WP-Safety

Popups for Divi Security & Risk Analysis

wordpress.org/plugins/popups-for-divi

A quick and easy way to create Popup layers inside the Divi Visual Builder!

100K active installs v3.2.6 PHP 7.0+ WP 4.0.0+ Updated Mar 12, 2026
divimarketingpopup
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Popups for Divi Safe to Use in 2026?

Generally Safe

Score 100/100

Popups for Divi has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "popups-for-divi" v3.2.6 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong output escaping practices, with 96% of outputs properly handled, and has no recorded critical or high-severity vulnerabilities in its history, suggesting a generally stable codebase. The absence of dangerous functions, file operations, and critical taint flows is also encouraging. However, significant concerns arise from its attack surface. Three out of four AJAX handlers lack authentication checks, representing a substantial risk. Furthermore, the single SQL query present is not using prepared statements, which could lead to SQL injection vulnerabilities if not handled with extreme care. The presence of bundled library DataTables, while common, could introduce risks if it's outdated and unpatched, though no specific version information is provided to assess this.

While the plugin's vulnerability history is clean, this does not negate the risks identified in the static analysis. The unprotected AJAX endpoints are a primary concern, as they can be exploited by unauthenticated users to trigger potentially harmful actions. The lack of prepared statements for SQL queries is another critical weakness. Given the clean vulnerability history, it's possible these issues have not been exploited in the past, but they represent latent risks that a motivated attacker could leverage. The plugin has strengths in output escaping and a lack of severe historical issues, but the unprotected entry points and raw SQL query demand immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Raw SQL query without prepared statements
Vulnerabilities
None known

Popups for Divi Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Popups for Divi Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
1
23 escaped
Nonce Checks
4
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

0% prepared1 total queries

Output Escaping

96% escaped24 total outputs
Attack Surface
3 unprotected

Popups for Divi Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 4

authwp_ajax_pfd_hide_onboardingincludes\admin\hooks.php:21
authwp_ajax_pfd_start_courseincludes\admin\hooks.php:24
authwp_ajax_et_fb_ajax_saveincludes\builder\hooks.php:20
authwp_ajax_dm_notice_dismissincludes\shared.php:457
WordPress Hooks 30
actionadmin_noticesincludes\admin\functions.php:124
filterplugin_action_linksincludes\admin\hooks.php:12
filterplugin_row_metaincludes\admin\hooks.php:15
actionload-index.phpincludes\admin\hooks.php:18
filteret_pb_all_fields_unprocessed_et_pb_sectionincludes\builder\functions.php:36
filteret_builder_main_tabsincludes\builder\functions.php:38
filteret_builder_get_parent_modulesincludes\builder\functions.php:40
actionet_builder_framework_loadedincludes\builder\hooks.php:17
actiondivi_visual_builder_assets_before_enqueue_scriptsincludes\builder-5\hooks.php:13
filterblock_type_metadata_settingsincludes\builder-5\hooks.php:16
filterdivi_module_classnames_valueincludes\builder-5\hooks.php:18
filterdivi_module_wrapper_renderincludes\builder-5\hooks.php:20
filterdivi.moduleLibrary.conversion.moduleConversionOutlineincludes\builder-5\hooks.php:23
actioninitincludes\hooks.php:12
actioninitincludes\hooks.php:15
actionwp_enqueue_scriptsincludes\integrations\ie.php:46
filtersgo_javascript_combine_excluded_inline_contentincludes\integrations\sg-optimizer.php:32
filterrocket_excluded_inline_js_contentincludes\integrations\wp-rocket.php:38
filterrocket_delay_js_exclusionsincludes\integrations\wp-rocket.php:44
filterrocket_rucss_safelistincludes\integrations\wp-rocket.php:69
filterrocket_rucss_inline_atts_exclusionsincludes\integrations\wp-rocket.php:71
filterrocket_rucss_skip_styles_with_attrincludes\integrations\wp-rocket.php:93
filterrocket_exclude_jsincludes\integrations\wp-rocket.php:111
actionwp_print_stylesincludes\integrations\wp-rocket.php:124
actionwp_footerincludes\integrations\wpdatatables.php:25
actioninitincludes\integrations\wpdatatables.php:76
filterdivimode_debug_infosincludes\shared.php:451
actionadmin_noticesincludes\shared.php:454
actiondm_admin_cron_notice_checkincludes\shared.php:460
actionplugins_loadedstart.php:10

Scheduled Events 1

dm_admin_cron_notice_check
Maintenance & Trust

Popups for Divi Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.0
Downloads1.5M

Community Trust

Rating96/100
Number of ratings432
Active installs100K
Alternatives

Popups for Divi Alternatives

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

A
96

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

A
91

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs
Hustle – Email Marketing, Lead Generation, Optins, Popups

Hustle – Email Marketing, Lead Generation, Optins, Popups

wordpress-popup

A
88

Setup email optin forms, popups, newsletter forms & subscription forms to generate email leads with the best marketing popup builder

90K 8 CVEs
Advanced Popups

Advanced Popups

advanced-popups

A
100

Display high-converting newsletter popups, a cookie notice, or a notification with the light-weight yet feature-rich plugin.

70K 1 CVE
Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions

Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions

popup-anything-on-click

A
97

Create popup on a page load or Create popup by clicking link, image and button. Create popups, opt-in forms, & exit popups, floating bars and more!

30K 4 CVEs
Developer Profile

Popups for Divi Developer Profile

Tim Strifler

2 plugins · 160K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
69 days
View full developer profile
Detection Fingerprints

How We Detect Popups for Divi

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/popups-for-divi/scripts/ie-compat.min.js
Script Paths
/wp-content/plugins/popups-for-divi/scripts/ie-compat.min.js
Version Parameters
popups-for-divi/scripts/ie-compat.min.js?ver=/wp-content/plugins/popups-for-divi/scripts/ie-compat.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
da-popup-visibleda-hover-visibleda-flyin-visible
HTML Comments
<!-- Divi Areas compatibility with wpDataTables -->
FAQ

Frequently Asked Questions about Popups for Divi