Spin Wheel Pop Up Security & Risk Analysis
wordpress.org/plugins/crazyrocket-pop-upsWheel and gamified popups for WooCommerce! Grow your email list and sales.
Is Spin Wheel Pop Up Safe to Use in 2026?
Generally Safe
Score 85/100Spin Wheel Pop Up has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "crazyrocket-pop-ups" v2.0.2 plugin presents a mixed security posture. On the positive side, the absence of known historical vulnerabilities and the exclusive use of prepared statements for SQL queries are good indicators of secure coding practices in those areas. The plugin also reports no dangerous functions, file operations, external HTTP requests, or bundled libraries, which reduces the potential attack vectors. However, the static analysis reveals significant security concerns that outweigh these strengths. A major red flag is the presence of two AJAX handlers that lack authentication checks, creating an unprotected attack surface. Furthermore, the fact that 0% of the 10 total output operations are properly escaped means that any data processed or displayed through these outputs is vulnerable to cross-site scripting (XSS) attacks. The lack of nonce checks and capability checks on the AJAX handlers further exacerbates the risk of unauthorized actions or data manipulation. The taint analysis showing no flows might be due to the limited scope of analysis or the specific nature of the code, but it doesn't negate the known vulnerabilities in the exposed AJAX endpoints and output handling.
Key Concerns
- AJAX handlers without authentication checks
- Unescaped output in all output operations
- AJAX handlers without nonce checks
- AJAX handlers without capability checks
Spin Wheel Pop Up Security Vulnerabilities
Spin Wheel Pop Up Code Analysis
Output Escaping
Spin Wheel Pop Up Attack Surface
AJAX Handlers 2
WordPress Hooks 5
Maintenance & Trust
Spin Wheel Pop Up Maintenance & Trust
Maintenance Signals
Community Trust
Spin Wheel Pop Up Alternatives
Spin Wheel – Interactive spinning wheel that offers coupons
spin-wheel
The Spin Wheel plugin allows you to engage your visitors with an interactive spinning wheel that offers coupons and other rewards.
Lucky Wheel for WooCommerce – Spin a Sale
woo-lucky-wheel
Engage customers with a fun spin-the-wheel game! Collect emails and reward them with discount coupons instantly.
Lucky Wheel Giveaway
wp-lucky-wheel
Collect customer's emails by spinning the lucky wheel game to get discount coupons.
Lucky Wheel Exit Intent Pop Up, Upsell Pop Up – Rafflys
rafflys-lucky-wheel
Increase your email opt-in rates and conversions with our fully customizable, exit intent popup, Lucky Wheel.
Ultimate Spin Wheel – Gamify Your Store & Boost Sales
ultimate-spin-wheel
Boost sales and capture leads with engaging spin-to-win popups. Reduce cart abandonment and increase conversions with customizable discount wheels.
Spin Wheel Pop Up Developer Profile
1 plugin · 100 total installs
How We Detect Spin Wheel Pop Up
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/crazyrocket-pop-ups/frontend/css/crazyrocket.css/wp-content/plugins/crazyrocket-pop-ups/frontend/js/crazyrocket.js/wp-content/plugins/crazyrocket-pop-ups/backend/js/crazyrocket.admin.js/wp-content/plugins/crazyrocket-pop-ups/backend/images/crazyrocket-icon.pnghttps://www.crazyrocket.io/home/installcrazyrocket-pop-ups/frontend/css/crazyrocket.css?ver=crazyrocket-pop-ups/frontend/js/crazyrocket.js?ver=crazyrocket-pop-ups/backend/js/crazyrocket.admin.js?ver=HTML / DOM Fingerprints
crazyrocket-signup-button<!-- This will be the popup content -->data-crazyrocket-iddata-crazyrocket-secretCrazyRocketAdmin