Does Offer Popup have any unpatched vulnerabilities?

No. All known vulnerabilities in Offer Popup have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Offer Popup compatible with WordPress 4.7.32?

According to WordPress.org data, Offer Popup 1.0 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Offer Popup updated?

Offer Popup was last updated on Dec 27, 2016. Frequent updates are generally a positive security signal.

What is Offer Popup's security score?

Offer Popup has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Offer Popup Security & Risk Analysis

wordpress.org/plugins/offers-popup

This plugin lets you add multiple offers with date and URL.

20 active installs v1.0 PHP + WP 3.5+ Updated Dec 27, 2016

bannersmultiple-offersoffer-banners-in-popup-windowoffer-in-popup-windowoffers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Offer Popup Safe to Use in 2026?

Generally Safe

Score 85/100

Offer Popup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "offers-popup" v1.0 plugin exhibits a mixed security posture. On one hand, it boasts a zero attack surface regarding common entry points like AJAX handlers, REST API routes, and shortcodes, and all SQL queries are properly prepared. Furthermore, there are no known vulnerabilities (CVEs) associated with this plugin, suggesting a history of security maintenance or a lack of prior discovery. However, a significant concern arises from the taint analysis, which reveals four flows with unsanitized paths, all classified as high severity. This indicates a substantial risk of data being manipulated or injected by malicious actors. Compounding this, a complete lack of output escaping for all identified outputs is a critical weakness, making stored XSS or other output-based attacks highly probable. While the plugin has a clean vulnerability history and a small, well-contained attack surface, the identified taint flows and universal lack of output escaping present serious, exploitable security risks that need immediate attention.

Key Concerns

High severity unsanitized taint flows detected
No output escaping for any output
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Offer Popup Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Offer Popup Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared9 total queries

Output Escaping

0% escaped34 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

<manage_offer> (manage_offer.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Offer Popup Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionwp_footeroffers.php:135

actionadmin_menuoffers.php:143

actioninitoffers.php:148

Maintenance & Trust

Offer Popup Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedDec 27, 2016

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings3

Active installs20

Alternatives

Offer Popup Alternatives

Announcement & Notification Banner – Bulletin

bulletin-announcements

Publish a slick announcement banner notice across your website or Woocommerce shop. Extend with icons, countdowns, placement rules and more!

2K 5 CVEs

AdPlugg WordPress Ad Plugin

adplugg

100

Advertising is easy with AdPlugg. The AdPlugg WordPress Ad Plugin and ad server allow you to easily manage, schedule, rotate and track your ads.

500 1 CVE

Name Your Price: Make Your Own Offer for WooCommerce

price-offerings-for-woocommerce

100

Let customers name their own price on WooCommerce products & donations, offer flexible pricing options with NYOP & open pricing features.

400 No CVEs

WPSSO Schema Shipping Delivery Time for WooCommerce

wpsso-wc-shipping-delivery-time

100

Shipping delivery time estimates for WooCommerce shipping zones, methods, and classes.

300 No CVEs

MobiLoud – Smart App Banners

mobiloud-smart-app-banner

We created this plugin so that you can use Smart App Banners on your WordPress site to boost downloads for your iOS and Android app.

200 No CVEs

Developer Profile

Offer Popup Developer Profile

DotsquaresLtd

6 plugins · 110 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Offer Popup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/offers-popup/css/style.css/wp-content/plugins/offers-popup/css/offers.css/wp-content/plugins/offers-popup/js/offers.js

Version Parameters

offers-popup/style.css?ver=offers-popup/css/offers.css?ver=offers-popup/js/offers.js?ver=

HTML / DOM Fingerprints

CSS Classes

manage_offeroffer_labeloffer_inputoffererror

HTML Comments

Data Attributes

name="manage_offer"id="manage_offer"name="offer_name"id="offer_name"name="offer_start"id="offer_start"+10 more

JS Globals

offersjs

Shortcode Output

<div class="manage_offer"><div class="offer_label">Offer Name</div><div class="offer_input"><div class="offer_label">Offer Start</div>

FAQ