[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0QHc2_vtRXRjQA2A-2V_tfWOufAlumP2ed5xDWUDrJc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":51,"analysis":148,"fingerprints":373},"poptin","Poptin – Exit Pop Ups & Email Popups","1.3.10","Poptin","https:\u002F\u002Fprofiles.wordpress.org\u002Fpoptin\u002F","\u003Ch4>Free exit intent popup builder, gamified popups with spin the wheel, contact form builder & lead generation pop ups platform for your website. 🎉\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fhelp.poptin.com\u002F?utm_source=wordpressorg\" title=\"Support\" rel=\"nofollow ugc\">Support\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.poptin.com\u002Fgallery\u002F?utm_source=wordpressorg\" title=\"Poptin.com Demo\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.poptin.com\u002Fpricing\u002F?utm_source=wordpressorg\" title=\"Poptin Pricing\" rel=\"nofollow ugc\">Upgrade\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fapp.popt.in\u002Fregister\u002F?utm_source=wordpressorg\" title=\"Sign Up to Poptin\" rel=\"nofollow ugc\">Sign Up for Free \u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Create beautiful email popups, sms pop ups, optins, lightbox pop ups, notification bar, and contact forms in less than 2 minutes. Use exit intent popup & advanced targeting rules to convert more visitors into leads, subscribers, and sales.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>How Poptin Pop Ups Can Help Your Business Grow 🚀\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Grow your email list using email pop ups\u003C\u002Fli>\n\u003Cli>Capture more leads using lead capture pop ups\u003C\u002Fli>\n\u003Cli>Get more sales with upsell pop up \u003C\u002Fli>\n\u003Cli>Recover cart abandonment with exit offers\u003C\u002Fli>\n\u003Cli>Increase visitors’ engagement with pop ups & inline forms\u003C\u002Fli>\n\u003Cli>Create a notification bar, update your users about deals & promotions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Poptin forms and popup plugin tracks the website’s visitors’ behavior and shows the right message at the right time. The platform helps to improve conversion rate and turn more visitors into leads, sales, newsletter subscribers, increases engagement, and recovers abandoning website and cart visitors using exit offers and \u003Ca href=\"https:\u002F\u002Fwww.poptin.com\u002Fblog\u002Fexit-intent-technology-can-grow-business\u002F\" title=\"exit intent\" rel=\"nofollow ugc\">exit intent\u003C\u002Fa> technology and many other triggers.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FgZGz0tawfx8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Create a Poptin account for free\u003C\u002Fstrong>\u003Cbr \u002F>\n  Poptin is a web application that works perfectly with WordPress and many more web platforms. Start creating your first popups and contact forms by \u003Ca href=\"https:\u002F\u002Fapp.popt.in\u002Fregister?utm_source=wordpress\" title=\"open free Poptin account\" rel=\"nofollow ugc\">\u003Cstrong>opening your free account\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>You can create anything your marketing heart desires, from advanced overlays to SMS popups, inline forms, lead form widgets, exit popups, and social widgets – it’s all on-brand and fully customizable with our powerful popup builder. Reduce cart abandonment and bounce rate and increase conversion rate!\u003C\u002Fp>\n\u003Ch4>EXIT INTENT TRIGGER INCLUDED 🥳\u003C\u002Fh4>\n\u003Cp>Our popup plugin includes exit intent trigger on the free plan and many other advanced features. The free plan comes with 1,000 visitors of popups and forms per month.\u003Cbr \u002F>\n\u003Cstrong>Unlimited popups, unlimited forms, unlimited integrations, unlimited leads.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>What do you get with Poptin?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Create popups and contact forms in minutes using a drag & drop popup editor 🚀\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose from a wide range of fully responsive and well-designed popups and lead forms templates, including lightbox, welcome screen, sms popup, notification bar, floating bar, slide-in, sidebar, mobile popups, video pop up, countdown & timer popups, and many more pop up templates\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Create beautiful inline forms using our powerful form builder: use our designed templates or create your own contact form from scratch. Add your embedded form anywhere on your website using a shortcode\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Exit intent technology – unlimited exit popups included.\u003Cbr \u002F>\nOur exit intent trigger is included in the free plan. Create any type of exit popup you want for your website (light box, bar, full screen etc)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Track your popup and contact form analytics – see how many people visit your site and how many of them have seen your pop ups and overlays. Understand what works great and what doesn’t\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Advanced targeting options for your pop ups including exit intent trigger, display after time spent on the website, scrolling trigger, display after X pages visited, display after X clicks, inactivity trigger, URL targeting (page level on-site targeting), device targeting, geo-location (by country, including US states), OS & Browsers, IP block lists, days and hours, new vs returning visitors (based on cookies), traffic source (Facebook, Google, Google Ads [Adwords], ChatGPT, Gemini, X.com, perplexity.ai, Youtube, Reddit, Twitter, Pinterest and any site you want), page source targeting, on-click popup display\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Show beautiful popups and embedded forms according to each visitor’s unique behavior\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add custom images and backgrounds, HTML elements, entry effects, CTA (call-to-action), change the height and width of your popups and forms, control the display location (header and footer, all sides and corners) with our form and popup maker\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Integrate your popups and contact forms with your favorite emailing system, CRM, or marketing automation platform including: MailChimp, Zapier, GetResponse, ConvertKit, Pipedrive, ActiveCampaign, Hubspot, Klaviyo, Zoho CRM, Salesforce, and many more\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A\u002FB testing – what does work better, video popup or popup form? Test one popup or form against the other and improve conversion rate optimization\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>All types of fields – besides the regular name, email, and phone fields, add number fields, textarea field, website field, date, select, radio buttons, checkboxes, and hidden field. Use the new fields to make your forms better. You can also use it to gather feedback and to create surveys\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Gamified popups – create beautiful gamified pop ups and get more sales. Create a spin to win pop up, scratch card, and pick a gift pop ups. Highly recommended for WooCommerce stores to increase sales\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Landing page link – collect emails and leads using our simple landing page link. Each email popup and contact form has it own landing page link that can be sent via email, message or post it on social media\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Draft and Autosaving – when you design a popup or form and the process stops in the middle (internet issues, your kid spilled water on your laptop etc), your popup or form is saved as draft. You can go back to it from the Popups and Forms tab\u003C\u002Fp>\n\u003Cp>All your changes will be saved periodically if you work on an existing popup or form. Once you go back to the editing of the popup or form you changed, choose if you want to load the last changes or work on the current version\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Agency package: manage users and sub-accounts\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Run your popup with our Autopilot trigger and get optimized results\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>SEO friendly mobile & desktop popups, and inline forms\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Ways to automate Poptin with Zapier\u002FMake.com:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send an autoresponder with a Gmail account\u003C\u002Fli>\n\u003Cli>Add Poptin leads to a Google Sheets spreadsheet\u003C\u002Fli>\n\u003Cli>Add leads into Airtable\u003C\u002Fli>\n\u003Cli>Integration with Salesforce and Pardot\u003C\u002Fli>\n\u003Cli>Create leads in Intercom\u003C\u002Fli>\n\u003Cli>Add Monday CRM leads from new Poptin submissions\u003C\u002Fli>\n\u003Cli>Add leads to ClickUp lists for marketing ops or campaign tracking\u003C\u002Fli>\n\u003Cli>Send Slack messages for new Poptin leads\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Create popups and forms in any language: English, Mandarin, Portuguese, Spanish, Hindi, Arabic, Russian, Hebrew, German, Japanese, Italian, Polish, Thai, Ukrainian, Dutch, Greek, Hungarian, Romanian, Persian, Korean, and more\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>RTL support: all the popups and forms are 100% RTL supported\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Dynamic tags for your pop ups and forms – add dynamic Merge Tags to your pop ups and contact forms. Display dynamic text or image that is pulled from a class or ID on your page, or even from a UTM parameter. Use this feature to create dynamic pop ups and contact forms based on your website’s content\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Use our custom HTML to embed quizzes, social share buttons, polls, Google surveys, Google Maps, Typeform, Jotform, Wufoo widgets and more\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Launch a pop up from another pop up and create double opt-in, triple opt-in or any flow you want. You can create 2-step lightbox pop up or even slide-in with a button that will launch a light-box or a full-screen overlay.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can track the performance of your forms and popups not only on your dashboard but also with Hotjar, Microsoft Clarity, Lucky Orange, ClickTale, FullStory Smartlook, Crazyegg, MouseFlow or any other heatmap and session recording tool\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cookie targeting: display forms and popups to users with specific cookies. Use this feature to show popups and contact forms based on shopping cart data such as number of items, cart value, etc. You can also target logged in and logged out users\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Tested with all browsers – Chrome, Firefox, Android, iOS, Safari, Explorer, Edge, Opera, and more. Tested with all Windows versions, macOS and other operating systems\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GDPR features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manually delete leads from the “Leads” tab\u003C\u002Fli>\n\u003Cli>Change the email of your account\u003C\u002Fli>\n\u003Cli>You can automatically delete leads so they won’t be stored for more than 1\u002F3\u002F6\u002F12\u002F18\u002F24 months or never stored\u002Fnever deleted\u003C\u002Fli>\n\u003Cli>See the IP address of any lead you get\u003C\u002Fli>\n\u003Cli>Add a consent checkbox if you want your subscribers to agree to your terms of service before submitting a form\u003C\u002Fli>\n\u003Cli>Decreased number of cookies\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.poptin.com\u002Fgdpr\u002F\" title=\"Click here\" rel=\"nofollow ugc\">Click here\u003C\u002Fa> to read more about Poptin’s GDPR changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Create unique or fixed-value coupons that embed directly in popups and track their usage for performance insights\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Drag and Drop Inline Form Builder\u003C\u002Fh4>\n\u003Cp>Create inline contact forms with Poptin. Once you use our form builder and create your contact form, use our short code and add the form anywhere on your website. When you create embedded forms with Poptin you can use our smart targeting and triggers options to maximize the conversion rate.\u003C\u002Fp>\n\u003Cp>Using our powerful form builder you can create beautiful forms. Use our contact form templates or create your own form from scratch. Add elements that’ll increase your conversion rate like countdown timer, video, custom HTML, images, shapes, attention effect for your button and more.\u003C\u002Fp>\n\u003Cp>We support any type of field, including name, email, phone, custom fields, date, website, numbers, dropdown, radio buttons, checkboxes, and more.\u003C\u002Fp>\n\u003Cp>You can also connect your contact form to our native integrations, including MailChimp, HubSpot, Zoho, GetResponse, and more. You can also use our Zapier app and connect your embedded form to any platform supported by Zapier. Connect your contact form to our autoresponder, and send an automated email to visitors who fill out the form.\u003C\u002Fp>\n\u003Cp>Run A\u002FB tests – use our form builder to create a different version of your form, and also create a different trigger and targeting rules. Display different versions of your contact form using the same shortcode, and find out what’s the best version of your inline contact form.\u003C\u002Fp>\n\u003Cp>Want to create a different version of your embedded form for mobile and for desktop? Use our form builder to create different versions for desktop and mobile, and display them using the same shortcode.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3cVDhT68MEY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Create a Poptin account for free\u003C\u002Fstrong>\u003Cbr \u002F>\n  Poptin is a web application that works perfectly with WordPress and many more web platforms. Start creating your first popup and contact form by \u003Ca href=\"https:\u002F\u002Fapp.popt.in\u002Fregister?utm_source=wordpress\" title=\"open a free Poptin account\" rel=\"nofollow ugc\">\u003Cstrong>opening your free account here\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Gamified Pop ups\u003C\u002Fh4>\n\u003Cp>An easy-to-use gamified popup builder you can easily integrate to your website. Poptin’s gamified popups allow you to create three kinds: spin the wheel pop ups, scratch card popups, and gift pop ups. These pop ups are ideal for WooCommerce stores.\u003C\u002Fp>\n\u003Cp>Generate more leads and encourage more sales by giving customers an engaging way to earn coupon codes and special offers from you!\u003C\u002Fp>\n\u003Cp>We’ve made three different kinds of gamified pop ups for you to offer to your visitors. More games, more fun, and more chances of winning.\u003C\u002Fp>\n\u003Cp>Here are three kinds of popups we’ve created for you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Spin to win pop up\u003C\u002Fli>\n\u003Cli>Scratch card pop up\u003C\u002Fli>\n\u003Cli>Pick a gift pop up\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Wheel of fortune pop ups or spin wheel pop ups let your visitors spin a wheel and get the chance to win one of the many prizes or codes on your wheel. Use the wheel of fortune pop up or spin wheel popup for almost always win situation for your visitors.\u003C\u002Fp>\n\u003Cp>Scratch off pop ups or scratch card pop ups are where you set a code and the customer will “scratch” the card to reveal the code for your customers to use in your shop. Use a scratch off popup for that lottery card feel. There’s always a code that customers will win with the scratch cards popups.\u003C\u002Fp>\n\u003Cp>Pick a gift pop ups let your customers pick from one of three gifts for a chance to win a special code that can be used in your store. Use the gift pop ups if you want a bit of more thrill, with the visitors getting a chance to win a code or nothing at all.\u003C\u002Fp>\n\u003Cp>Appeal to the kids in your customers by adding gamified pop ups on your website.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FlxWOrky14so?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Autoresponder\u003C\u002Fh4>\n\u003Cp>With the autoresponder, send an automatic email to visitors that submitted your pop ups and contact forms. Send an autoresponder for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A discount coupon to new newsletter subscribers\u003C\u002Fli>\n\u003Cli>A “Thank you” or a “Welcome” email\u003C\u002Fli>\n\u003Cli>A discount coupon code when visitors try to leave your checkout page\u003C\u002Fli>\n\u003Cli>A link to download an eBook, video, guide or manual, or you can also attach the file to the email\u003Cbr \u002F>\nThe autoresponder is available on any paid plan\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Popular popups use cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show an exit intent popup with a discount and a modal popup countdown to visitors who try to leave your eCommerce store checkout page and get more sales\u003C\u002Fli>\n\u003Cli>Show a scroll box newsletter pop up to visitors who read and scroll down 60% of your blog post and grow your email list\u003C\u002Fli>\n\u003Cli>Create an inline form on all your blog posts, and sync all your subscribers to your MailChimp account\u003C\u002Fli>\n\u003Cli>Show a floating bar popup with a coupon code to visitors who came to your site from a campaign you run that includes a UTM\u003C\u002Fli>\n\u003Cli>Show a click-to-call mobile widget to people that visit your site during your business work hours to get more leads\u003C\u002Fli>\n\u003Cli>Create a feedback form or survey to gather information from your website’s visitors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Poptin works great with WordPress page builders including Elementor, Divi, Beaver Builder, WPBakery, SeedProd, Gutenberg and more.\u003C\u002Fp>\n\u003Ch4>Beta\u003C\u002Fh4>\n\u003Cp>Our new \u003Cstrong>Contacts\u003C\u002Fstrong> system is now in beta, giving you deeper insights and more control over your audience than ever before. Easily track, organize, and manage contacts using advanced segmentation, custom properties, web activity, and detailed popup & form interactions – all in one place.\u003Cbr \u002F>\nUnderstand how users engage across your site and popups, build smarter audiences, and lay the foundation for more personalized communication.\u003C\u002Fp>\n\u003Ch4>Coming soon\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email Campaigns\u003C\u002Fstrong> – Send targeted marketing and transactional emails to your audience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Automations\u003C\u002Fstrong> – Build automated workflows to engage, nurture, and convert contacts at scale\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Testimonials\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>” All lead capturing tools have failed me…except for Poptin. This is the only platform that gives me the necessary flexibility for my forms. My lead generation is stellar and Poptin is a big part of it.”\u003C\u002Fp>\n\u003Cp>  \u003Cstrong>Ilan Missulawin, Co-founder, Clickcease\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>” Poptin has been incredibly easy to use from day one. The setup process was straightforward and quick, and we were able to install it on our website without any issues. We use Poptin to track and convert leads into our email database, and it’s made a noticeable difference in how effectively we capture and understand audience engagement.\u003Cbr \u002F>\n  We especially love the analytics and reporting features. Having clear, accessible data on impressions, conversions and performance has helped us make more informed decisions.”\u003C\u002Fp>\n\u003Cp>  \u003Cstrong>Crystal R, Sales Assistant, batyr\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Free exit intent popup builder, gamified popups with spin the wheel, contact form builder & lead generation pop ups platform for your website. 🎉",20000,485621,98,684,"2026-03-02T13:12:00.000Z","6.9.4","3.1","",[20,21,22,23,24],"email-pop-up","exit-intent","pop-ups","popup","popups","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpoptin.1.3.10.zip",100,1,0,"2023-09-18 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-4961","poptin-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Poptin \u003C= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.3","1.3.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F778af777-4c98-45cd-9704-1bdc96054aa7?source=api-prod",127,{"slug":4,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":49,"computed_at":50},79,"2026-04-04T00:52:32.185Z",[52,71,88,104,127],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":28,"num_ratings":28,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":70,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"convertux-connector","Convertux Connector","1.0.1","Convertux","https:\u002F\u002Fprofiles.wordpress.org\u002Fconvertux\u002F","\u003Cp>Create and push offers to the right visitors at the right time. Increase conversion rate, average order value, and more. Zero coding, easy learning curve.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.convertux.com\u002F?utm_source=wordpress\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.convertux.com\u003C\u002Fa> is service which allows you to convert your visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.convertux.com\u002F?utm_source=wordpress\" title=\"Create your optin forms\" rel=\"nofollow ugc\">\u003Cstrong>Create your optin forms!\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FaYBT_gy1KB8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>Zero coding!\u003C\u002Fstrong>\u003Cbr \u002F>\nGet full access to our extensive collection of colorable themes and targeting recommendations. Become inspired by dozens of campaign ideas and create yours with our easy to use drag-and-drop builder.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hit the bull’s-eye\u003C\u002Fstrong>\u003Cbr \u002F>\nCreate as many messages as you wish, and target each visitor segment with fully customized messages that are more relevant and more likely to convert.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Analyze and automate\u003C\u002Fstrong>\u003Cbr \u002F>\nGet all the stats you need to improve your lead generation strategy, then easily split test all your ideas to keep increasing conversions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Build complex call to action scenarios with drags and drops\u003C\u002Fstrong>\u003Cbr \u002F>\n=Never ask your developers for help again. Design lead capture forms, promo bars and more, faster than ever.=\u003Cbr \u002F>\n* Create with zero coding skills\u003Cbr \u002F>\n* Create deeply personalized offers\u003Cbr \u002F>\n* Choose from a multitude of event triggers\u003Cbr \u002F>\n* Setup multiple scenarios with conditional logic\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What you visually design becomes the code, instantly\u003C\u002Fstrong>\u003Cbr \u002F>\nPick a format you want: a sticky bar, a lightbox, a chat-like modal. Drag and drop the elements you need. Go live.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No time to design?\u003Cbr \u002F>\nChoose from dozens of beautiful pre-made templates\u003C\u002Fstrong>\u003Cbr \u002F>\nSkip the creative struggle and search for best practices. Use one of the time-tested high-performing templates.\u003C\u002Fp>\n\u003Cp>=Integrate it with your tools=\u003Cbr \u002F>\n* GetResponse\u003Cbr \u002F>\n* MailChimp\u003Cbr \u002F>\n* ActiveCampaign\u003Cbr \u002F>\n* Infusionsoft\u003Cbr \u002F>\n* ConvertKit\u003Cbr \u002F>\n* OntraPort\u003Cbr \u002F>\n* Gist\u003Cbr \u002F>\n* MailerLite\u003Cbr \u002F>\n* Klaviyo\u003Cbr \u002F>\n* Platform.ly\u003Cbr \u002F>\n* Sendinblue\u003Cbr \u002F>\n* Demio\u003Cbr \u002F>\n* HubSpot\u003Cbr \u002F>\n* MooSend\u003Cbr \u002F>\n* SendFox\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fconvertux.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Convert your visitors in intelligent way. Get more sales & subscribers with beautiful sticky bars, lightboxes, full page modals, chat-like modals, &hellip;",10,1002,"2021-07-08T17:42:00.000Z","5.7.15","4.1.0",[66,21,67,22,24],"convertux","pop-up","https:\u002F\u002Fconvertux.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconvertux-connector.1.0.1.zip",85,{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":28,"downloaded":79,"rating":28,"num_ratings":28,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":18,"download_link":87,"security_score":26,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"flash-popup-builder","Flash Popup Builder","1.0.3","Themescaliber","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohammedashfaque\u002F","\u003Cp>Flash Popup Builder is a powerful and user-friendly WordPress popup builder designed to boost engagement, conversions, and sales. Whether you want to capture leads, promote offers, display discounts, or drive traffic to specific pages, Flash Popup Builder makes it effortless.\u003C\u002Fp>\n\u003Cp>With pre-built customizable templates, you can create eye-catching popups for email subscriptions, upsells, cross-sells, eCommerce offers, and festive promotions like Black Friday, Cyber Monday, New Year Sales, and more.\u003C\u002Fp>\n\u003Cp>The plugin includes a simple drag-and-drop editor, advanced trigger conditions, and styling customization, making it the perfect solution for marketers, store owners, and bloggers looking to enhance user interaction on their websites.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Built-in Popup Builder – Easily create and customize popups with text, images, buttons, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Pre-Built Templates – Choose from multiple professionally designed popup templates for different use cases.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Trigger Conditions – Control when and where popups appear based on page scroll percentage, exit intent, specific pages, or time delays.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Content Customization – Edit background images, heading text, descriptions, buttons, coupon codes, and call-to-action elements.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Advanced Customization (Pro Version) – Unlock premium features like color and font settings, additional triggers, display rules, and premium eCommerce popup templates for upsell and cross-sell campaigns.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Mobile Responsive – Popups are fully optimized for mobile and desktop devices.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Lightweight & Fast – Designed for performance without slowing down your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Upgrade to Pro Version\u003C\u002Fh3>\n\u003Cp>Unlock advanced features, additional templates, and enhanced customization by upgrading to Flash Popup Builder Pro. Click “Get Pro” in the plugin dashboard to access premium features.\u003C\u002Fp>\n\u003Ch3>Third-Party Libraries and License Compatibility\u003C\u002Fh3>\n\u003Cp>This plugin utilizes the following third-party libraries:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Bootstrap v5.3.3\u003C\u002Fstrong> – A popular front-end framework used for responsive layout and UI components. Bootstrap is used in this plugin to style the admin and frontend elements.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Source:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgetbootstrap.com\" rel=\"nofollow ugc\">Bootstrap by The Bootstrap Team\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>License:\u003C\u002Fstrong> MIT License (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwbs\u002Fbootstrap\u002Fblob\u002Fmain\u002FLICENSE\" rel=\"nofollow ugc\">View License\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Font Awesome Free v6.7.2\u003C\u002Fstrong> – A popular icon toolkit used for adding scalable vector icons and social logos to your website. FontAwesome is used in this plugin to display icons inside popups and admin panels.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Source:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Ffontawesome.com\" rel=\"nofollow ugc\">Font Awesome by Fonticons, Inc.\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>License:\u003C\u002Fstrong> MIT License (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFortAwesome\u002FFont-Awesome\u002Fblob\u002F6.x\u002FLICENSE.txt\" rel=\"nofollow ugc\">View License\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to Create a Popup?\u003C\u002Fh3>\n\u003Cp>o Go to Flash Popup Builder in the WordPress Dashboard.\u003Cbr \u002F>\n  o Click Add New Popup and choose a pre-built template.\u003Cbr \u002F>\n  o Customize the background image, text, button, and call-to-action\u003Cbr \u002F>\n  o Set trigger conditions like exit intent, scroll percentage, or page-specific display.\u003Cbr \u002F>\n  o Save & Publish the popup to start engaging visitors!\u003C\u002Fp>\n\u003Cp>If you need any further assistance, feel free to check our documentation or reach out for support. Enjoy enhancing your site’s user engagement with the Flash Popup Builder Plugin!\u003C\u002Fp>\n","Flash Popup Builder : A simple popup builder plugin with pre-built templates.",416,"2025-09-09T06:04:00.000Z","6.8.5","5.2","7.2",[20,85,21,86,24],"email-subscription","popup-builder","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflash-popup-builder.1.0.3.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":28,"downloaded":96,"rating":28,"num_ratings":28,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":18,"download_link":103,"security_score":70,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"pop-convert","Pop Convert – Free Popup & Smart Bar Plugin for WordPress & WooCommerce","1.0","jasonck","https:\u002F\u002Fprofiles.wordpress.org\u002Fjasonck\u002F","\u003Cp>Increase your subscribers list by showing high converting pop ups, banners and smart bars. Collect more emails and phone numbers for retargetting, and increase sales. Need more traffic to a specific URL? No problem! Want to offer a discount code, or make an announcement? This is your plugn! The best part? This plugin is 100% FREE!\u003C\u002Fp>\n\u003Ch3>Third-Party Scripts\u003C\u002Fh3>\n\u003Cp>This plugin includes a third-party script to enable its core functionalities:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Name:\u003C\u002Fstrong>  Pop Convert Script\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Source:\u003C\u002Fstrong> https:\u002F\u002Fscript.pop-convert.com\u002Fproduction.pc.min.js\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Purpose:\u003C\u002Fstrong> The script is used to display popups and banners on your site as configured in your Pop Convert account. It handles the rendering and interaction logic for these components.\u003C\u002Fp>\n\u003Ch3>Privacy and Data Handling\u003C\u002Fh3>\n\u003Cp>For information on how data is collected, used, and protected, please review Pop Convert’s privacy policy at \u003Ca href=\"https:\u002F\u002Fwww.pop-convert.com\u002Fprivacy\" rel=\"nofollow ugc\">Pop Convert Privacy Policy URL\u003C\u002Fa>.\u003C\u002Fp>\n","Increase your subscribers list by showing high converting pop ups, banners and smart bars. Collect more emails and phone numbers for retargetting, and &hellip;",531,"2024-03-19T21:09:00.000Z","6.4.8","4.2","5.3.3",[102,21,67,22,24],"banner","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpop-convert.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":81,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":122,"download_link":123,"security_score":124,"vuln_count":125,"unpatched_count":28,"last_vuln_date":126,"fetched_at":30},"pop-up-pop-up","Pop-up","1.2.8","Inisev","https:\u002F\u002Fprofiles.wordpress.org\u002Finisev\u002F","\u003Cp>\u003Cstrong>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fmpu\" rel=\"nofollow ugc\">https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fpop-up-pop-up\u003C\u002Fa>.\u003C\u002Fstrong>\u003Cbr \u002F>\n(this trick works for all plugins in the WP repo – just replace “wordpress” with “tastewp” in the URL)\u003C\u002Fp>\n\u003Cp>Create stunning pop-ups in a breeze!\u003C\u002Fp>\n\u003Cp>This plugin allows you (in combination with MyPopUps.com) to place cool-looking pop-ups on your site for various purposes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect emails\u003C\u002Fli>\n\u003Cli>Show discount codes\u003C\u002Fli>\n\u003Cli>Get social likes & shares\u003C\u002Fli>\n\u003Cli>Show cookie notices\u003C\u002Fli>\n\u003Cli>Block ad-blockers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can design the pop-ups to your liking thanks to the powerful builder on MyPopUps.\u003C\u002Fp>\n\u003Cp>You can activate & disable the pop-ups directly inside this plugin (without having to leave your WP dashboard)!\u003C\u002Fp>\n\u003Cp>Coming soon: define much more granular rules when & how the pop-ups should show (using WordPress parameters, inside this plugin).\u003C\u002Fp>\n\u003Cp>Give it a shot! If you find any ways how to improve it, please let us know in the support forum, we’ll always try to respond quickly 🙂\u003C\u002Fp>\n\u003Cp>Note: This plugin relies on the 3rd party service MyPopUps, which can be reached at https:\u002F\u002Fmypopups.com. The pop-ups are created on MyPopUps and displayed on your website with the help of this plugin. Only when you click on the “Yes” button in the plugin a connection is established to MyPopUps (this is also mentioned on that button). For the confidential handling of your data, please have a look at MyPopUps’ GDPR-compliant privacy policy at https:\u002F\u002Fmypopups.com\u002Fprivacy as well at the terms of use at https:\u002F\u002Fmypopups.com\u002Fterms. If you have any questions about those, please don’t hesitate to contact us here https:\u002F\u002Fmypopups.com\u002Fcontact-us. Thank you!\u003C\u002Fp>\n","Pop-up Popups",10000,346208,94,83,"2025-10-30T05:50:00.000Z","4.6","5.6",[120,121,67,22,24],"lightbox","modals","https:\u002F\u002Fmypopups.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpop-up-pop-up.1.2.8.zip",99,2,"2022-09-02 00:00:00",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":112,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":16,"requires_at_least":139,"requires_php":18,"tags":140,"homepage":143,"download_link":144,"security_score":145,"vuln_count":146,"unpatched_count":28,"last_vuln_date":147,"fetched_at":30},"popup-by-supsystic","Smart Popup by Supsystic","1.10.38","supsystic","https:\u002F\u002Fprofiles.wordpress.org\u002Fsupsysticcom\u002F","\u003Cp>\u003Cstrong>Smart Popup – Targeted WordPress Popups That Convert (Without Annoying Visitors)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Turn more visitors into subscribers, buyers, and bookings — without overwhelming them.\u003Cbr \u002F>\nSmart Popup lets you show the right message at the right moment using advanced triggers and precise targeting controls.\u003Cbr \u002F>\nMore control. Better timing. Higher conversions.\u003C\u002Fp>\n\u003Cp>🎯 \u003Cstrong>Show the Right Popup at the Right Time\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Display popups based on real visitor behaviour:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exit intent (when someone is about to leave)\u003C\u002Fli>\n\u003Cli>Scroll depth\u003C\u002Fli>\n\u003Cli>Time delay\u003C\u002Fli>\n\u003Cli>Specific pages or categories\u003C\u002Fli>\n\u003Cli>Device type (desktop or mobile)\u003C\u002Fli>\n\u003Cli>New vs returning visitors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Instead of showing more popups, show smarter ones.\u003C\u002Fp>\n\u003Cp>🛒 \u003Cstrong>Increase Sales Without Being Aggressive\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Perfect for online stores and service businesses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cart abandonment reminders\u003C\u002Fli>\n\u003Cli>Free shipping threshold nudges\u003C\u002Fli>\n\u003Cli>Limited-time promotions\u003C\u002Fli>\n\u003Cli>Product launches\u003C\u002Fli>\n\u003Cli>Upsells and cross-sells\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Targeted popups convert better than generic ones.\u003C\u002Fp>\n\u003Cp>🔔 \u003Cstrong>Announcements & Deadline Messaging\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Popups aren’t just for email capture.\u003Cbr \u002F>\nUse them to communicate important updates:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“Order by Dec 20 for Christmas delivery”\u003C\u002Fli>\n\u003Cli>“Bookings close Friday”\u003C\u002Fli>\n\u003Cli>“Same-day dispatch ends at 2pm”\u003C\u002Fli>\n\u003Cli>Event reminders\u003C\u002Fli>\n\u003Cli>Service availability updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Clear messaging prevents missed sales and confused customers.\u003C\u002Fp>\n\u003Cp>🧲 \u003Cstrong>Grow Your Email List — Without Damaging User Experience\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Capture subscribers with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exit-intent lead magnets\u003C\u002Fli>\n\u003Cli>Scroll-triggered content upgrades\u003C\u002Fli>\n\u003Cli>Timed newsletter invitations\u003C\u002Fli>\n\u003Cli>Inline opt-in popups\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Set frequency limits so visitors don’t feel overwhelmed.\u003C\u002Fp>\n\u003Cp>⚙ \u003Cstrong>Built for Control and Flexibility\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Smart Popup includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Visual popup builder\u003C\u002Fli>\n\u003Cli>Custom styling and branding options\u003C\u002Fli>\n\u003Cli>Page-level targeting\u003C\u002Fli>\n\u003Cli>Frequency controls\u003C\u002Fli>\n\u003Cli>Responsive design\u003C\u002Fli>\n\u003Cli>A\u002FB testing support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you’re a beginner or a developer, you stay in control.\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Why Choose Smart Popup?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Advanced targeting without SaaS lock-in\u003C\u002Fli>\n\u003Cli>No monthly fees\u003C\u002Fli>\n\u003Cli>Built specifically for WordPress\u003C\u002Fli>\n\u003Cli>Flexible for developers\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Simple for site owners\u003C\u002Fp>\n\u003Cp>You decide who sees your message.\u003Cbr \u002F>\nYou decide when it appears.\u003Cbr \u002F>\nYou decide how often it shows.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>That’s how conversions increase — without harming user experience.\u003C\u002Fp>\n\u003Cp>If you’re looking for a powerful yet flexible popup plugin for WordPress, Smart Popup is built to help you convert more visitors — intelligently.\u003C\u002Fp>\n","Create targeted popups for lead capture, event notifications, announcements, and promotions — shown at the right time without disrupting your visitors &hellip;",1624924,90,340,"2026-03-11T12:41:00.000Z","5.0",[21,141,142,23,24],"lead-capture","modal","https:\u002F\u002Fsupsystic.com\u002Fplugins\u002Fpopup-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpopup-by-supsystic.1.10.38.zip",91,8,"2024-11-15 00:00:00",{"attackSurface":149,"codeSignals":232,"taintFlows":274,"riskAssessment":359,"analyzedAt":372},{"hooks":150,"ajaxHandlers":199,"restRoutes":225,"shortcodes":226,"cronEvents":231,"entryPointCount":146,"unprotectedCount":27},[151,156,160,164,167,171,174,178,182,185,190,195],{"type":152,"name":153,"callback":153,"file":154,"line":155},"action","admin_notices","includes\\class-affiliate.php",14,{"type":152,"name":157,"callback":158,"file":159,"line":136},"admin_enqueue_scripts","poptin_enqueue_dashboard_assets","includes\\poptin-functions.php",{"type":152,"name":157,"callback":161,"file":162,"line":163},"poptin_add_admin_javascript","poptin.php",56,{"type":152,"name":157,"callback":165,"file":162,"line":166},"poptin_add_admin_css",57,{"type":152,"name":168,"callback":169,"file":162,"line":170},"admin_menu","poptin_admin_pages_callback",59,{"type":152,"name":172,"callback":172,"file":162,"line":173},"admin_init",60,{"type":152,"name":175,"callback":176,"file":162,"line":177},"plugins_loaded","poptin_add_textdomain",63,{"type":152,"name":179,"callback":180,"file":162,"line":181},"wp_head","poptin_add_script_frontend",73,{"type":152,"name":172,"callback":183,"file":162,"line":184},"poptin_plugin_redirect",95,{"type":186,"name":187,"callback":188,"file":162,"line":189},"filter","admin_footer_text","replace_footer_text",96,{"type":186,"name":191,"callback":192,"priority":193,"file":162,"line":194},"clean_url","async_scripts",11,132,{"type":152,"name":196,"callback":197,"file":162,"line":198},"admin_footer","deactivate_modal",134,[200,205,209,212,216,220,222],{"action":201,"nopriv":202,"callback":203,"hasNonce":204,"hasCapCheck":204,"file":162,"line":115},"poptin_register",false,"poptin_marketplace_registration",true,{"action":206,"nopriv":202,"callback":207,"hasNonce":202,"hasCapCheck":202,"file":162,"line":208},"poptin_logmein","poptin_markplace_login",84,{"action":210,"nopriv":202,"callback":211,"hasNonce":204,"hasCapCheck":204,"file":162,"line":70},"delete-id","delete_poptin_id",{"action":213,"nopriv":202,"callback":214,"hasNonce":204,"hasCapCheck":204,"file":162,"line":215},"add-id","add_poptin_id",86,{"action":217,"nopriv":202,"callback":218,"hasNonce":204,"hasCapCheck":204,"file":162,"line":219},"poptin_logout","handle_logout_ajax",87,{"action":217,"nopriv":202,"callback":218,"hasNonce":204,"hasCapCheck":204,"file":162,"line":221},126,{"action":223,"nopriv":202,"callback":223,"hasNonce":204,"hasCapCheck":204,"file":162,"line":224},"poptin_plugin_deactivate",135,[],[227],{"tag":228,"callback":229,"file":162,"line":230},"poptin-form","poptin_shortcode_form",925,[],{"dangerousFunctions":233,"sqlUsage":234,"outputEscaping":236,"fileOperations":28,"externalRequests":271,"nonceChecks":272,"capabilityChecks":193,"bundledLibraries":273},[],{"prepared":28,"raw":28,"locations":235},[],{"escaped":237,"rawEcho":238,"locations":239},106,15,[240,244,245,247,249,251,253,255,257,259,261,263,265,267,269],{"file":241,"line":242,"context":243},"deactivate-form.php",125,"raw output",{"file":241,"line":242,"context":243},{"file":154,"line":246,"context":243},163,{"file":162,"line":248,"context":243},303,{"file":162,"line":250,"context":243},320,{"file":162,"line":252,"context":243},378,{"file":162,"line":254,"context":243},402,{"file":162,"line":256,"context":243},443,{"file":162,"line":258,"context":243},780,{"file":162,"line":260,"context":243},799,{"file":162,"line":262,"context":243},804,{"file":162,"line":264,"context":243},846,{"file":266,"line":26,"context":243},"views\\poptin_admin_view.php",{"file":266,"line":268,"context":243},157,{"file":270,"line":26,"context":243},"views\\poptin_modals.php",4,6,[],[275,292,300,311,328,338],{"entryPoint":276,"graph":277,"unsanitizedCount":28,"severity":291},"admin_notices (includes\\class-affiliate.php:33)",{"nodes":278,"edges":289},[279,284],{"id":280,"type":281,"label":282,"file":154,"line":283},"n0","source","$_SERVER['HTTP_HOST']",137,{"id":285,"type":286,"label":287,"file":154,"line":283,"wp_function":288},"n1","sink","echo() [XSS]","echo",[290],{"from":280,"to":285,"sanitized":204},"low",{"entryPoint":293,"graph":294,"unsanitizedCount":28,"severity":291},"\u003Cclass-affiliate> (includes\\class-affiliate.php:0)",{"nodes":295,"edges":298},[296,297],{"id":280,"type":281,"label":282,"file":154,"line":283},{"id":285,"type":286,"label":287,"file":154,"line":283,"wp_function":288},[299],{"from":280,"to":285,"sanitized":204},{"entryPoint":301,"graph":302,"unsanitizedCount":28,"severity":291},"poptin_plugin_deactivate (poptin.php:243)",{"nodes":303,"edges":309},[304,307],{"id":280,"type":281,"label":305,"file":162,"line":306},"$_POST",246,{"id":285,"type":286,"label":287,"file":162,"line":308,"wp_function":288},299,[310],{"from":280,"to":285,"sanitized":204},{"entryPoint":312,"graph":313,"unsanitizedCount":27,"severity":291},"poptin_marketplace_registration (poptin.php:359)",{"nodes":314,"edges":325},[315,317,320],{"id":280,"type":281,"label":305,"file":162,"line":316},397,{"id":285,"type":318,"label":319,"file":162,"line":316},"transform","→ poptin_middleware_registration_curl()",{"id":321,"type":286,"label":322,"file":162,"line":323,"wp_function":324},"n2","update_option() [Settings Manipulation]",797,"update_option",[326,327],{"from":280,"to":285,"sanitized":202},{"from":285,"to":321,"sanitized":202},{"entryPoint":329,"graph":330,"unsanitizedCount":28,"severity":291},"add_poptin_id (poptin.php:710)",{"nodes":331,"edges":336},[332,334],{"id":280,"type":281,"label":305,"file":162,"line":333},720,{"id":285,"type":286,"label":322,"file":162,"line":335,"wp_function":324},721,[337],{"from":280,"to":285,"sanitized":204},{"entryPoint":339,"graph":340,"unsanitizedCount":27,"severity":291},"\u003Cpoptin> (poptin.php:0)",{"nodes":341,"edges":354},[342,343,344,346,348,350,352],{"id":280,"type":281,"label":305,"file":162,"line":306},{"id":285,"type":286,"label":287,"file":162,"line":308,"wp_function":288},{"id":321,"type":281,"label":345,"file":162,"line":333},"$_POST (x2)",{"id":347,"type":286,"label":322,"file":162,"line":335,"wp_function":324},"n3",{"id":349,"type":281,"label":305,"file":162,"line":316},"n4",{"id":351,"type":318,"label":319,"file":162,"line":316},"n5",{"id":353,"type":286,"label":322,"file":162,"line":323,"wp_function":324},"n6",[355,356,357,358],{"from":280,"to":285,"sanitized":204},{"from":321,"to":347,"sanitized":204},{"from":349,"to":351,"sanitized":202},{"from":351,"to":353,"sanitized":202},{"summary":360,"deductions":361},"The Poptin plugin, in version 1.3.10, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all SQL queries, implementing nonce checks for most AJAX handlers, and performing capability checks. The overall output escaping is also high, with 88% of outputs properly escaped, mitigating many common cross-site scripting risks. File operations are absent, further reducing the attack surface.\n\nHowever, there are notable areas of concern. The presence of one AJAX handler without any authentication checks represents a significant potential vulnerability, allowing unauthenticated users to trigger functionality. The taint analysis revealed two flows with unsanitized paths, indicating a risk of arbitrary file access or manipulation, though no critical or high severity issues were found in this specific analysis. The plugin also has a history of one medium-severity Cross-Site Scripting (XSS) vulnerability, which, while patched, suggests that input sanitization needs continuous attention.\n\nIn conclusion, Poptin v1.3.10 has strong foundations in secure coding practices, particularly regarding database interactions and output handling. Nevertheless, the unprotected AJAX handler and the identified unsanitized paths in the taint analysis are critical areas that require immediate attention. The past XSS vulnerability, though resolved, serves as a reminder of the importance of robust input validation. Addressing these specific concerns would significantly strengthen the plugin's overall security.",[362,364,367,369],{"reason":363,"points":60},"AJAX handler without authentication check",{"reason":365,"points":366},"Flows with unsanitized paths",7,{"reason":368,"points":238},"Past medium severity XSS vulnerability",{"reason":370,"points":371},"Low percentage of outputs unescaped",3,"2026-03-16T17:27:43.103Z",{"wat":374,"direct":388},{"assetPaths":375,"generatorPatterns":380,"scriptPaths":381,"versionParams":383},[376,377,378,379],"\u002Fwp-content\u002Fplugins\u002Fpoptin\u002Fassets\u002Fcss\u002Fpoptin-admin-style.css","\u002Fwp-content\u002Fplugins\u002Fpoptin\u002Fassets\u002Fcss\u002Fpoptin-style.css","\u002Fwp-content\u002Fplugins\u002Fpoptin\u002Fassets\u002Fjs\u002Fpoptin-admin.js","\u002Fwp-content\u002Fplugins\u002Fpoptin\u002Fassets\u002Fjs\u002Fpoptin-front.js",[],[382],"https:\u002F\u002Fapp.popt.in\u002Fwidget\u002Fjs\u002Fwidget.js",[384,385,386,387],"poptin\u002Fassets\u002Fcss\u002Fpoptin-admin-style.css?ver=","poptin\u002Fassets\u002Fcss\u002Fpoptin-style.css?ver=","poptin\u002Fassets\u002Fjs\u002Fpoptin-admin.js?ver=","poptin\u002Fassets\u002Fjs\u002Fpoptin-front.js?ver=",{"cssClasses":389,"htmlComments":395,"htmlAttributes":399,"restEndpoints":406,"jsGlobals":410,"shortcodeOutput":413},[390,391,392,393,394],"poptin-widget-wrapper","poptin-form-wrapper","poptin-close-button","poptin-optin-form","poptin-close-btn",[396,397,398],"\u003C!-- Poptin activation hook -->","\u003C!-- Poptin deactivation hook -->","\u003C!-- Poptin widget -->",[400,401,402,403,404,405],"data-poptin-id","data-poptin-hash","data-poptin-popup","data-poptin-theme","data-poptin-display-once","data-poptin-trigger",[407,408,409],"\u002Fwp-json\u002Fpoptin\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fpoptin\u002Fv1\u002Flead","\u002Fwp-json\u002Fpoptin\u002Fv1\u002Fsubscribe",[411,412],"PoptinWidget","poptinWidget",[414],"[poptin_form id=\"\"]"]