WP-Safety

Author Popup Security & Risk Analysis

wordpress.org/plugins/author-popup

A CSS popup will appear by hovering on an author link with user profile & social links.

10 active installs v1.0 PHP + WP 2.0+ Updated Aug 22, 2011
authorauthor-popupauthorpopupprofile-linkuser-popup
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Author Popup Safe to Use in 2026?

Generally Safe

Score 85/100

Author Popup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The "author-popup" v1.0 plugin presents a seemingly strong security posture based on the provided static analysis. It boasts zero AJAX handlers, REST API routes, shortcodes, or cron events, indicating a very small attack surface with no identified entry points. Furthermore, the code analysis reveals no dangerous functions, no file operations, no external HTTP requests, and critically, all SQL queries utilize prepared statements. The absence of vulnerability history, including CVEs, is also a positive indicator, suggesting a history of security awareness or fortunate circumstances.

However, a significant concern arises from the complete lack of output escaping. With 3 total outputs and 0% properly escaped, this plugin is highly vulnerable to Cross-Site Scripting (XSS) attacks. Any data processed or displayed by the plugin without proper sanitization can be injected by an attacker, potentially leading to session hijacking, credential theft, or defacement. The absence of nonce and capability checks further exacerbates this risk, as it implies that these potentially vulnerable outputs might be accessible without proper user authentication or authorization.

Key Concerns

  • Unescaped output detected
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Author Popup Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Author Popup Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped3 total outputs
Attack Surface

Author Popup Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
filterthe_author_posts_linkauthor-popup.php:194
actionwp_headauthor-popup.php:198
Maintenance & Trust

Author Popup Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedAug 22, 2011
PHP min version
Downloads8K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Author Popup Alternatives

Edit Author Slug

Edit Author Slug

edit-author-slug

A
100

Allows an admin (or capable user) to edit the author slug of a user, and change the author base.

100K No CVEs
WP Meta and Date Remover

WP Meta and Date Remover

wp-meta-and-date-remover

A
99

Remove meta author and date information from posts and pages. Hide from Humans and Search engines.SEO friendly and most advance plugin.

90K 2 CVEs
Simple Author Box

Simple Author Box

simple-author-box

A
99

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs
Co-Authors Plus

Co-Authors Plus

co-authors-plus

A
99

Assign multiple bylines to posts, pages, and custom post types with a search-as-you-type input box.

20K 1 CVE
Hide/Remove Metadata

Hide/Remove Metadata

hide-metadata

A
100

Hide/Remove Metadata is a free WordPress plugin that helps you hide author and published date either by CSS or PHP from your website effortlessly.

20K No CVEs
Developer Profile

Author Popup Developer Profile

karthikeyan_blaze

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Author Popup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/author-popup/img/twitter.png/wp-content/plugins/author-popup/img/facebook.png/wp-content/plugins/author-popup/img/youtube.png/wp-content/plugins/author-popup/img/starburst.gif
Script Paths
/wp-content/plugins/author-popup/javascript/ap.js
Version Parameters
author-popup/javascript/ap.js?ver=author-popup/css/ap_style.css?ver=

HTML / DOM Fingerprints

CSS Classes
bubbleInfotriggerpopuppopup-contents
HTML Comments
<!-- jQuery.noConflict(); jQuery(function () { jQuery('.bubbleInfo').each(function () { var distance = 1; var time = 250; var hideDelay = 500; var hideDelayTimer = null; var beingShown = false; var shown = false; var trigger = jQuery('.trigger', this); var info = jQuery('.popup', this).css('opacity', 0); jQuery([trigger.get(0), info.get(0)]).mouseover(function () { if (hideDelayTimer) clearTimeout(hideDelayTimer); if (beingShown || shown) { // don't trigger the animation again return; } else { // reset position of info box beingShown = true; info.css({ top: -58, right: -50, display: 'block' }).animate({ top: '-=' + distance + 'px', opacity: 1 }, time, 'swing', function() { beingShown = false; shown = true; }); } return false; }).mouseout(function () { if (hideDelayTimer) clearTimeout(hideDelayTimer); hideDelayTimer = setTimeout(function () { hideDelayTimer = null; info.animate({ top: '-=' + distance + 'px', opacity: 0 }, time, 'swing', function () { shown = false; info.css('display', 'none'); }); }, hideDelay); return false; }); }); }); //-->
Data Attributes
id="dpop"class="popup"id="topleft"class="corner"id="topright"class="corner"+13 more
JS Globals
jQuery
FAQ

Frequently Asked Questions about Author Popup