Popups – WordPress Popup Security & Risk Analysis
wordpress.org/plugins/conversion-popupPopups is the easiest way to create and manage powerful popups to gather leads, build your email list, offer discounts, and grow your sales.
Is Popups – WordPress Popup Safe to Use in 2026?
Generally Safe
Score 100/100Popups – WordPress Popup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "conversion-popup" plugin v1.4.66 exhibits a mixed security posture. On the positive side, there are no reported CVEs, no direct SQL queries to worry about as they are all prepared, and no apparent file operations or external HTTP requests that could be exploited. The absence of critical or high-severity taint flows is also a good indicator. However, a significant concern is the complete lack of output escaping, meaning all 10 identified output points are potentially vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, the plugin has zero nonce checks and only one capability check, which is insufficient for protecting its entry points, even though the static analysis reports zero unprotected entry points. This suggests a potential blind spot in the analysis or that the entry points might be indirect and not captured by the current analysis.
The vulnerability history is clean, which is encouraging, but it doesn't negate the immediate risks identified in the static analysis. The combination of a completely unescaped output and limited authorization checks on entry points presents a tangible risk. While the plugin appears to have a small attack surface based on the static analysis, the lack of proper output sanitization leaves it susceptible to XSS, which can lead to session hijacking, credential theft, or defacement. The limited capability checks further compound this risk.
Key Concerns
- Unescaped output (100% of outputs)
- Insufficient capability checks (only 1)
- No nonce checks
Popups – WordPress Popup Security Vulnerabilities
Popups – WordPress Popup Code Analysis
Output Escaping
Popups – WordPress Popup Attack Surface
WordPress Hooks 7
Maintenance & Trust
Popups – WordPress Popup Maintenance & Trust
Maintenance Signals
Community Trust
Popups – WordPress Popup Alternatives
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation
optinmonster
🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
popup-maker
Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.
Advanced Popups
advanced-popups
Display high-converting newsletter popups, a cookie notice, or a notification with the light-weight yet feature-rich plugin.
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
ays-popup-box
Build flexible popups and modal windows with multiple popup types, triggers, and display controls.
WP Popups – WordPress Popup builder
wp-popups-lite
WP Popups is the best popup maker for WordPress. Easy but powerful plugin with display filters, scroll-triggered popups, and Gutenberg block editor.
Popups – WordPress Popup Developer Profile
5 plugins · 540 total installs
How We Detect Popups – WordPress Popup
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/conversion-popup/socialintents.png/wp-content/plugins/conversion-popup/app-key.pnghttps://www.socialintents.com/api/unbounce/socialintents.jsHTML / DOM Fingerprints
sicp_widgetIDsicp_inputRegistersicp_registersicp_registerCompletesicp_noAccountSpansicp_enterwidget<!-- Conversion Popup by www.socialintents.com -->id="sicp_widgetID"id="sicp_email"id="sicp_name"id="sicp_password"id="sicp_inputRegister"id="sicp_registerComplete"+10 moresicp_wid