WP-Safety

FireBox Popups – Increase Sales and Grow Your Email List Security & Risk Analysis

wordpress.org/plugins/firebox

Our WordPress Popup Plugin can help you create any kind of popup! Optin Popups, Exit Popup, Scroll Popup, Page Load Popup, Floating Bars and more!

8K active installs v3.1.5 PHP 7.0+ WP 5.5+ Updated Feb 19, 2026
exit-popupexit-intentmailchimp-popuppopupsticky-bar
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 27, 2025
Plugin page Download
Safety Verdict

Is FireBox Popups – Increase Sales and Grow Your Email List Safe to Use in 2026?

Generally Safe

Score 99/100

FireBox Popups – Increase Sales and Grow Your Email List has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 27, 2025Updated 2mo ago
Risk Assessment

The "firebox" v3.1.5 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to best practices in many areas, with a high percentage of SQL queries using prepared statements and outputs being properly escaped. The plugin also has a good number of nonce and capability checks, indicating awareness of authentication and authorization controls. The absence of bundled libraries and REST API routes further simplifies the attack surface.

However, several concerns warrant attention. The presence of 6 unprotected AJAX handlers represents a significant risk, as these can be entry points for unauthorized actions or data manipulation. While taint analysis found no critical or high-severity issues, the single flow with unsanitized paths could still lead to vulnerabilities if exploited. The historical vulnerability data shows one medium-severity CVE, which has been patched, but this suggests a past tendency towards certain types of vulnerabilities. The "unserialize" function is also a point of concern, as it can be a source of deserialization vulnerabilities if used with untrusted input.

In conclusion, while "firebox" v3.1.5 has commendable security implementations in many aspects, the unprotected AJAX endpoints and the potential risks associated with unserialization require immediate remediation. The plugin's vulnerability history, though currently clear of unpatched issues, should be monitored to ensure past patterns do not re-emerge.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function 'unserialize' used
  • Flow with unsanitized paths
  • Past medium severity CVE
Vulnerabilities
1 published

FireBox Popups – Increase Sales and Grow Your Email List Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-67545medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FireBox <= 3.1.0-free - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 27, 2025 Patched in 3.1.1-free (15d)
Version History

FireBox Popups – Increase Sales and Grow Your Email List Release Timeline

v3.1.5Current
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.01 CVE
CVE-2025-67545
v3.0.51 CVE
CVE-2025-67545
v3.0.41 CVE
CVE-2025-67545
v3.0.31 CVE
CVE-2025-67545
v3.0.21 CVE
CVE-2025-67545
v3.0.11 CVE
CVE-2025-67545
v3.0.01 CVE
CVE-2025-67545
v2.1.391 CVE
CVE-2025-67545
v2.1.381 CVE
CVE-2025-67545
v2.1.371 CVE
CVE-2025-67545
v2.1.361 CVE
CVE-2025-67545
v2.1.351 CVE
CVE-2025-67545
v2.1.341 CVE
CVE-2025-67545
v2.1.331 CVE
CVE-2025-67545
v2.1.321 CVE
CVE-2025-67545
Code Analysis
Analyzed Mar 17, 2026

FireBox Popups – Increase Sales and Grow Your Email List Code Analysis

Dangerous Functions
1
Raw SQL Queries
16
67 prepared
Unescaped Output
88
1651 escaped
Nonce Checks
38
Capability Checks
41
File Operations
80
External Requests
11
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->data = unserialize(serialize($this->data));Inc\Framework\Inc\Libs\Registry.php:90

SQL Query Safety

81% prepared83 total queries

Output Escaping

95% escaped1739 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

11 flows1 with unsanitized paths
maybeExportSubmsissions (Inc\Core\Admin\Admin.php:152)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

FireBox Popups – Increase Sales and Grow Your Email List Attack Surface

Entry Points54
Unprotected6

AJAX Handlers 54

authwp_ajax_firebox_onboarding_completeInc\Core\Admin\Admin.php:62
authwp_ajax_firebox_analytics_most_popular_campaignsInc\Core\Analytics\Ajax\Analytics.php:27
noprivwp_ajax_firebox_analytics_most_popular_campaignsInc\Core\Analytics\Ajax\Analytics.php:28
authwp_ajax_firebox_analytics_get_campaignInc\Core\Analytics\Ajax\Analytics.php:30
noprivwp_ajax_firebox_analytics_get_campaignInc\Core\Analytics\Ajax\Analytics.php:31
authwp_ajax_firebox_analytics_get_popular_view_itemsInc\Core\Analytics\Ajax\Analytics.php:33
noprivwp_ajax_firebox_analytics_get_popular_view_itemsInc\Core\Analytics\Ajax\Analytics.php:34
authwp_ajax_firebox_analytics_get_day_of_the_weekInc\Core\Analytics\Ajax\Analytics.php:36
noprivwp_ajax_firebox_analytics_get_day_of_the_weekInc\Core\Analytics\Ajax\Analytics.php:37
authwp_ajax_firebox_analytics_get_shared_dataInc\Core\Analytics\Ajax\Analytics.php:39
noprivwp_ajax_firebox_analytics_get_shared_dataInc\Core\Analytics\Ajax\Analytics.php:40
authwp_ajax_firebox_analytics_get_referrersInc\Core\Analytics\Ajax\Analytics.php:42
noprivwp_ajax_firebox_analytics_get_referrersInc\Core\Analytics\Ajax\Analytics.php:43
authwp_ajax_firebox_analytics_get_conversions_dataInc\Core\Analytics\Ajax\Analytics.php:45
noprivwp_ajax_firebox_analytics_get_conversions_dataInc\Core\Analytics\Ajax\Analytics.php:46
authwp_ajax_firebox_analytics_statsInc\Core\Analytics\Ajax\Main.php:25
noprivwp_ajax_firebox_analytics_statsInc\Core\Analytics\Ajax\Main.php:26
authwp_ajax_firebox_analytics_get_campaignsInc\Core\Analytics\Ajax\Main.php:28
noprivwp_ajax_firebox_analytics_get_campaignsInc\Core\Analytics\Ajax\Main.php:29
authwp_ajax_firebox_analytics_get_dropdown_campaignsInc\Core\Analytics\Ajax\Main.php:31
noprivwp_ajax_firebox_analytics_get_dropdown_campaignsInc\Core\Analytics\Ajax\Main.php:32
authwp_ajax_firebox_delete_campaignInc\Core\Analytics\Ajax\Main.php:34
noprivwp_ajax_firebox_delete_campaignInc\Core\Analytics\Ajax\Main.php:35
authwp_ajax_firebox_duplicate_campaignInc\Core\Analytics\Ajax\Main.php:37
noprivwp_ajax_firebox_duplicate_campaignInc\Core\Analytics\Ajax\Main.php:38
authwp_ajax_firebox_analytics_get_charts_dataInc\Core\Analytics\Ajax\Main.php:40
noprivwp_ajax_firebox_analytics_get_charts_dataInc\Core\Analytics\Ajax\Main.php:41
authwp_ajax_firebox_analytics_get_trending_templatesInc\Core\Analytics\Ajax\Main.php:43
noprivwp_ajax_firebox_analytics_get_trending_templatesInc\Core\Analytics\Ajax\Main.php:44
authwp_ajax_firebox_trackeventInc\Core\FB\Track.php:49
noprivwp_ajax_firebox_trackeventInc\Core\FB\Track.php:50
authwp_ajax_firebox_trackconversionInc\Core\FB\Track.php:53
noprivwp_ajax_firebox_trackconversionInc\Core\FB\Track.php:54
authwp_ajax_fb_get_integration_listsInc\Core\Form\Actions\Ajax.php:33
authwp_ajax_fb_connect_integrationInc\Core\Form\Actions\Ajax.php:34
authwp_ajax_fb_disconnect_integrationInc\Core\Form\Actions\Ajax.php:35
authwp_ajax_fb_form_submission_status_changeInc\Core\Form\Ajax.php:38
authwp_ajax_fb_form_submitInc\Core\Form\Ajax.php:40
noprivwp_ajax_fb_form_submitInc\Core\Form\Ajax.php:41
authwp_ajax_firebox_get_noticesInc\Core\Notices\Ajax.php:23
noprivwp_ajax_firebox_get_noticesInc\Core\Notices\Ajax.php:24
authwp_ajax_firebox_enable_usage_trackingInc\Core\Notices\Ajax.php:26
noprivwp_ajax_firebox_enable_usage_trackingInc\Core\Notices\Ajax.php:27
authwp_ajax_fpf_show_update_noticeInc\Framework\Inc\Admin\Includes\UpdateNotice.php:92
authwp_ajax_fpf_library_favorites_toggleInc\Framework\Inc\Admin\Library\Favorites.php:24
authwp_ajax_fpf_library_get_templatesInc\Framework\Inc\Admin\Library\Templates.php:26
authwp_ajax_fpf_library_refresh_templatesInc\Framework\Inc\Admin\Library\Templates.php:29
authwp_ajax_fpf_library_insert_templateInc\Framework\Inc\Admin\Library\Templates.php:32
authwp_ajax_fpf_on_geoip_ajaxInc\Framework\Inc\Base\Ajax\FPGeoIP.php:31
noprivwp_ajax_fpf_on_geoip_ajaxInc\Framework\Inc\Base\Ajax\FPGeoIP.php:32
authwp_ajax_fpf_searchdropdown_get_dataInc\Framework\Inc\Base\Ajax\SearchDropdownAjax.php:26
noprivwp_ajax_fpf_searchdropdown_get_dataInc\Framework\Inc\Base\Ajax\SearchDropdownAjax.php:27
authwp_ajax_fpf_searchdropdown_lazyload_resultsInc\Framework\Inc\Base\Ajax\SearchDropdownAjax.php:30
noprivwp_ajax_fpf_searchdropdown_lazyload_resultsInc\Framework\Inc\Base\Ajax\SearchDropdownAjax.php:31
WordPress Hooks 83
actionadmin_noticesfirebox.php:170
actionupgrader_process_completefirebox.php:191
actionfpf_initfirebox.php:195
actionplugins_loadedfirebox.php:200
actionadmin_headInc\Core\Admin\Admin.php:44
actionwp_trash_postInc\Core\Admin\Admin.php:46
actionuntrash_postInc\Core\Admin\Admin.php:47
actionadmin_enqueue_scriptsInc\Core\Admin\Admin.php:50
actioncurrent_screenInc\Core\Admin\Admin.php:53
actionfirebox/admin/contentInc\Core\Admin\Admin.php:55
actionadmin_initInc\Core\Admin\Admin.php:58
actionadmin_initInc\Core\Admin\Admin.php:59
actionsave_postInc\Core\Admin\Admin.php:76
actionadmin_enqueue_scriptsInc\Core\Admin\Admin.php:376
actionenqueue_block_assetsInc\Core\Admin\Admin.php:377
actionadmin_noticesInc\Core\Admin\Admin.php:381
actionadmin_enqueue_scriptsInc\Core\Admin\Admin.php:395
filteradmin_footer_textInc\Core\Admin\Admin.php:397
actionadmin_enqueue_scriptsInc\Core\Admin\Admin.php:552
filteradmin_body_classInc\Core\Admin\Admin.php:603
filterplugin_row_metaInc\Core\Admin\Admin.php:604
actionadmin_initInc\Core\Admin\AdminPageSettings.php:52
actionadmin_initInc\Core\Admin\Includes\Cpts\Firebox.php:38
filterdefault_titleInc\Core\Admin\Includes\Cpts\Firebox.php:41
actionadmin_action_fb_duplicate_post_as_draftInc\Core\Admin\Includes\Cpts\Firebox.php:44
actionadmin_action_fb_clear_cookieInc\Core\Admin\Includes\Cpts\Firebox.php:47
actiondelete_postInc\Core\Admin\Includes\Cpts\Firebox.php:50
actionload-firebox_page_firebox-campaignsInc\Core\Admin\Includes\Cpts\Firebox.php:52
filtersave_postInc\Core\Admin\Includes\Cpts\Firebox.php:54
filterwp_sitemaps_post_typesInc\Core\Admin\Includes\Cpts\Firebox.php:57
filterwpseo_sitemap_exclude_post_typeInc\Core\Admin\Includes\Cpts\Firebox.php:58
filterwp_robotsInc\Core\Admin\Includes\Cpts\Firebox.php:61
actioncurrent_screenInc\Core\Admin\Includes\Library.php:25
actionadmin_enqueue_scriptsInc\Core\Admin\Includes\Onboarding.php:50
actionadmin_footerInc\Core\Admin\Includes\UpgradeToPlanModal.php:32
actionenqueue_block_editor_assetsInc\Core\Admin\Media.php:28
actionenqueue_block_assetsInc\Core\Admin\Media.php:30
actionwp_enqueue_scriptsInc\Core\AdminBarMenu.php:36
actionadmin_enqueue_scriptsInc\Core\AdminBarMenu.php:37
actionadmin_bar_menuInc\Core\AdminBarMenu.php:40
actionrest_api_initInc\Core\API\API.php:30
actionenqueue_block_assetsInc\Core\Blocks.php:28
actionblock_categories_allInc\Core\Blocks.php:34
actionblock_categoriesInc\Core\Blocks.php:38
actionadmin_enqueue_scriptsInc\Core\Controllers\BaseController.php:28
actionfirebox/admin/contentInc\Core\Controllers\BaseController.php:34
actionfirebox/settings_pageInc\Core\Controllers\BoxImport.php:38
actionupdate_option_firebox_settingsInc\Core\Controllers\BoxSettings.php:36
actionfirebox/settings_pageInc\Core\Controllers\BoxSettings.php:47
filterfirebox/box/before_renderInc\Core\FB\Actions\ActionsBase.php:44
actionwp_enqueue_scriptsInc\Core\FB\Actions\ActionsBase.php:237
filterfirebox/box/before_renderInc\Core\FB\Actions\Sounds.php:25
actionwp_enqueue_scriptsInc\Core\FB\Box.php:174
actionwp_footerInc\Core\FB\Box.php:197
filterthe_contentInc\Core\FB\Box.php:464
filterrender_blockInc\Core\FB\BoxBlocksParser.php:23
filterrender_blockInc\Core\FB\BoxBlocksParser.php:25
filterget_post_metadataInc\Core\FB\Meta.php:25
actiontemplate_redirectInc\Core\Frontend.php:48
actionfpf_initInc\Core\Plugin.php:183
actionfpf_admin_initInc\Core\Plugin.php:186
actionadmin_menuInc\Core\Plugin.php:189
actionplugins_loadedInc\Core\Plugin.php:231
actionadmin_footerInc\Framework\Inc\Admin\Includes\UpgradeProModal.php:49
actionadmin_enqueue_scriptsInc\Framework\Inc\Admin\Library\Library.php:58
actionadmin_footerInc\Framework\Inc\Admin\Library\Library.php:109
actionadmin_footerInc\Framework\Inc\Admin\Library\Library.php:110
actionadmin_footerInc\Framework\Inc\Admin\Library\Library.php:111
actionrest_api_initInc\Framework\Inc\API\API.php:23
actionwp_enqueue_scriptsInc\Framework\Inc\Base\Block.php:89
actionenqueue_block_assetsInc\Framework\Inc\Base\Block.php:94
actionenqueue_block_editor_assetsInc\Framework\Inc\Base\Block.php:98
filteredd_fees_get_feesInc\Framework\Inc\Base\Conditions\Conditions\EDD\EDDBase.php:80
filteredd_get_cart_taxInc\Framework\Inc\Base\Conditions\Conditions\EDD\EDDBase.php:85
actionfpframework/admin/noticesInc\Framework\Inc\Framework.php:170
actionadmin_enqueue_scriptsInc\Framework\Inc\Framework.php:172
filterwoocommerce_product_data_store_cpt_get_products_queryInc\Framework\Inc\Helpers\DataProviders\WooCommerceProvider.php:110
filterfpframework/fields/searchdropdown/filter_get_search_items_idsInc\Framework\Inc\Helpers\FireBoxHelper.php:34
filtersafe_style_cssInc\Framework\Inc\Includes\AllowedCSSTags.php:23
actionwp_headInc\Framework\Inc\Libs\GoogleFontsRenderer.php:52
actionenqueue_block_editor_assetsInc\Framework\Inc\Libs\Media.php:23
actionadmin_enqueue_scriptsInc\Framework\Inc\Libs\Media.php:63
actioninitInc\Framework\init.php:94
Maintenance & Trust

FireBox Popups – Increase Sales and Grow Your Email List Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version7.0
Downloads188K

Community Trust

Rating98/100
Number of ratings74
Active installs8K
Alternatives

FireBox Popups – Increase Sales and Grow Your Email List Alternatives

Yeloni Exit Popup | (Free) GDPR Compliance

Yeloni Exit Popup | (Free) GDPR Compliance

yeloni-free-exit-popup

A
92

Powerful lead generation plugin that converts abandoning visitors into subscribers using exit intent, page level targeting & custom designs.

800 No CVEs
Popup with exit intent, scroll triggered and anchor click for opt-ins, lead gen & more

Popup with exit intent, scroll triggered and anchor click for opt-ins, lead gen & more

popper

A
100

A popup builder to increase Sales, Lead Generation, Conversion rates and receive good Call to Action with exit intent.

40 No CVEs
Exit Intent

Exit Intent

exit-intent

A
85

Exit Intent makes it insanely easy to convert abandoning visitors into subscribers, and sales! Reduce bounce rates and boost conversions.

10 No CVEs
Exit Intent Popups & Promo Bars by MaxTraffic

Exit Intent Popups & Promo Bars by MaxTraffic

exit-intent-pop-ups-by-maxtraffic

A
85

Make the most of your existing traffic! Generate leads, re-engage and sell more.

10 No CVEs
Kicklander

Kicklander

kicklander

A
85

Instantly convert & monetize your traffic using our platform to create no-code notifications that call to an action.

0 No CVEs
Developer Profile

FireBox Popups – Increase Sales and Grow Your Email List Developer Profile

FirePlugins

1 plugin · 8K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
15 days
View full developer profile
Detection Fingerprints

How We Detect FireBox Popups – Increase Sales and Grow Your Email List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/firebox/assets/css/admin/admin-main.css/wp-content/plugins/firebox/assets/css/admin/bootstrap.min.css/wp-content/plugins/firebox/assets/css/admin/firebox-wp-select.css/wp-content/plugins/firebox/assets/css/admin/font-awesome.min.css/wp-content/plugins/firebox/assets/css/admin/jquery.datetimepicker.css/wp-content/plugins/firebox/assets/css/admin/prettyPhoto.css/wp-content/plugins/firebox/assets/css/admin/select2.min.css/wp-content/plugins/firebox/assets/css/admin/style.css+12 more
Script Paths
/wp-content/plugins/firebox/assets/js/admin/admin-main.js/wp-content/plugins/firebox/assets/js/admin/bootstrap.min.js/wp-content/plugins/firebox/assets/js/admin/datepicker.js/wp-content/plugins/firebox/assets/js/admin/firebox-wp-select.js/wp-content/plugins/firebox/assets/js/admin/jquery.prettyPhoto.js/wp-content/plugins/firebox/assets/js/admin/select2.full.min.js+5 more
Version Parameters
firebox/assets/css/admin/admin-main.css?ver=firebox/assets/css/admin/bootstrap.min.css?ver=firebox/assets/css/admin/firebox-wp-select.css?ver=firebox/assets/css/admin/font-awesome.min.css?ver=firebox/assets/css/admin/jquery.datetimepicker.css?ver=firebox/assets/css/admin/prettyPhoto.css?ver=firebox/assets/css/admin/select2.min.css?ver=firebox/assets/css/admin/style.css?ver=firebox/assets/css/admin/toggle-switch.css?ver=firebox/assets/js/admin/admin-main.js?ver=firebox/assets/js/admin/bootstrap.min.js?ver=firebox/assets/js/admin/datepicker.js?ver=firebox/assets/js/admin/firebox-wp-select.js?ver=firebox/assets/js/admin/jquery.prettyPhoto.js?ver=firebox/assets/js/admin/select2.full.min.js?ver=firebox/assets/js/admin/switch.js?ver=firebox/assets/js/admin/tinymce.js?ver=firebox/assets/js/admin/validation.js?ver=firebox/assets/js/admin/wizard.js?ver=firebox/assets/js/common.js?ver=

HTML / DOM Fingerprints

CSS Classes
firebox-campaign-formfirebox-campaign-actionsfirebox-campaign-content
HTML Comments
<!-- Start FireBox Campaign Form --><!-- End FireBox Campaign Form --><!-- FireBox --><!-- FireBox Admin -->+13 more
Data Attributes
data-firebox-iddata-firebox-typedata-firebox-slug
JS Globals
firebox_localizefirebox_admin_params
REST Endpoints
/wp-json/firebox/v1/settings/wp-json/firebox/v1/campaigns/wp-json/firebox/v1/campaign
Shortcode Output
[firebox_form][firebox_campaign]
FAQ

Frequently Asked Questions about FireBox Popups – Increase Sales and Grow Your Email List