Batsignal Security & Risk Analysis
wordpress.org/plugins/batsignalULTRA Light plugin allowing to fire a popup from any page via a shortcode.
Is Batsignal Safe to Use in 2026?
Generally Safe
Score 100/100Batsignal has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The batsignal plugin v2.2.1 exhibits a generally strong security posture, particularly in its handling of SQL queries, where all identified queries utilize prepared statements, and the absence of dangerous functions, file operations, external HTTP requests, and any recorded vulnerabilities. The limited attack surface, with only one shortcode and no unprotected AJAX handlers or REST API routes, is a significant positive indicator. However, a notable concern arises from the low percentage of properly escaped output (19%), which presents a risk of Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce checks and capability checks across its entry points, combined with the low output escaping, suggests that while direct code execution or data manipulation via SQL might be well-protected, the plugin could be susceptible to client-side attacks if user-supplied data is not handled securely within its output rendering. The plugin's vulnerability history is clean, which is excellent, but it also means we have limited long-term behavioral data to draw upon. In conclusion, the plugin demonstrates good foundational security practices but requires attention to its output escaping mechanisms to mitigate potential XSS risks.
Key Concerns
- Low percentage of properly escaped output
- No nonce checks on entry points
- No capability checks on entry points
Batsignal Security Vulnerabilities
Batsignal Code Analysis
Output Escaping
Batsignal Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
Batsignal Maintenance & Trust
Maintenance Signals
Community Trust
Batsignal Alternatives
Alligator Popup
alligator-popup
Add popups to your site. Add links to pages/posts via a shortcode which will be opened in a popup browser window.
Image and Video Lightbox, Image PopUp
lightbox-popup
Image and Video Lightbox is an high customizable and responsive plugin for displaying images and videos in popup.
Alligator Menu Popup
alligator-menu-popup
Add the 'mpopup' class to a menu item in a custom menu to open the target in a popup Window.
Video Lightbox for YouTube/Vimeo
youtubefancybox
Embed YouTube/Vimeo videos in a lightbox popup. Easily create thumbnails and customize playback settings. Supports both platforms and is compatible wi …
Informational Popup Plugin
informational-popup
Informational Popup. Create dynamic foot notes, explore digressions, extend your posts.
Batsignal Developer Profile
7 plugins · 200 total installs
How We Detect Batsignal
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/batsignal/js/batsignal.js/wp-content/plugins/batsignal/css/batsignal.css/wp-content/plugins/batsignal/js/batsignal.modal.js/wp-content/plugins/batsignal/js/batsignal.js/wp-content/plugins/batsignal/js/batsignal.modal.jsbatsignal/js/batsignal.js?ver=batsignal/css/batsignal.css?ver=HTML / DOM Fingerprints
batsignal_gotham_ad_wrapbatsignal_gotham_ad_formbatsignal_gotham_ad_creditbatsignal_batbaseadminbatsignal_modal_closebatsignal_modal_contentbatsignal_modal_imgbatsignal_modal_wrap+1 more<!-- Batsignal : Plugin Ultra-Light pour lancer une Popup via le simple shortcode : [batsignal id='1' image_url='https://site.com/pics1.jpg' image_alt='My Pics' target_url='https://site.com/moneypage' target_b='' largeur='600' hauteur='400' trigger_unit='px' trigger='600' expires='3600'] -->data-bs-dismiss="modal"id="batsignal_batbaseadmin"batsignal_varsbatsignal_cookie_timebatsignal_triggerbatsignal_trigger_unitbatsignal_expiresbatsignal_image_url+6 more[batsignal]