Does Onex Custom Popup Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in Onex Custom Popup Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Onex Custom Popup Builder compatible with WordPress 5.2.24?

According to WordPress.org data, Onex Custom Popup Builder 1.0.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Onex Custom Popup Builder compatible with PHP 7.0+?

Onex Custom Popup Builder requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Onex Custom Popup Builder updated?

Onex Custom Popup Builder was last updated on Aug 28, 2019. Frequent updates are generally a positive security signal.

What is Onex Custom Popup Builder's security score?

Onex Custom Popup Builder has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Onex Custom Popup Builder Security & Risk Analysis

wordpress.org/plugins/onex-custom-popup-builder

You can bulid popup with any layout in drag&drop way, change its position and trigger event in few clicks.

0 active installs v1.0.0 PHP 7.0+ WP 4.9.8+ Updated Aug 28, 2019

animation-effectcustom-popupcustom-popup-builderelementorelementor-addons

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Onex Custom Popup Builder Safe to Use in 2026?

Generally Safe

Score 85/100

Onex Custom Popup Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The 'onex-custom-popup-builder' plugin version 1.0.0 exhibits significant security concerns primarily due to a large attack surface that is entirely unprotected by authentication checks. With 8 AJAX handlers identified, all of which lack proper authorization, an attacker could potentially trigger these functions without user interaction or authentication, leading to a range of malicious activities. The taint analysis revealing 8 flows with unsanitized paths, though not classified as critical or high, still points to potential vulnerabilities where user-supplied input might not be adequately handled before being used in sensitive operations, which can be a precursor to more severe issues.

While the plugin demonstrates strengths in other areas, such as using prepared statements for all SQL queries and a lack of known vulnerabilities in its history, these positives are overshadowed by the immediate risks presented by the unprotected AJAX endpoints. The absence of nonce checks on these critical entry points is a glaring oversight. The plugin's current security posture is therefore weak, necessitating urgent attention to secure its AJAX handlers. The low percentage of properly escaped output also raises concerns about Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

8 AJAX handlers without auth checks
8 flows with unsanitized paths
No nonce checks
Only 39% of outputs properly escaped

Vulnerabilities

None known

Onex Custom Popup Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Onex Custom Popup Builder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

48 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

39% escaped122 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths

custom_popup_builder_mailchimp_ajax (includes\ajax-handlers.php:35)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Onex Custom Popup Builder Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_custom_popup_builder_mailchimp_ajaxincludes\ajax-handlers.php:27

noprivwp_ajax_custom_popup_builder_mailchimp_ajaxincludes\ajax-handlers.php:28

authwp_ajax_custom_popup_builder_get_contentincludes\ajax-handlers.php:30

noprivwp_ajax_custom_popup_builder_get_contentincludes\ajax-handlers.php:31

authwp_ajax_custom_popup_builder_save_settingsincludes\settings.php:27

authwp_ajax_get_mailchimp_user_dataincludes\settings.php:29

authwp_ajax_get_mailchimp_listsincludes\settings.php:31

authwp_ajax_get_mailchimp_list_merge_fieldsincludes\settings.php:33

WordPress Hooks 39

actioninitcustom-popup-builder.php:44

actionadmin_noticescustom-popup-builder.php:46

actionwp_enqueue_scriptsincludes\assets.php:23

actionadmin_enqueue_scriptsincludes\assets.php:25

actionadmin_enqueue_scriptsincludes\assets.php:27

actionadmin_enqueue_scriptsincludes\assets.php:29

actionelementor/frontend/before_enqueue_scriptsincludes\assets.php:31

actionelementor/editor/before_enqueue_scriptsincludes\assets.php:33

actionelementor/editor/after_enqueue_stylesincludes\assets.php:35

actionelementor/preview/enqueue_stylesincludes\assets.php:37

actionelementor/frontend/builder_content_dataincludes\conditions\manager.php:20

actionwp_trash_postincludes\conditions\manager.php:22

actionelementor/editor/footerincludes\conditions\manager.php:24

actionelementor/finder/categories/initincludes\elementor-finder\elementor-finder.php:12

filterpost_row_actionsincludes\export-import.php:14

actionadmin_action_custom_popup_builder_import_presetincludes\export-import.php:16

actionadmin_action_custom_popup_builder_create_from_presetincludes\export-import.php:18

actionadmin_initincludes\export-import.php:20

actionadmin_footerincludes\export-import.php:22

actionelementor/element/common/_section_style/after_section_endincludes\extension.php:30

actionelementor/frontend/widget/before_renderincludes\extension.php:32

actionelementor/frontend/before_enqueue_scriptsincludes\extension.php:34

actionwp_footerincludes\generator.php:38

actionwp_footerincludes\generator.php:40

actionelementor/frontend/before_enqueue_scriptsincludes\generator.php:42

actionelementor/initincludes\integration.php:12

actionelementor/widgets/widgets_registeredincludes\integration.php:14

actionelementor/controls/controls_registeredincludes\integration.php:16

filteroption_elementor_cpt_supportincludes\post-type.php:21

filterdefault_option_elementor_cpt_supportincludes\post-type.php:23

actionelementor/documents/registerincludes\post-type.php:25

actionwp_insert_postincludes\post-type.php:27

actiontemplate_includeincludes\post-type.php:29

actionadmin_footerincludes\post-type.php:35

actionadmin_menuincludes\post-type.php:38

actionadmin_menuincludes\settings.php:21

actionadmin_enqueue_scriptsincludes\settings.php:23

actionadmin_footerincludes\settings.php:25

filterposts_whereincludes\utils.php:130

Maintenance & Trust

Onex Custom Popup Builder Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 28, 2019

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Onex Custom Popup Builder Alternatives

Custom Popup Builder for Elementor

custom-popup-builder-for-elementor

You can bulid popup with any layout in drag&drop way, change its position and trigger event in few clicks.

10 No CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 22 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Developer Profile

Onex Custom Popup Builder Developer Profile

immonex

8 plugins · 440 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Onex Custom Popup Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/onex-custom-popup-builder/assets/css/custom-popup-builder-frontend.css/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/anime-js/anime.min.js/wp-content/plugins/onex-custom-popup-builder/assets/js/custom-popup-builder-frontend.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/axios/axios.min.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/iview/locale/en-US.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/iview/iview.min.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/tippy/tippy.all.min.js/wp-content/plugins/onex-custom-popup-builder/assets/css/lib/iview/iview.css

Script Paths

/wp-content/plugins/onex-custom-popup-builder/assets/js/custom-popup-builder-frontend.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/anime-js/anime.min.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/axios/axios.min.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/iview/locale/en-US.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/iview/iview.min.js/wp-content/plugins/onex-custom-popup-builder/assets/js/lib/tippy/tippy.all.min.js

Version Parameters

custom-popup-builder-frontend?ver=custom-popup-builder-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

custom-popup-builder-frontendcustom-popup-builder-tippy

Data Attributes

data-custom-popup-builder-version

JS Globals

customPopupData

FAQ