WP-Safety

Easy Popup Maker Security & Risk Analysis

wordpress.org/plugins/easy-popup-maker

This plugin will help you create effective marketing popups for your blog. Create the most optimal popup to boost your site sales.

30 active installs v1.4 PHP + WP 3.6+ Updated Nov 8, 2025
advertisinglightboxmarketingoptinpopup
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Easy Popup Maker Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Popup Maker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "easy-popup-maker" v1.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output. There's no recorded vulnerability history, which suggests a relatively stable and secure past.

However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers without any authentication checks, creating a considerable attack surface. Additionally, the taint analysis indicates two flows with unsanitized paths, and while no critical or high severity issues were identified in taint analysis, the presence of unsanitized paths is a potential entry point for malicious input. The lack of nonce checks on the AJAX handlers further exacerbates this risk.

In conclusion, while the plugin avoids common pitfalls like raw SQL injection and significant output escaping issues, the unprotected AJAX endpoints and unsanitized path flows are critical weaknesses. These present a notable risk that requires immediate attention, overshadowing the positive aspects of its SQL and output handling.

Key Concerns

  • AJAX handlers without authentication
  • Taint flows with unsanitized paths
  • Lack of nonce checks on AJAX
Vulnerabilities
None known

Easy Popup Maker Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy Popup Maker Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
113 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

88% escaped128 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
update_page (admin\crud.php:751)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Easy Popup Maker Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_CPWPWM_GET_SELECT_DATAadmin\crud.php:8
authwp_ajax_CPWPWM_save_post_tyoeadmin\crud.php:9

Shortcodes 1

[CPWPWM_MODAL] view.php:8
WordPress Hooks 16
actionadmin_menuadmin\crud.php:5
actionadmin_enqueue_scriptsadmin\crud.php:6
actionadmin_footeradmin\crud.php:7
actionadmin_initadmin\crud.php:11
actioninitadmin\post_type.php:44
actioninitpopup.php:39
actioninitview.php:6
actionwp_enqueue_scriptsview.php:7
actionwp_footerview.php:43
actionwp_footerview.php:59
actionwp_footerview.php:164
actionwp_footerview.php:182
actionwp_footerview.php:223
actionwp_footerview.php:245
actionwp_footerview.php:272
actionwp_footerview.php:312
Maintenance & Trust

Easy Popup Maker Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 8, 2025
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Easy Popup Maker Alternatives

Advanced Popups

Advanced Popups

advanced-popups

A
100

Display high-converting newsletter popups, a cookie notice, or a notification with the light-weight yet feature-rich plugin.

70K 1 CVE
Easy Notify Lite

Easy Notify Lite

easy-notify-lite

A
92

The best Popup Builder plugin to display image, video, notify or announcement with very ease and elegant.

400 5 CVEs
Epic Popup Creator

Epic Popup Creator

epic-popup-creator

A
85

An easy to use and light plugin for creating popup with user friendly interface.

0 No CVEs
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

A
96

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

A
91

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs
Developer Profile

Easy Popup Maker Developer Profile

wp-buy

13 plugins · 355K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
926 days
View full developer profile
Detection Fingerprints

How We Detect Easy Popup Maker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-popup-maker/assets/js/popup.js/wp-content/plugins/easy-popup-maker/assets/css/popup.css
Script Paths
/wp-content/plugins/easy-popup-maker/assets/js/popup.js
Version Parameters
easy-popup-maker/assets/js/popup.js?ver=easy-popup-maker/assets/css/popup.css?ver=

HTML / DOM Fingerprints

CSS Classes
radio_sellectedradio_sellected_posradio_image_posradio_image_iconradio_image_slid
Data Attributes
data-templatedata-popup-id
JS Globals
CPWPWM_POST_IDCPWPWM_POPUP_ID
REST Endpoints
/wp-json/cpwpwm/v1/get_popup_data
Shortcode Output
[easy_popup_maker id="[easy_popup_maker template="
FAQ

Frequently Asked Questions about Easy Popup Maker