Does Smart Popup by Supsystic have any unpatched vulnerabilities?

No. All known vulnerabilities in Smart Popup by Supsystic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Smart Popup by Supsystic compatible with WordPress 6.9.4?

According to WordPress.org data, Smart Popup by Supsystic 1.10.38 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Smart Popup by Supsystic updated?

Smart Popup by Supsystic was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Smart Popup by Supsystic's security score?

Smart Popup by Supsystic has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smart Popup by Supsystic Security & Risk Analysis

wordpress.org/plugins/popup-by-supsystic

Create targeted popups for lead capture, event notifications, announcements, and promotions — shown at the right time without disrupting your visitors …

10K active installs v1.10.38 PHP + WP 5.0+ Updated Mar 11, 2026

exit-intentlead-capturemodalpopuppopups

A · Safe

CVEs total8

Unpatched0

Last CVENov 15, 2024

Plugin page Download

Safety Verdict

Is Smart Popup by Supsystic Safe to Use in 2026?

Generally Safe

Score 91/100

Smart Popup by Supsystic has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Nov 15, 2024Updated 23d ago

Risk Assessment

The plugin 'popup-by-supsystic' v1.10.38 presents a mixed security posture. While the static analysis indicates a small attack surface with no immediately apparent unprotected entry points, significant concerns arise from the presence of dangerous functions and a substantial history of vulnerabilities. The use of `unserialize` is a notable red flag, as it can lead to Remote Code Execution if not handled with extreme care and proper input sanitization. Furthermore, the fact that 50% of outputs are not properly escaped suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website.

The plugin's vulnerability history is particularly concerning, with a total of 8 known CVEs, including 1 critical, 2 high, and 5 medium severity vulnerabilities. The types of past vulnerabilities, such as Improper Neutralization of Special Elements Used in a Template Engine, Missing Authorization, CSRF, Prototype Pollution, Information Exposure, and XSS, indicate a recurring pattern of insecure coding practices. The fact that a critical vulnerability was last patched only recently (though the date seems to be a placeholder in the provided data) does not negate the history of past serious flaws.

In conclusion, despite a seemingly limited attack surface in the current version's static analysis, the plugin's history of critical and high-severity vulnerabilities, coupled with the use of dangerous functions like `unserialize` and a high rate of unescaped output, warrants a cautious approach. The past patterns suggest a need for thorough ongoing security audits and a high level of vigilance when using this plugin.

Key Concerns

Dangerous function used (unserialize)
Low percentage of properly escaped output
Significant history of critical/high CVEs
History of critical severity vulnerabilities
History of high severity vulnerabilities
History of medium severity vulnerabilities

Vulnerabilities

Smart Popup by Supsystic Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2021

2021

1 CVE in 2022

2022

3 CVEs in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

8 total CVEs

CVE-2024-52434critical · 9.1Improper Neutralization of Special Elements Used in a Template Engine

Popup by Supsystic <= 1.10.29 - Authenticated (Admin+) Remote Code Execution

Nov 15, 2024 Patched in 1.10.30 (147d)

CVE-2024-31421medium · 4.3Missing Authorization

Popup by Supsystic <= 1.10.27 - Missing Authorization

Apr 10, 2024 Patched in 1.10.28 (7d)

CVE-2023-46197medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure

Oct 18, 2023 Patched in 1.10.20 (97d)

CVE-2023-39997medium · 6.3Cross-Site Request Forgery (CSRF)

Popup by Supsystic <= 1.10.19 - Cross-Site Request Forgery

Aug 11, 2023 Patched in 1.10.20 (165d)

CVE-2023-3186high · 7.1Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Popup by Supsystic <= 1.10.18 - Prototype Pollution

Jun 23, 2023 Patched in 1.10.19 (214d)

CVE-2022-0424medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Popup by Supsystic <= 1.10.8 - Sensitive Information Disclosure

Apr 18, 2022 Patched in 1.10.9 (645d)

CVE-2021-24275medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Popup by Supsystic <= 1.10.4 - Reflected Cross-Site Scripting

Apr 19, 2021 Patched in 1.10.5 (1009d)

CVE-2016-10915high · 8.8Cross-Site Request Forgery (CSRF)

Popup by Supsystic < 1.7.9 - Cross-Site Request Forgery

Sep 7, 2016 Patched in 1.7.9 (2694d)

Code Analysis

Analyzed Mar 16, 2026

Smart Popup by Supsystic Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

397

395 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif (@!unserialize($data)) {classes\utils.php:22

unserializereturn unserialize($fixed);classes\utils.php:28

unserializereturn unserialize($data);classes\utils.php:30

Bundled Libraries

jQuery

SQL Query Safety

63% prepared8 total queries

Output Escaping

50% escaped792 total outputs

Attack Surface

Smart Popup by Supsystic Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[embed] modules\popup\views\popup.php:857

WordPress Hooks 48

actionadmin_noticesclasses\errors.php:54

filterthe_contentclasses\errors.php:56

actioninitclasses\frame.php:119

actioninitclasses\frame.php:145

actioninitclasses\frame.php:295

actionactivated_pluginclasses\modInstaller.php:160

actionactivated_pluginclasses\utils.php:399

filterwp_kses_allowed_htmlfunctions.php:409

actionadmin_menumodules\adminmenu\mod.php:10

filterwp_mail_content_typemodules\mail\mod.php:48

actioninitmodules\options\mod.php:12

actionwp_footermodules\popup\mod.php:14

actionshutdownmodules\popup\mod.php:15

filterwp_nav_menu_objectsmodules\popup\mod.php:16

actionadmin_bar_menumodules\popup\mod.php:18

actionwp_footermodules\popup\mod.php:19

actionadmin_bar_initmodules\popup\mod.php:21

filteroembed_resultmodules\popup\views\popup.php:674

actionadmin_footermodules\supsystic_promo\mod.php:17

actioninitmodules\supsystic_promo\mod.php:19

actionadmin_enqueue_scriptsmodules\supsystic_promo\mod.php:29

actionadmin_enqueue_scriptsmodules\templates\mod.php:26

actioninitmodules\templates\mod.php:27

filtersafe_style_cssmodules\templates\mod.php:53

actioninitmodules\tgm_promo\classes\class-tgm-plugin-activation.php:268

filterload_textdomain_mofilemodules\tgm_promo\classes\class-tgm-plugin-activation.php:269

actioninitmodules\tgm_promo\classes\class-tgm-plugin-activation.php:272

actionadmin_menumodules\tgm_promo\classes\class-tgm-plugin-activation.php:421

actionadmin_headmodules\tgm_promo\classes\class-tgm-plugin-activation.php:422

filterinstall_plugin_complete_actionsmodules\tgm_promo\classes\class-tgm-plugin-activation.php:425

filterupdate_plugin_complete_actionsmodules\tgm_promo\classes\class-tgm-plugin-activation.php:426

actionadmin_noticesmodules\tgm_promo\classes\class-tgm-plugin-activation.php:429

actionadmin_initmodules\tgm_promo\classes\class-tgm-plugin-activation.php:430

actionadmin_enqueue_scriptsmodules\tgm_promo\classes\class-tgm-plugin-activation.php:431

actionload-plugins.phpmodules\tgm_promo\classes\class-tgm-plugin-activation.php:436

actionswitch_thememodules\tgm_promo\classes\class-tgm-plugin-activation.php:439

actionswitch_thememodules\tgm_promo\classes\class-tgm-plugin-activation.php:442

actionadmin_initmodules\tgm_promo\classes\class-tgm-plugin-activation.php:447

actionswitch_thememodules\tgm_promo\classes\class-tgm-plugin-activation.php:452

actionload_textdomain_mofilemodules\tgm_promo\classes\class-tgm-plugin-activation.php:475

filterupgrader_source_selectionmodules\tgm_promo\classes\class-tgm-plugin-activation.php:889

actionplugins_loadedmodules\tgm_promo\classes\class-tgm-plugin-activation.php:2112

filtertgmpa_table_data_itemsmodules\tgm_promo\classes\class-tgm-plugin-activation.php:2236

filterupgrader_source_selectionmodules\tgm_promo\classes\class-tgm-plugin-activation.php:2977

actionadmin_initmodules\tgm_promo\classes\class-tgm-plugin-activation.php:3147

actionupgrader_process_completemodules\tgm_promo\classes\class-tgm-plugin-activation.php:3242

filterupgrader_post_installmodules\tgm_promo\classes\class-tgm-plugin-activation.php:3301

filterupgrader_post_installmodules\tgm_promo\classes\class-tgm-plugin-activation.php:3446

Maintenance & Trust

Smart Popup by Supsystic Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version

Downloads1.6M

Community Trust

Rating90/100

Number of ratings340

Active installs10K

Alternatives

Smart Popup by Supsystic Alternatives

Popup Box – Create Countdown, Coupon, Video, Contact Form Popups

ays-popup-box

Build flexible popups and modal windows with multiple popup types, triggers, and display controls.

50K 17 CVEs

Poptin – Exit Pop Ups & Email Popups

poptin

100

Free exit intent popup builder, gamified popups with spin the wheel, contact form builder & lead generation pop ups platform for your website. 🎉

20K 1 CVE

Pop-up

pop-up-pop-up

Pop-up Popups

10K 2 CVEs

Modal Popup Box: A Flexible Pop Up Box Builder

modal-popup-box

Create and manage a customizable pop up box on your WordPress website. Embed anything from videos and images to forms and shortcodes.

2K 2 CVEs

Nelio Popups

nelio-popups

An intuitive popup designer based on open WordPress technologies

1K 2 CVEs

Developer Profile

Smart Popup by Supsystic Developer Profile

supsystic

7 plugins · 97K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

610 days

View full developer profile

Detection Fingerprints

How We Detect Smart Popup by Supsystic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/popup-by-supsystic/classes/css//wp-content/plugins/popup-by-supsystic/js/

Script Paths

/wp-content/plugins/popup-by-supsystic/js/popup.js

Version Parameters

popup-by-supsystic/classes/css/style.css?ver=popup-by-supsystic/js/popup.js?ver=

HTML / DOM Fingerprints

CSS Classes

pps-popup-contentpps-popup-overlay

HTML Comments

Data Attributes

data-pps-iddata-pps-type

JS Globals

pps

REST Endpoints

/wp-json/pps/v1/popup/

FAQ

Smart Popup by Supsystic Security & Risk Analysis

Is Smart Popup by Supsystic Safe to Use in 2026?

Generally Safe

Key Concerns

Smart Popup by Supsystic Security Vulnerabilities

CVEs by Year

Severity Breakdown

Smart Popup by Supsystic Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Smart Popup by Supsystic Attack Surface

Shortcodes 1

Smart Popup by Supsystic Maintenance & Trust

Maintenance Signals

Community Trust

Smart Popup by Supsystic Alternatives

Popup Box – Create Countdown, Coupon, Video, Contact Form Popups

Poptin – Exit Pop Ups & Email Popups

Pop-up

Modal Popup Box: A Flexible Pop Up Box Builder

Nelio Popups

Smart Popup by Supsystic Developer Profile

How We Detect Smart Popup by Supsystic

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Smart Popup by Supsystic