manager Alternatives

Disable Email Notifications in WordPress 4.x for new user registration

disable-email-notifications-for-new-user-registration

This plugin disables the admin notifications that are sent to admin when a new user registers on the site.

30 No CVEs

Disable Admin Notices – Hide Dashboard Notifications

disable-admin-notices

Disable admin notices and hide dashboard notifications from plugins, themes and core. Hide all notices, selected ones, or show them in a single line.

100K 2 CVEs

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 2 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

ActiveCampaign Postmark for WordPress

postmark-approved-wordpress-plugin

The officially-supported ActiveCampaign Postmark plugin for Wordpress.

50K No CVEs

Developer Profile

WP Notifications Manager Developer Profile

Chad

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Notifications Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ