WP-Safety

Popping Sidebars and Widgets Light Security & Risk Analysis

wordpress.org/plugins/popping-sidebars-and-widgets-light

Create custom popping layouts with sidebars and widgets in just a few clicks.

90 active installs v1.27 PHP + WP 3.6+ Updated Apr 1, 2022
custom-layoutcustom-sidebarsfull-barlightboxopen-close-events
41
D · High Risk
CVEs total2
Unpatched2
Last CVEDec 26, 2025
Plugin page Download
Safety Verdict

Is Popping Sidebars and Widgets Light Safe to Use in 2026?

High Risk

Score 41/100

Popping Sidebars and Widgets Light carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Dec 26, 2025Updated 4yr ago
Risk Assessment

The "popping-sidebars-and-widgets-light" v1.27 plugin exhibits a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries, a significant concern lies in its attack surface. A large proportion of its AJAX handlers (11 out of 11) lack authentication checks, presenting a clear vulnerability for unauthorized actions. Additionally, the presence of the `unserialize` function, a known vector for remote code execution if not handled with extreme care, further elevates risk. The plugin's vulnerability history is particularly worrying, with two known medium-severity CVEs, both of which remain unpatched. These past vulnerabilities, specifically Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), along with the current lack of proper output escaping on a substantial percentage of outputs (61%), suggest a consistent pattern of input sanitization and output encoding deficiencies. The outdated bundled jQuery library also contributes to potential vulnerabilities. While the plugin has strengths like prepared SQL statements, the high number of unprotected entry points, the use of `unserialize`, and the unpatched historical vulnerabilities create a considerable security risk.

Key Concerns

  • Unprotected AJAX handlers
  • Unpatched medium severity CVEs (x2)
  • Dangerous function: unserialize
  • Insufficient output escaping
  • Bundled outdated library: jQuery v1.8.3
  • Missing capability checks
Vulnerabilities
2

Popping Sidebars and Widgets Light Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-69007medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Popping Sidebars and Widgets Light <= 1.27 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 26, 2025Unpatched
CVE-2025-58853medium · 4.3Cross-Site Request Forgery (CSRF)

Popping Sidebars and Widgets Light <= 1.27 - Cross-Site Request Forgery

Sep 5, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Popping Sidebars and Widgets Light Code Analysis

Dangerous Functions
5
Raw SQL Queries
0
0 prepared
Unescaped Output
182
118 escaped
Nonce Checks
2
Capability Checks
0
File Operations
3
External Requests
2
Bundled Libraries
3

Dangerous Functions Found

unserialize$value = unserialize( urldecode( $value ) );include\otw_components\otw_functions\otw_functions.php:600
unserialize$templates_array = unserialize( $templates );include\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:115
unserializeinclude\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:307
unserializeinclude\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:337
unserializeif( !$saved_templates_array ){include\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:374

Bundled Libraries

Select2jQuery1.8.3TinyMCE

Output Escaping

39% escaped300 total outputs
Attack Surface
11 unprotected

Popping Sidebars and Widgets Light Attack Surface

Entry Points13
Unprotected11

AJAX Handlers 11

authwp_ajax_otw_grid_manager_column_dialoginclude\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:49
authwp_ajax_otw_grid_manager_save_templateinclude\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:50
authwp_ajax_otw_grid_manager_delete_templateinclude\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:51
authwp_ajax_otw_grid_manager_load_templateinclude\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:52
authwp_ajax_otw_overlay_shortcode_editor_dialoginclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:171
authwp_ajax_otw_overlay_shortcode_get_codeinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:172
authwp_ajax_otw_overlay_shortcode_live_previewinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:173
authwp_ajax_otw_overlay_shortcode_live_reloadinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:174
authwp_ajax_otw_overlay_shortcode_preview_shortcodesinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:175
authwp_ajax_otw_overlay_shortcode_preview_front_shortcodesinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:176
authwp_ajax_otw_pswl_admin_settingsotw_popping_sidebars_and_widgets.php:69

Shortcodes 2

[otw_shortcode_grid_column] include\otw_components\otw_overlay_grid_manager_light\otw_overlay_grid_manager.class.php:55
[otw_is] include\otw_pswl_functions.php:28
WordPress Hooks 23
actionadmin_menuinclude\otw_components\otw_factory\otw_factory.class.php:34
actionadmin_print_stylesinclude\otw_components\otw_factory\otw_factory.class.php:36
actionadmin_noticesinclude\otw_components\otw_factory\otw_factory.class.php:38
filterpre_set_site_transient_update_pluginsinclude\otw_components\otw_factory\otw_factory.class.php:40
filterplugins_apiinclude\otw_components\otw_factory\otw_factory.class.php:42
actionwp_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:90
actionadmin_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:94
actionwp_footerinclude\otw_components\otw_overlay_light\otw_overlay.class.php:37
filtermce_external_pluginsinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:180
filtermce_buttonsinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:181
actionwp_footerinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:189
actionadmin_footerinclude\otw_components\otw_overlay_shortcode\otw_overlay_shortcode.class.php:621
filterposts_whereinclude\otw_pswl_core.php:1059
filterposts_whereinclude\otw_pswl_core.php:1135
filterposts_whereinclude\otw_pswl_core.php:1701
actionadmin_menuinclude\otw_pswl_functions.php:13
actionadmin_print_stylesinclude\otw_pswl_functions.php:15
actionadmin_enqueue_scriptsinclude\otw_pswl_functions.php:17
filterotwfcr_noticeinclude\otw_pswl_functions.php:19
filterposts_whereinclude\otw_pswl_functions.php:464
filterposts_whereinclude\otw_pswl_functions.php:540
filterposts_whereinclude\otw_pswl_functions.php:1106
actioninitotw_popping_sidebars_and_widgets.php:66
Maintenance & Trust

Popping Sidebars and Widgets Light Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedApr 1, 2022
PHP min version
Downloads19K

Community Trust

Rating50/100
Number of ratings4
Active installs90
Alternatives

Popping Sidebars and Widgets Light Alternatives

Popping Content Light

Popping Content Light

popping-content-light

C
63

Custom popping layouts. Insert ready to use shortcodes in just a few clicks.

100 1 unpatched
Firelight Lightbox

Firelight Lightbox

easy-fancybox

A
96

Formerly Easy Fancybox. The most popular WordPress lightbox plugin. Simple, fast, and responsive. Opens images, videos, PDFs, and custom popups.

200K 5 CVEs
Lightbox & Modal Popup WordPress Plugin – FooBox

Lightbox & Modal Popup WordPress Plugin – FooBox

foobox-image-lightbox

A
94

A responsive image lightbox for WordPress galleries, WordPress attachments & FooGallery

100K 5 CVEs
Gallery by FooGallery

Gallery by FooGallery

foogallery

A
88

Photo Gallery, Image Gallery by FooGallery — fast, responsive, SEO-optimized, and packed with beautiful layouts.

100K 20 CVEs
Responsive Lightbox & Gallery

Responsive Lightbox & Gallery

responsive-lightbox

A
89

The most popular lightbox plugin and responsive gallery builder for WordPress.

100K 13 CVEs
Developer Profile

Popping Sidebars and Widgets Light Developer Profile

OTWthemes

12 plugins · 6K total installs

70
trust score
Avg Security Score
66/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Popping Sidebars and Widgets Light

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/popping-sidebars-and-widgets-light/js/otw_pswl_scripts.js/wp-content/plugins/popping-sidebars-and-widgets-light/css/otw_pswl_style.css
Script Paths
/wp-content/plugins/popping-sidebars-and-widgets-light/js/otw_pswl_scripts.js
Version Parameters
/wp-content/plugins/popping-sidebars-and-widgets-light/js/otw_pswl_scripts.js?ver=/wp-content/plugins/popping-sidebars-and-widgets-light/css/otw_pswl_style.css?ver=

HTML / DOM Fingerprints

CSS Classes
otw-pswl-closeotw-pswl-openotw-pswl-sidebar
Data Attributes
data-otw-pswl-id
JS Globals
otw_pswl_data
Shortcode Output
[otw_pswl_show_sidebar]
FAQ

Frequently Asked Questions about Popping Sidebars and Widgets Light