WP-Safety

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content Security & Risk Analysis

wordpress.org/plugins/brave-popup-builder

The best drag-and-drop Popup Builder for WordPress. Create Popups, exit-intent popups, slide-ins, and lead generation forms & Woocommerce popups i …

20K active installs v0.8.5 PHP 7.2.24+ WP 5.2+ Updated Jan 26, 2026
lead-generationpopuppopupswoocommerce-popupwordpress-popup
92
A · Safe
CVEs total5
Unpatched0
Last CVEDec 23, 2025
Plugin page Download
Safety Verdict

Is Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content Safe to Use in 2026?

Generally Safe

Score 92/100

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 23, 2025Updated 2mo ago
Risk Assessment

The static analysis of brave-popup-builder v0.8.5 presents a seemingly strong security posture with zero identified attack surface points, dangerous functions, or unsanitized taint flows. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and properly escaping all output. File operations and external HTTP requests are also absent, further reducing potential risks.

However, this positive static analysis is overshadowed by a concerning vulnerability history. The plugin has a total of 5 known CVEs, with 1 high and 4 medium severity vulnerabilities. The types of past vulnerabilities, including Missing Authorization, CSRF, XSS, and SSRF, indicate a pattern of significant security weaknesses in previous versions. While there are currently no unpatched vulnerabilities, the presence of these past issues and the recency of the last reported vulnerability (December 2025) suggest a history of security flaws that require vigilance. The absence of any identified issues in the current version's static analysis might be misleading given the plugin's track record. Therefore, a proactive approach to security updates and ongoing monitoring is strongly recommended.

Key Concerns

  • 5 known CVEs, 1 high, 4 medium severity
  • Common vulnerability types: Missing Auth, CSRF, XSS, SSRF
  • Last vulnerability in 2025, indicates recent past issues
Vulnerabilities
5

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
3 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2025-68508medium · 5.3Missing Authorization

Brave <= 0.8.3 - Missing Authorization

Dec 23, 2025 Patched in 0.8.4 (14d)
CVE-2024-43337medium · 4.3Cross-Site Request Forgery (CSRF)

Brave Popup Builder <= 0.7.0 - Cross-Site Request Forgery

Aug 16, 2024 Patched in 0.7.1 (4d)
CVE-2024-35655medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content <= 0.6.9 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 3, 2024 Patched in 0.7.0 (72d)
CVE-2024-30453high · 7.2Server-Side Request Forgery (SSRF)

Brave Popup Builder <= 0.6.5 - Unauthenticated Server-Side Request Forgery

Mar 28, 2024 Patched in 0.6.6 (7d)
CVE-2023-51534medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Brave Popup Builder <= 0.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 27, 2023 Patched in 0.6.3 (27d)
Code Analysis
Analyzed Mar 16, 2026

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actioninitincludes.php:12
actionwp_loadedincludes.php:27
actionplugins_loadedindex.php:18
Maintenance & Trust

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 26, 2026
PHP min version7.2.24
Downloads547K

Community Trust

Rating96/100
Number of ratings207
Active installs20K
Alternatives

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content Alternatives

YITH WooCommerce Popup

YITH WooCommerce Popup

yith-woocommerce-popup

A
97

Create and customize your popup windows using templates carefully designed by YITH.

2K 2 CVEs
Aspexi Sweet Popups

Aspexi Sweet Popups

aspexi-sweet-popups

A
85

Simple popups plugin based on Sweet Alert that automatically centers itself on the page and looks great on all devices.

50 No CVEs
CocoPopup – Gutenberg Popup Builder for WordPress

CocoPopup – Gutenberg Popup Builder for WordPress

cocopopup

A
100

Create powerful popups in WordPress with CocoPopup – a flexible Gutenberg popup builder for marketing, WooCommerce & more.

40 No CVEs
Ampry – Create Popups, Notifications, Sticky bars & more

Ampry – Create Popups, Notifications, Sticky bars & more

ampry-pixel

A
85

Turn you website traffic into more leads & sales with our easy-to-use tool. Create popups, forms, bars, notifications, & onpage placements to &hellip;

10 No CVEs
OptinAble – Popup Builder, Stickybars, Slide-in, WordPress Lead Generation & Email List Building

OptinAble – Popup Builder, Stickybars, Slide-in, WordPress Lead Generation & Email List Building

optinable

A
100

OptinAble The ultimate Free WP plugin for collecting email subscribers. With our easy-to-use interface, and built-in templates, you can create beautif &hellip;

10 No CVEs
Developer Profile

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content Developer Profile

Brave

1 plugin · 20K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
25 days
View full developer profile
Detection Fingerprints

How We Detect Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/brave-popup-builder/assets/css/bravepop-frontend.css/wp-content/plugins/brave-popup-builder/assets/css/bravepop-editor.css/wp-content/plugins/brave-popup-builder/assets/js/bravepop-frontend.js/wp-content/plugins/brave-popup-builder/assets/js/bravepop-editor.js/wp-content/plugins/brave-popup-builder/assets/js/bravepop-builder.js
Script Paths
brave-popup-builder/assets/js/bravepop-frontend.jsbrave-popup-builder/assets/js/bravepop-editor.jsbrave-popup-builder/assets/js/bravepop-builder.js
Version Parameters
brave-popup-builder/assets/css/bravepop-frontend.css?ver=brave-popup-builder/assets/css/bravepop-editor.css?ver=brave-popup-builder/assets/js/bravepop-frontend.js?ver=brave-popup-builder/assets/js/bravepop-editor.js?ver=brave-popup-builder/assets/js/bravepop-builder.js?ver=

HTML / DOM Fingerprints

CSS Classes
bravepop-frontend-containerbravepop-editor-containerbravepop-builder-wrapper
HTML Comments
<!-- Brave Popup Builder End --><!-- Brave Popup Builder Start -->
Data Attributes
data-bravepop-iddata-bravepop-typedata-bravepop-animation
JS Globals
bravepop_frontend_paramsbravepop_editor_paramsbravepop_builder_paramsbrave_popup_builder_ajax_url
Shortcode Output
[bravepop]
FAQ

Frequently Asked Questions about Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content