Does Popup with fancybox have any unpatched vulnerabilities?

No. All known vulnerabilities in Popup with fancybox have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Popup with fancybox compatible with WordPress 6.4.8?

According to WordPress.org data, Popup with fancybox 3.6 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Popup with fancybox updated?

Popup with fancybox was last updated on Oct 29, 2023. Frequent updates are generally a positive security signal.

What is Popup with fancybox's security score?

Popup with fancybox has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Popup with fancybox Security & Risk Analysis

wordpress.org/plugins/popup-with-fancybox

This plugin allows you to create lightweight fancy box popup window in your blog with custom content. we can easily configure popup size and timeout.

1K active installs v3.6 PHP + WP 3.4+ Updated Oct 29, 2023

fancyboxpopup

B · Generally Safe

CVEs total1

Unpatched0

Last CVEOct 30, 2023

Plugin page Download

Safety Verdict

Is Popup with fancybox Safe to Use in 2026?

Mostly Safe

Score 84/100

Popup with fancybox is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Oct 30, 2023Updated 2yr ago

Risk Assessment

The 'popup-with-fancybox' plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for the vast majority of its SQL queries and has no known unpatched vulnerabilities, indicating that past issues have been addressed by developers. The absence of external HTTP requests, file operations, and a large attack surface are also favorable indicators. However, the plugin has a concerningly low percentage of properly escaped output, suggesting a potential for cross-site scripting (XSS) vulnerabilities. While taint analysis did not reveal immediate critical or high-severity issues in the analyzed flows, the limited scope of taint analysis (only 2 flows) means that other potential vulnerabilities might exist. The plugin also has a history of high-severity vulnerabilities, specifically SQL injection, which is a significant concern even if currently patched. This history, coupled with the unescaped output, warrants caution.

Key Concerns

Low output escaping percentage
History of high severity SQL Injection
Limited taint analysis scope

Vulnerabilities

Popup with fancybox Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2023-5465high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Popup with fancybox <= 3.5 - Authenticated (Subscriber+) SQL Injection via Shortcode

Oct 30, 2023 Patched in 3.6 (85d)

Code Analysis

Analyzed Mar 16, 2026

Popup with fancybox Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

96% prepared25 total queries

Output Escaping

38% escaped53 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

<content-management-show> (pages\content-management-show.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Popup with fancybox Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[popupwfancybox] popup-with-fancybox.php:314

WordPress Hooks 6

actionadmin_menupopup-with-fancybox.php:270

actionplugins_loadedpopup-with-fancybox.php:313

actionwp_enqueue_scriptspopup-with-fancybox.php:315

actionplugins_loadedpopup-with-fancybox.php:316

actioninitpopup-with-fancybox.php:319

actionadmin_enqueue_scriptspopup-with-fancybox.php:320

Maintenance & Trust

Popup with fancybox Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedOct 29, 2023

PHP min version

Downloads111K

Community Trust

Rating70/100

Number of ratings11

Active installs1K

Alternatives

Popup with fancybox Alternatives

ARI Fancy Lightbox – Popup for WordPress

ari-fancy-lightbox

Lightbox for WordPress with social and viral features. Show photos, gallery, PDF, videos, WooCommerce images, inline content, Google Maps links.

10K 3 CVEs

Album and Image Gallery Plus Lightbox

album-and-image-gallery-plus-lightbox

A quick, easy way to display responsive image gallery and image album in a grid or slider with light box. Also work with Gutenberg shortcode block.

9K 4 CVEs

Really Simple Popup

really-simple-popup

Simple, easy to use, fancybox style popup

400 No CVEs

Simple Fancybox

simple-fancybox

Plugin will integrate Fancybox, the world’s most popular lightbox script.

300 No CVEs

Google Map with FancyBox Popup

google-map-with-fancybox-popup

It allows you to add a Google Map into popup. Great plugin to display your business location in a Google map or, your personal address in Google Map.

100 No CVEs

Developer Profile

Popup with fancybox Developer Profile

gopiplus@hotmail.com

8 plugins · 4K total installs

trust score

Avg Security Score

79/100

Avg Patch Time

69 days

View full developer profile

Detection Fingerprints

How We Detect Popup with fancybox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/popup-with-fancybox/fancybox/jquery.fancybox.pack.js/wp-content/plugins/popup-with-fancybox/fancybox/jquery.fancybox.css

Script Paths

/wp-content/plugins/popup-with-fancybox/fancybox/jquery.fancybox.pack.js

HTML / DOM Fingerprints

CSS Classes

fancybox-content-inside

Data Attributes

id="simple-popup-with-fancybox"

JS Globals

addTextPopupWithFancybox

Shortcode Output

[popupwfancybox

FAQ