Does Custom Popup Builder for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Popup Builder for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Popup Builder for Elementor compatible with WordPress 5.2.24?

According to WordPress.org data, Custom Popup Builder for Elementor 1.0.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Custom Popup Builder for Elementor compatible with PHP 7.0+?

Custom Popup Builder for Elementor requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Custom Popup Builder for Elementor updated?

Custom Popup Builder for Elementor was last updated on Dec 19, 2019. Frequent updates are generally a positive security signal.

What is Custom Popup Builder for Elementor's security score?

Custom Popup Builder for Elementor has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Popup Builder for Elementor Security & Risk Analysis

wordpress.org/plugins/custom-popup-builder-for-elementor

You can bulid popup with any layout in drag&drop way, change its position and trigger event in few clicks.

10 active installs v1.0.0 PHP 7.0+ WP 4.9.8+ Updated Dec 19, 2019

animation-effectcustom-popupcustom-popup-builderelementorelementor-addons

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Custom Popup Builder for Elementor Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Popup Builder for Elementor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The plugin 'custom-popup-builder-for-elementor' v1.0.0 presents a significant security risk due to a large number of unprotected AJAX handlers. While the code shows good practices in SQL query handling and a lack of known historical vulnerabilities, the exposed AJAX endpoints create a broad attack surface. The analysis reveals 8 AJAX handlers that lack proper authentication checks, meaning any user, regardless of their role or logged-in status, could potentially trigger these functions. This is a critical oversight that could allow for unauthorized actions or information disclosure.

Further concerns arise from the taint analysis, which indicates 8 flows with unsanitized paths. While no critical or high severity issues were flagged in this specific run, the presence of unsanitized paths in conjunction with unprotected AJAX handlers strongly suggests a high likelihood of vulnerabilities. The limited output escaping (only 35% proper) also increases the risk of cross-site scripting (XSS) vulnerabilities, especially when combined with unsanitized input from the AJAX handlers.

The absence of historical vulnerabilities is positive, but it does not negate the immediate risks identified in the static and taint analysis. The plugin's strengths lie in its secure SQL implementation and lack of historical exploits. However, these are overshadowed by the critical security flaws in its AJAX endpoint handling and input sanitization, leading to a concerning security posture for this version.

Key Concerns

8 unprotected AJAX handlers
8 flows with unsanitized paths
Low output escaping (35%)
No nonce checks on AJAX

Vulnerabilities

None known

Custom Popup Builder for Elementor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Custom Popup Builder for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

40 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

35% escaped115 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths

custom_popup_builder_mailchimp_ajax (includes\ajax-handlers.php:35)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Custom Popup Builder for Elementor Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_custom_popup_builder_mailchimp_ajaxincludes\ajax-handlers.php:27

noprivwp_ajax_custom_popup_builder_mailchimp_ajaxincludes\ajax-handlers.php:28

authwp_ajax_custom_popup_builder_get_contentincludes\ajax-handlers.php:30

noprivwp_ajax_custom_popup_builder_get_contentincludes\ajax-handlers.php:31

authwp_ajax_custom_popup_builder_save_settingsincludes\settings.php:27

authwp_ajax_get_mailchimp_user_dataincludes\settings.php:29

authwp_ajax_get_mailchimp_listsincludes\settings.php:31

authwp_ajax_get_mailchimp_list_merge_fieldsincludes\settings.php:33

WordPress Hooks 44

actioninitcustom-popup-builder.php:45

actionadmin_menucustom-popup-builder.php:52

actionadmin_initcustom-popup-builder.php:54

actionadmin_enqueue_scriptscustom-popup-builder.php:55

actionadmin_initcustom-popup-builder.php:72

actionadmin_noticescustom-popup-builder.php:73

actionadmin_noticescustom-popup-builder.php:76

actionwp_enqueue_scriptsincludes\assets.php:23

actionadmin_enqueue_scriptsincludes\assets.php:25

actionadmin_enqueue_scriptsincludes\assets.php:27

actionadmin_enqueue_scriptsincludes\assets.php:29

actionelementor/frontend/before_enqueue_scriptsincludes\assets.php:31

actionelementor/editor/before_enqueue_scriptsincludes\assets.php:33

actionelementor/editor/after_enqueue_stylesincludes\assets.php:35

actionelementor/preview/enqueue_stylesincludes\assets.php:37

actionelementor/frontend/builder_content_dataincludes\conditions\manager.php:20

actionwp_trash_postincludes\conditions\manager.php:22

actionelementor/editor/footerincludes\conditions\manager.php:24

actionelementor/finder/categories/initincludes\elementor-finder\elementor-finder.php:12

filterpost_row_actionsincludes\export-import.php:14

actionadmin_action_custom_popup_builder_import_presetincludes\export-import.php:16

actionadmin_action_custom_popup_builder_create_from_presetincludes\export-import.php:18

actionadmin_initincludes\export-import.php:20

actionadmin_footerincludes\export-import.php:22

actionelementor/element/common/_section_style/after_section_endincludes\extension.php:30

actionelementor/frontend/widget/before_renderincludes\extension.php:32

actionelementor/frontend/before_enqueue_scriptsincludes\extension.php:34

actionwp_footerincludes\generator.php:38

actionwp_footerincludes\generator.php:40

actionelementor/frontend/before_enqueue_scriptsincludes\generator.php:42

actionelementor/initincludes\integration.php:12

actionelementor/widgets/widgets_registeredincludes\integration.php:14

actionelementor/controls/controls_registeredincludes\integration.php:16

filteroption_elementor_cpt_supportincludes\post-type.php:21

filterdefault_option_elementor_cpt_supportincludes\post-type.php:23

actionelementor/documents/registerincludes\post-type.php:25

actionwp_insert_postincludes\post-type.php:27

actiontemplate_includeincludes\post-type.php:29

actionadmin_footerincludes\post-type.php:35

actionadmin_menuincludes\post-type.php:38

actionadmin_menuincludes\settings.php:21

actionadmin_enqueue_scriptsincludes\settings.php:23

actionadmin_footerincludes\settings.php:25

filterposts_whereincludes\utils.php:130

Maintenance & Trust

Custom Popup Builder for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedDec 19, 2019

PHP min version7.0

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Custom Popup Builder for Elementor Alternatives

Onex Custom Popup Builder

onex-custom-popup-builder

You can bulid popup with any layout in drag&drop way, change its position and trigger event in few clicks.

0 No CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 22 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Developer Profile

Custom Popup Builder for Elementor Developer Profile

immonex

8 plugins · 440 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Custom Popup Builder for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-popup-builder-for-elementor/assets/css/cpbe-setup.css

HTML / DOM Fingerprints

CSS Classes

cwe-setupcwe-setup-contentemaildatasetupstore-setupstore-address-container

REST Endpoints

/wp-json/userdataget/pluginuserdataget

FAQ