Does WP Push Notifications have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Push Notifications have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Push Notifications compatible with WordPress 4.8.28?

According to WordPress.org data, WP Push Notifications 1.0.6 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is WP Push Notifications updated?

WP Push Notifications was last updated on Sep 11, 2017. Frequent updates are generally a positive security signal.

What is WP Push Notifications's security score?

WP Push Notifications has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Push Notifications Security & Risk Analysis

wordpress.org/plugins/wp-push-notifications

Send Push notifications from your own WordPress

10 active installs v1.0.6 PHP + WP 3.8+ Updated Sep 11, 2017

notificationweb-pushwordpress-pushwordpress-push-notificationwordpress-web-push

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Push Notifications Safe to Use in 2026?

Generally Safe

Score 85/100

WP Push Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "wp-push-notifications" v1.0.6 plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. While the plugin has no recorded vulnerabilities in its history, indicating a potentially stable past, the static analysis reveals weaknesses that could be exploited. The presence of 6 AJAX handlers, all without authentication checks, represents a substantial attack surface. Coupled with a low percentage of properly escaped outputs (27%), there is a high risk of cross-site scripting (XSS) and other injection vulnerabilities. The lack of extensive security checks in these entry points is a major red flag, despite the absence of critical taint flows or dangerous functions in this analysis. The plugin's strengths lie in its lack of bundled libraries and its current clean vulnerability history. However, the identified issues in its attack surface and output escaping practices necessitate immediate attention to prevent potential security incidents.

Key Concerns

Unprotected AJAX handlers
Low percentage of properly escaped outputs
Low percentage of SQL queries using prepared statements
Missing nonce checks on AJAX
Limited capability checks

Vulnerabilities

None known

WP Push Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP Push Notifications Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

25% prepared4 total queries

Output Escaping

27% escaped51 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<settings> (templates\menus\settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

WP Push Notifications Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_wppn_delete_subscriberincludes\functions.php:45

noprivwp_ajax_wppn_delete_subscriberincludes\functions.php:46

authwp_ajax_wppn_ajax_send_push_notificationsincludes\functions.php:74

noprivwp_ajax_wppn_ajax_send_push_notificationsincludes\functions.php:75

authwp_ajax_wppn_send_subscriptionincludes\functions.php:144

noprivwp_ajax_wppn_send_subscriptionincludes\functions.php:145

WordPress Hooks 14

actionadmin_menuincludes\classes\class-menus.php:13

actionsave_postincludes\functions.php:26

actionwp_footerincludes\functions.php:150

filtercron_schedulesincludes\functions.php:170

actionwppn_callback_action_dailyincludes\functions.php:180

actionwppn_callback_action_weeklyincludes\functions.php:190

actionwppn_callback_action_biweeklyincludes\functions.php:200

actionwppn_callback_action_monthlyincludes\functions.php:210

actionparse_requestincludes\sw-manager\class-wp-sw-manager-router.php:19

filterquery_varsincludes\sw-manager\class-wp-sw-manager-router.php:20

actionwp_enqueue_scriptsincludes\sw-manager\class-wp-sw-manager.php:130

actionadmin_enqueue_scriptswp-push-notifications.php:84

actionwp_enqueue_scriptswp-push-notifications.php:85

actionadmin_enqueue_scriptswp-push-notifications.php:86

Maintenance & Trust

WP Push Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedSep 11, 2017

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Push Notifications Alternatives

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

pushengage

100

Send order updates, recover abandoned carts, and boost retention with push notifications, WhatsApp automation + multichannel Chat widget.

10K No CVEs

Web Push Notifications – Webpushr

webpushr-web-push-notifications

Fastest growing & lightweight plugin for Web Push Notifications. Add browser push notifications to your WordPress & WooCommerce site.

10K 4 CVEs

Push Notifications for WP – Self Hosted Web Push Notifications

push-notification

100

Push Notifications for WP - Self Hosted Web Push Notifications makes it easy to send Web Push notifications to your users for FREE with 2 minutes setu …

6K No CVEs

Perfecty Push Notifications

perfecty-push-notifications

100

Push Notifications that are self-hosted, you don't need API keys to integrate with external Push Notifications providers that will charge you lat …

5K No CVEs

Gravitec.net – Web Push Notifications

gravitec-net-web-push-notifications

Easy-to-use and smart push notifications for your website. Increase subscriptions and repeat visits with minimal effort.

1K 1 CVE

Developer Profile

WP Push Notifications Developer Profile

pluginbazar

5 plugins · 100 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Push Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-push-notifications/assets/front/css/style.css/wp-content/plugins/wp-push-notifications/assets/global/css/font-awesome.css/wp-content/plugins/wp-push-notifications/assets/admin/css/style.css/wp-content/plugins/wp-push-notifications/assets/admin/js/scripts.js/wp-content/plugins/wp-push-notifications/assets/front/scripts.js

Script Paths

/wp-content/plugins/wp-push-notifications/assets/front/scripts.js/wp-content/plugins/wp-push-notifications/assets/admin/js/scripts.js

HTML / DOM Fingerprints

JS Globals

wppn_ajax

FAQ