Does Onclick Popup have any unpatched vulnerabilities?

No. All known vulnerabilities in Onclick Popup have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Onclick Popup compatible with WordPress 6.4.8?

According to WordPress.org data, Onclick Popup 7.2 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Onclick Popup updated?

Onclick Popup was last updated on Oct 29, 2023. Frequent updates are generally a positive security signal.

What is Onclick Popup's security score?

Onclick Popup has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Onclick Popup Security & Risk Analysis

wordpress.org/plugins/onclick-popup

WordPress onclick Popup plugin will create a popup message to your website. The popup will appear on text click so it is named on-click popup.

100 active installs v7.2 PHP + WP 3.5+ Updated Oct 29, 2023

onclickpopupwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Onclick Popup Safe to Use in 2026?

Generally Safe

Score 85/100

Onclick Popup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "onclick-popup" v7.2 plugin exhibits a generally positive security posture with several good practices in place. The absence of known CVEs and no critical or high severity taint flows are strong indicators of a well-maintained codebase. The high percentage of prepared statements for SQL queries (95%) and the presence of nonce checks (4) further contribute to its security. The limited attack surface, with only one shortcode and no unprotected AJAX handlers or REST API routes, is also a positive sign.

However, a significant concern lies in the output escaping, with only 41% of outputs being properly escaped. This leaves a considerable portion of the plugin's output potentially vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, while there are nonce checks, the complete absence of capability checks on any entry points (AJAX, REST API, shortcodes) is a notable weakness. This means that any user, regardless of their role or permissions, could potentially trigger functionalities within the plugin, increasing the risk of unauthorized actions or data manipulation.

In conclusion, "onclick-popup" v7.2 benefits from a lack of historical vulnerabilities and a contained attack surface. The developers have implemented some crucial security measures like prepared statements and nonce checks. Nevertheless, the insufficient output escaping and the complete lack of capability checks represent significant areas for improvement to mitigate potential security risks effectively.

Key Concerns

Insufficient output escaping (41%)
Missing capability checks on entry points

Vulnerabilities

None known

Onclick Popup Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Onclick Popup Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared22 total queries

Output Escaping

41% escaped74 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

<content-management-show> (pages\content-management-show.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Onclick Popup Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[onclick-popup] onclick-popup.php:161

WordPress Hooks 5

actioninitonclick-popup.php:312

actionadmin_menuonclick-popup.php:316

actionplugins_loadedonclick-popup.php:345

actionplugins_loadedonclick-popup.php:346

actionadmin_enqueue_scriptsonclick-popup.php:349

Maintenance & Trust

Onclick Popup Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedOct 29, 2023

PHP min version

Downloads55K

Community Trust

Rating60/100

Number of ratings3

Active installs100

Alternatives

Onclick Popup Alternatives

Email Subscription Popup

email-subscribe

This plugin shows you a beautiful newsletter subscription popup when someone enter to your site. You can even use widget that allow email subscription …

1K 7 CVEs

Modal Maker – An Elementor Modal Widget

modal-maker

An Elementor widget plugin which adds a customizable button that triggers a modal popup, perfect for displaying additional content or options in a sty …

100 No CVEs

PopPop

poppop

Easily display your widgets inside modal and popup windows.

80 No CVEs

Ultimate Sticky Popup & Widgets

ultimate-sticky-popup-widgets

100

Ultimate Sticky Popup & Widgets is a simple, easy and fully-customizable WordPress plugin used to add popup on fixed position like bottom left, bo …

70 No CVEs

Conversions Popup Widget

conversions-popup-widget

Proof your business results! Show in an animated popup your last conversions loaded from a Google Spreadsheet!

10 No CVEs

Developer Profile

Onclick Popup Developer Profile

gopi_plus

8 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

1046 days

View full developer profile

Detection Fingerprints

How We Detect Onclick Popup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/onclick-popup/onclick-popup.css

HTML / DOM Fingerprints

CSS Classes

PopUpFadClose

JS Globals

PopUpFadOpenPopUpFadCloseX

Shortcode Output

[onclick-popup]

FAQ