Does Popup Zen – Small, Simple, Lightweight Email Optin have any unpatched vulnerabilities?

No. All known vulnerabilities in Popup Zen – Small, Simple, Lightweight Email Optin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Popup Zen – Small, Simple, Lightweight Email Optin compatible with WordPress 5.2.24?

According to WordPress.org data, Popup Zen – Small, Simple, Lightweight Email Optin 0.0.3 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

What is Popup Zen – Small, Simple, Lightweight Email Optin's security score?

Popup Zen – Small, Simple, Lightweight Email Optin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Popup Zen – Small, Simple, Lightweight Email Optin Security & Risk Analysis

wordpress.org/plugins/popup-zen

A WordPress popup that is ultra lightweight, simple to use, and small.

20 active installs v0.0.3 PHP + WP 4.5+ Updated May 30, 2019

email-opt-inlead-generationoptinpop-uppopup

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Popup Zen – Small, Simple, Lightweight Email Optin Safe to Use in 2026?

Generally Safe

Score 85/100

Popup Zen – Small, Simple, Lightweight Email Optin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The 'popup-zen' plugin v0.0.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, having no recorded vulnerability history (CVEs), and avoiding dangerous functions or direct file operations. However, significant concerns arise from its attack surface. With 12 AJAX handlers, two of which lack authentication checks, there's a direct pathway for unauthenticated users to interact with potentially sensitive functionalities. While the taint analysis showed no critical or high-severity unsanitized paths, the presence of three flows with unsanitized paths warrants attention, even if their severity wasn't classified as high by the tools. The output escaping is also a concern, with 24% of outputs (approximately 30 instances) not being properly escaped, potentially opening the door to cross-site scripting (XSS) vulnerabilities. The plugin's strengths lie in its clean history and database query security, but the unprotected AJAX endpoints and potential for XSS through unescaped output are notable weaknesses that require immediate attention.

Key Concerns

Unprotected AJAX handlers
Significant percentage of unescaped output
Flows with unsanitized paths

Vulnerabilities

None known

Popup Zen – Small, Simple, Lightweight Email Optin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Popup Zen – Small, Simple, Lightweight Email Optin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

94 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

76% escaped123 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

preview_box (includes\class-popup-zen-functions.php:491)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Popup Zen – Small, Simple, Lightweight Email Optin Attack Surface

Entry Points12

Unprotected2

AJAX Handlers 12

noprivwp_ajax_pzen_send_emailincludes\class-popup-zen-ajax.php:55

authwp_ajax_pzen_send_emailincludes\class-popup-zen-ajax.php:56

noprivwp_ajax_pzen_mc_subscribeincludes\class-popup-zen-ajax.php:58

authwp_ajax_pzen_mc_subscribeincludes\class-popup-zen-ajax.php:59

noprivwp_ajax_pzen_ac_subscribeincludes\class-popup-zen-ajax.php:61

authwp_ajax_pzen_ac_subscribeincludes\class-popup-zen-ajax.php:62

noprivwp_ajax_pzen_mailpoet_subscribeincludes\class-popup-zen-ajax.php:64

authwp_ajax_pzen_mailpoet_subscribeincludes\class-popup-zen-ajax.php:65

noprivwp_ajax_pzen_track_eventincludes\class-popup-zen-ajax.php:67

authwp_ajax_pzen_track_eventincludes\class-popup-zen-ajax.php:68

authwp_ajax_pzen_toggle_activeincludes\class-popup-zen-ajax.php:70

authwp_ajax_pzen_ajax_page_searchincludes\class-popup-zen-ajax.php:72

WordPress Hooks 19

actionadmin_menuincludes\class-popup-zen-admin.php:56

actioninitincludes\class-popup-zen-admin.php:57

actionsave_postincludes\class-popup-zen-admin.php:58

actionadmin_enqueue_scriptsincludes\class-popup-zen-admin.php:59

filtermanage_edit-popupzen_columnsincludes\class-popup-zen-admin.php:60

actionmanage_popupzen_posts_custom_columnincludes\class-popup-zen-admin.php:61

actiontransition_post_statusincludes\class-popup-zen-admin.php:62

actionpost_submitbox_misc_actionsincludes\class-popup-zen-admin.php:68

filterpage_row_actionsincludes\class-popup-zen-admin.php:70

actionedit_form_after_titleincludes\class-popup-zen-admin.php:72

filterwp_mail_content_typeincludes\class-popup-zen-ajax.php:125

filterwp_mail_charsetincludes\class-popup-zen-ajax.php:126

actionwpincludes\class-popup-zen-functions.php:55

actionwp_footerincludes\class-popup-zen-functions.php:56

actionwp_enqueue_scriptsincludes\class-popup-zen-functions.php:57

actionpzen_email_formincludes\class-popup-zen-functions.php:58

filterpzen_classesincludes\class-popup-zen-functions.php:60

actionwp_footerincludes\class-popup-zen-functions.php:62

actionplugins_loadedpopup-zen.php:136

Maintenance & Trust

Popup Zen – Small, Simple, Lightweight Email Optin Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedMay 30, 2019

PHP min version

Downloads2K

Community Trust

Rating98/100

Number of ratings7

Active installs20

Alternatives

Popup Zen – Small, Simple, Lightweight Email Optin Alternatives

WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation

optin

Create stunning popups and newsletter forms with WowOptin. Boost your lead generation and sales with advanced targeting and Canva-like flexibility.

1K 1 CVE

Wisepops Popups & Notifications

wisepops-popups

100

Add Wisepops popups to your WordPress to effortlessly capture and engage web visitors and turn them into leads and happy customers.

500 No CVEs

Instant Popup Builder – Powerful Popup Maker for Opt-ins, Email Newsletters & Lead Generation

instant-popup-builder

100

A fast, lightweight WordPress popup Builder plugin for creating opt-ins, announcements, and lead-generation popups in minutes.

20 No CVEs

Smartarget Popup

smartarget-popup

Add Popup window on your website

20 1 unpatched

Ampry – Create Popups, Notifications, Sticky bars & more

ampry-pixel

Turn you website traffic into more leads & sales with our easy-to-use tool. Create popups, forms, bars, notifications, & onpage placements to …

10 No CVEs

Developer Profile

Popup Zen – Small, Simple, Lightweight Email Optin Developer Profile

Scott Bolinger

4 plugins · 1K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Popup Zen – Small, Simple, Lightweight Email Optin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/popup-zen/assets/css/popup-zen-admin.css/wp-content/plugins/popup-zen/assets/js/popup-zen-admin.js/wp-content/plugins/popup-zen/assets/css/popup-zen-frontend.css

Script Paths

/wp-content/plugins/popup-zen/assets/js/popup-zen-admin.js

Version Parameters

popup-zen/assets/css/popup-zen-admin.css?ver=popup-zen/assets/js/popup-zen-admin.js?ver=popup-zen/assets/css/popup-zen-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

popupzen-admin-wrap

HTML Comments

Data Attributes

data-plugin-version

JS Globals

Popup_Zen_Admin

FAQ