Welcome Popup Security & Risk Analysis

wordpress.org/plugins/custom-color-popup

text popup Requires at least: 3.3 Tested up to: 4.2.2 Stable tag: 1.0.1 License: GPLv2 or later Donate link: http://bdtheme.net

10 active installs v1.0.1 PHP + WP + Updated Mar 22, 2016
color-popupcustom-popuppopupwordpress-popup
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Welcome Popup Safe to Use in 2026?

Generally Safe

Score 85/100

Welcome Popup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "custom-color-popup" plugin v1.0.1 exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. The lack of file operations, external HTTP requests, and bundled libraries also contributes to a cleaner security profile. The taint analysis shows a low number of flows, with no critical or high severity unsanitized paths, which is encouraging.

However, the plugin's security is not without potential concerns. The complete absence of nonce checks and capability checks across all entry points, which are zero in this case, is a significant oversight. While there are no active entry points identified in this analysis, if any were to be introduced or if the analysis missed some, the lack of these fundamental security controls would be a critical vulnerability. The vulnerability history is also notably empty, with no recorded CVEs. While this is a positive indicator, it could also be due to the plugin's age or lack of extensive security auditing. A balanced conclusion is that the plugin is well-coded with good input/output handling for its current minimal footprint, but it lacks essential security layers that would be critical if its functionality were to expand.

Key Concerns

  • No capability checks on any entry points
  • No nonce checks on any entry points
Vulnerabilities
None known

Welcome Popup Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Welcome Popup Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Welcome Popup Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
18 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped19 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
bdtheme_popup_options_page (custom_content.php:123)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Welcome Popup Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 7
actionwp_enqueue_scriptscustom_content.php:19
actioninitcustom_content.php:28
actionadmin_enqueue_scriptscustom_content.php:39
actionadmin_menucustom_content.php:109
filterplugin_action_linkscustom_content.php:119
actionwpcustom_content.php:259
actionwp_headcustom_content.php:324
Maintenance & Trust

Welcome Popup Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedMar 22, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Welcome Popup Developer Profile

bikel

4 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Welcome Popup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-color-popup/js/popup.js
Script Paths
/wp-content/plugins/custom-color-popup/js/popup.js/wp-content/plugins/custom-color-popup/js/color-pickr.js
Version Parameters
custom-color-popup/js/popup.js?ver=custom-color-popup/js/color-pickr.js?ver=

HTML / DOM Fingerprints

CSS Classes
bdtheme-border-width
Data Attributes
id="bdtheme-background-color"id="bdtheme-bgbox-color"id="bdtheme-header-color"id="bdtheme-color"name="bdtheme_popup_submit"class="my-color-field"+10 more
JS Globals
window.bdtheme_popup_settings
FAQ

Frequently Asked Questions about Welcome Popup