WP-Safety

Popup Builder for Block Editor – FooConvert Security & Risk Analysis

wordpress.org/plugins/fooconvert

FooConvert is a powerful Popup, Bar, and Flyout Builder for WordPress that helps you turn more visitors into leads, subscribers, and customers.

20 active installs v1.2.6 PHP 7.4+ WP 6.5+ Updated Dec 15, 2025
barsconversionflyoutsmarketingpopups
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Popup Builder for Block Editor – FooConvert Safe to Use in 2026?

Generally Safe

Score 100/100

Popup Builder for Block Editor – FooConvert has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "fooconvert" v1.2.6 plugin exhibits a generally strong security posture, with good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of known CVEs and common vulnerability types in its history is a positive indicator. However, a significant concern arises from the presence of one unprotected AJAX handler within its attack surface. This creates a direct entry point for unauthenticated attackers to potentially interact with the plugin's functionality in unintended ways, which could lead to various exploits depending on the handler's implementation. The taint analysis, while limited in scope (3 flows), did reveal one flow with unsanitized paths, which, even without a critical or high severity rating, warrants attention as it indicates a potential area for path traversal or file inclusion vulnerabilities.

Key Concerns

  • Unprotected AJAX handler
  • Taint flow with unsanitized paths
  • Bundled library (Freemius v1.0) may be outdated
Vulnerabilities
None known

Popup Builder for Block Editor – FooConvert Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Popup Builder for Block Editor – FooConvert Release Timeline

v1.2.6Current
v1.2.3
v1.2.2
v1.1.1
v1.0.1
v1.0.0
v0.0.11
v0.0.10
v0.0.9
Code Analysis
Analyzed Apr 16, 2026

Popup Builder for Block Editor – FooConvert Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
32 prepared
Unescaped Output
16
317 escaped
Nonce Checks
5
Capability Checks
6
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared32 total queries

Output Escaping

95% escaped333 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
fetch_widget_stats (includes/Admin/Stats.php:65)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Popup Builder for Block Editor – FooConvert Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 4

authwp_ajax_fooconvert_dashboard_taskincludes/Admin/Dashboard.php:22
authwp_ajax_fooconvert_fetch_statsincludes/Admin/Stats.php:22
authwp_ajax_fooconvert_log_eventincludes/Ajax.php:19
noprivwp_ajax_fooconvert_log_eventincludes/Ajax.php:20
WordPress Hooks 52
actionfooconvert_admin_menu_before_post_typesincludes/Admin/Dashboard.php:19
actionadmin_enqueue_scriptsincludes/Admin/Dashboard.php:20
actionsave_postincludes/Admin/FooFields/Metabox.php:20
actionadmin_enqueue_scriptsincludes/Admin/FooFields/Metabox.php:23
actionadmin_initincludes/Admin/FooFields/Metabox.php:30
actionsave_postincludes/Admin/FooFields/Metabox.php:180
actionadmin_menuincludes/Admin/FooFields/SettingsPage.php:27
actionadmin_initincludes/Admin/FooFields/SettingsPage.php:30
actionadmin_enqueue_scriptsincludes/Admin/FooFields/SettingsPage.php:33
actionadmin_initincludes/Admin/Init.php:21
actionadmin_menuincludes/Admin/Init.php:22
actionin_admin_headerincludes/Admin/Init.php:23
actionadmin_enqueue_scriptsincludes/Admin/Init.php:24
filterblock_editor_settings_allincludes/Admin/Init.php:36
actioninitincludes/Admin/Promotions.php:18
filterfs_show_trial_fooconvertincludes/Admin/Promotions.php:20
actionadmin_initincludes/Admin/Promotions.php:21
actionfooconvert_admin_dashboard_rightincludes/Admin/Promotions.php:59
actionfooconvert_admin_dashboard_rightincludes/Admin/Promotions.php:63
actionfooconvert_widget_stats_html-metricsincludes/Admin/Promotions.php:64
filterfooconvert_widget_metric_optionsincludes/Admin/Promotions.php:65
filterfooconvert_editor_variations-fc-barincludes/Admin/Promotions.php:68
filterfooconvert_editor_variations-fc-flyoutincludes/Admin/Promotions.php:74
filterfooconvert_editor_variations-fc-popupincludes/Admin/Promotions.php:80
actionadmin_menuincludes/Admin/Stats.php:19
actionadmin_enqueue_scriptsincludes/Admin/Stats.php:20
actionadmin_initincludes/Admin/Stats.php:21
actionadmin_initincludes/Admin/Stats.php:23
actionadmin_footerincludes/Admin/Stats.php:24
filterfooconvert-widget-frontend-attributesincludes/Admin/Stats.php:25
actioninitincludes/Blocks/Base/BaseBlock.php:27
actionfooconvert_enqueued_editor_assetsincludes/Blocks/Base/BaseBlock.php:28
actionfooconvert_enqueued_editor_assetsincludes/Components/Base/BaseComponent.php:10
actioninitincludes/Cron.php:16
actionwp_after_insert_postincludes/DisplayRules.php:16
actiontemplate_redirectincludes/DisplayRules.php:17
actionwp_footerincludes/DisplayRules.php:18
actionwp_enqueue_scriptsincludes/DisplayRules.php:19
actionadmin_enqueue_scriptsincludes/DisplayRules.php:59
filterfooconvert_event_dataincludes/EventHooks.php:15
actionbefore_delete_postincludes/EventHooks.php:16
actionpost_updatedincludes/EventHooks.php:17
actioninitincludes/FooConvert.php:47
actionwp_enqueue_scriptsincludes/FooConvert.php:48
actionenqueue_block_assetsincludes/FooConvert.php:49
filterblock_categories_allincludes/FooConvert.php:50
actiontransition_post_statusincludes/FooConvert.php:51
filtersafe_style_cssincludes/FooConvert.php:226
actioninitincludes/Init.php:13
filterplugin_iconincludes/freemius.php:41
actionadmin_noticesincludes/startup-checks.php:56
actionadmin_noticesincludes/startup-checks.php:63
Maintenance & Trust

Popup Builder for Block Editor – FooConvert Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 15, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings3
Active installs20
Alternatives

Popup Builder for Block Editor – FooConvert Alternatives

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder

popup-maker

A
91

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs
SendPulse – Popup Builder for Email Optins, Lead Generation, Sticky Bars and Videos

SendPulse – Popup Builder for Email Optins, Lead Generation, Sticky Bars and Videos

sendpulse-popups

A
100

SendPulse Pop-ups plugin for WordPress. Create highly converting and mobile-friendly pop-ups, opt-in forms, exit popups, sticky bars, NPS surveys, etc

100 No CVEs
I Love PopUps Connector

I Love PopUps Connector

i-love-popups-connector

A
100

Lightweight connector that loads the official I Love PopUps script on your site using your Project ID.

0 No CVEs
Wing Popup

Wing Popup

wing-popup

A
100

Pop up everything you like! Easily create informative and promotional popups. Boost your sales, lead generation, and conversions rates.

0 No CVEs
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

A
96

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs
Developer Profile

Popup Builder for Block Editor – FooConvert Developer Profile

FooPlugins

5 plugins · 204K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
328 days
View full developer profile
Detection Fingerprints

How We Detect Popup Builder for Block Editor – FooConvert

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fooconvert/assets/css/fooconvert-admin.css/wp-content/plugins/fooconvert/assets/css/fooconvert-public.css/wp-content/plugins/fooconvert/assets/js/fooconvert-admin.js/wp-content/plugins/fooconvert/assets/js/fooconvert-public.js
Script Paths
/wp-content/plugins/fooconvert/assets/js/fooconvert-admin.js/wp-content/plugins/fooconvert/assets/js/fooconvert-public.js
Version Parameters
fooconvert/assets/css/fooconvert-admin.css?ver=fooconvert/assets/css/fooconvert-public.css?ver=fooconvert/assets/js/fooconvert-admin.js?ver=fooconvert/assets/js/fooconvert-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
fooconvert-admin-pagefooconvert-wrapperfooconvert-widget-areafooconvert-dashboard-panelfooconvert-settings-sectionfooconvert-modalfooconvert-spinnerfooconvert-tooltip
HTML Comments
<!-- FooConvert Admin Menu --><!-- FooConvert Dashboard Panel --><!-- FooConvert Settings Form --><!-- FooConvert Modal Window -->
Data Attributes
data-fooconvert-paneldata-fooconvert-widget-iddata-fooconvert-actiondata-fooconvert-nonce
JS Globals
fooconvert_admin_paramsfooconvert_public_params
REST Endpoints
/wp-json/fooconvert/v1/settings/wp-json/fooconvert/v1/widgets/wp-json/fooconvert/v1/stats
Shortcode Output
[fooconvert_form[fooconvert_popup[fooconvert_banner[fooconvert_optin_box
FAQ

Frequently Asked Questions about Popup Builder for Block Editor – FooConvert