Does Advanced Popups have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Popups have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Popups compatible with WordPress 6.9.4?

According to WordPress.org data, Advanced Popups 1.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Advanced Popups compatible with PHP 5.4+?

Advanced Popups requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Advanced Popups updated?

Advanced Popups was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Advanced Popups's security score?

Advanced Popups has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Popups Security & Risk Analysis

wordpress.org/plugins/advanced-popups

Display high-converting newsletter popups, a cookie notice, or a notification with the light-weight yet feature-rich plugin.

70K active installs v1.2.2 PHP 5.4+ WP 4.0+ Updated Dec 3, 2025

advertisingmarketingoptinpopuppopups

A · Safe

CVEs total1

Unpatched0

Last CVEJun 21, 2020

Download

Safety Verdict

Is Advanced Popups Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced Popups has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 21, 2020Updated 4mo ago

Risk Assessment

The "advanced-popups" plugin v1.2.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all its SQL queries and properly escaping the vast majority of its output. The absence of dangerous functions, file operations, and external HTTP requests are also strengths. Furthermore, the plugin has a history of only one past medium-severity CVE, which is now patched, indicating a generally responsible approach to addressing security issues.

However, significant concerns arise from the plugin's attack surface. With two AJAX handlers identified, both lacking authentication checks, there is a clear risk of unauthorized actions being performed. While the plugin implements nonce checks and capability checks on these handlers, the absence of *any* authentication check is a critical oversight that could potentially be exploited. The lack of taint analysis results does not necessarily mean there are no vulnerabilities, but it limits our understanding of how data flows within the plugin and if any sensitive data could be manipulated or exposed.

In conclusion, while the "advanced-popups" plugin has strengths in secure coding practices like prepared statements and output escaping, the unprotected AJAX handlers represent a substantial security weakness that should be addressed immediately. The plugin's past vulnerability history is somewhat reassuring, but the current lack of authentication on entry points is a more pressing and immediate concern.

Key Concerns

AJAX handlers without authentication checks
One medium CVE historically, now patched

Vulnerabilities

Advanced Popups Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-4421medium · 4.3Cross-Site Request Forgery (CSRF)

Advanced Popups <= 1.1.1 - Cross-Site Request Forgery Bypass

Jun 21, 2020 Patched in 1.1.2 (1311d)

Code Analysis

Analyzed Mar 16, 2026

Advanced Popups Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

145 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared1 total queries

Output Escaping

98% escaped148 total outputs

Attack Surface

2 unprotected

Advanced Popups Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_adp_popup_rules_objectsincludes\class-advanced-popups.php:155

authwp_ajax_adp_popup_rules_objectsincludes\class-advanced-popups.php:156

WordPress Hooks 8

actionplugins_loadedincludes\class-advanced-popups.php:139

actioninitincludes\class-advanced-popups.php:152

actionadd_meta_boxesincludes\class-advanced-popups.php:153

actionsave_postincludes\class-advanced-popups.php:154

actionadmin_enqueue_scriptsincludes\class-advanced-popups.php:157

actionwp_headincludes\class-advanced-popups.php:170

actionwp_footerincludes\class-advanced-popups.php:171

actionwp_enqueue_scriptsincludes\class-advanced-popups.php:172

Maintenance & Trust

Advanced Popups Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version5.4

Downloads631K

Community Trust

Rating80/100

Number of ratings9

Active installs70K

Alternatives

Advanced Popups Alternatives

Epic Popup Creator

epic-popup-creator

An easy to use and light plugin for creating popup with user friendly interface.

0 No CVEs

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs

HollerBox — Fast & Effective Popups & Lead-Generation

holler-box

Get more leads and sales with effective popups that convert! Integrate HollerBox with your favorite CRM and email marketing tools.

3K 2 CVEs

Easy Notify Lite

easy-notify-lite

The best Popup Builder plugin to display image, video, notify or announcement with very ease and elegant.

400 5 CVEs

Developer Profile

Advanced Popups Developer Profile

codesupplyco

5 plugins · 111K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1041 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Popups

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-popups/assets/css/backend.css/wp-content/plugins/advanced-popups/assets/css/frontend.css/wp-content/plugins/advanced-popups/assets/js/backend.js/wp-content/plugins/advanced-popups/assets/js/frontend.js/wp-content/plugins/advanced-popups/assets/js/advanced-popups.js

Script Paths

/wp-content/plugins/advanced-popups/assets/js/backend.js/wp-content/plugins/advanced-popups/assets/js/frontend.js/wp-content/plugins/advanced-popups/assets/js/advanced-popups.js

Version Parameters

advanced-popups/assets/css/backend.css?ver=advanced-popups/assets/css/frontend.css?ver=advanced-popups/assets/js/backend.js?ver=advanced-popups/assets/js/frontend.js?ver=advanced-popups/assets/js/advanced-popups.js?ver=

HTML / DOM Fingerprints

CSS Classes

adp-popup-wrapadp-popup-content-wrapperadp-popup-closeadp-popup-contentadp-popup-overlayadp-popup-notificationadp-popup-notification-bar

HTML Comments

+30 more

Data Attributes

data-adp-popup-typedata-adp-popup-locationdata-adp-popup-preview-imagedata-adp-popup-info-textdata-adp-popup-info-button-labeldata-adp-popup-info-button-action+26 more

JS Globals

AdvancedPopups

REST Endpoints

/wp-json/advanced-popups/v1/popups

FAQ