Does POWR Popup have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is POWR Popup compatible with WordPress 6.8.5?

According to WordPress.org data, POWR Popup 2.1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is POWR Popup compatible with PHP 7.4+?

POWR Popup requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is POWR Popup updated?

POWR Popup was last updated on Apr 21, 2025. Frequent updates are generally a positive security signal.

What is POWR Popup's security score?

POWR Popup has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

POWR Popup Security & Risk Analysis

wordpress.org/plugins/powr-popup

Amplify landing page conversions with a custom popup window, displayed immediately or when visitor leaves the page.

20 active installs v2.1.0 PHP 7.4+ WP 3.0+ Updated Apr 21, 2025

exit-intentlead-collectionpopuppopup-formsignup

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is POWR Popup Safe to Use in 2026?

Generally Safe

Score 92/100

POWR Popup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The static analysis ofpowr-popup v2.1.0 reveals a plugin with an exceptionally small attack surface and generally good coding practices. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits potential entry points for attackers. Furthermore, the code demonstrates a commitment to security by using prepared statements for all SQL queries and properly escaping all output. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a positive security posture.

Despite these strengths, the taint analysis identified two flows with unsanitized paths. While the static analysis did not flag these as critical or high severity, unsanitized paths can still represent a risk if they are accessible via any of the plugin's (currently zero) entry points or if an attacker can indirectly influence the path. The vulnerability history is also notably clean, with no recorded CVEs, which is a very strong indicator of a well-maintained and secure plugin over time.

In conclusion,powr-popup v2.1.0 appears to be a robust and secure plugin based on the provided data. The lack of an attack surface and the adherence to secure coding principles for SQL and output are commendable. The primary area of concern, albeit minor given the lack of entry points, is the presence of unsanitized paths. However, given the absence of any known vulnerabilities and the minimal attack surface, the overall risk is low.

Key Concerns

Taint flow with unsanitized path
Taint flow with unsanitized path

Vulnerabilities

None known

POWR Popup Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

POWR Popup Release Timeline

v2.1.0Current

v2.0.1

v2.0.0

Code Analysis

Analyzed Mar 16, 2026

POWR Popup Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped6 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

powrio_powr_popup_options (powr-popup.php:64)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

POWR Popup Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_enqueue_scriptspowr-popup.php:92

actionwp_dashboard_setuppowr-popup.php:104

actionadmin_noticespowr-popup.php:144

actionadmin_menupowr-popup.php:156

Maintenance & Trust

POWR Popup Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 21, 2025

PHP min version7.4

Downloads11K

Community Trust

Rating74/100

Number of ratings3

Active installs20

Alternatives

POWR Popup Alternatives

Lead Captor

lead-captor

Attractive popup forms on exit intent to convert visitors into subscribers.

10 No CVEs

Login & Register Customizer – Popup | Slider | Inline | WooCommerce

easy-login-woocommerce

Replace your old login/registration form with an interactive popup & inline form design

40K 6 CVEs

Poptin – Exit Pop Ups & Email Popups

poptin

100

Free exit intent popup builder, gamified popups with spin the wheel, contact form builder & lead generation pop ups platform for your website. 🎉

20K 1 CVE

Smart Popup by Supsystic

popup-by-supsystic

Create targeted popups for lead capture, event notifications, announcements, and promotions — shown at the right time without disrupting your visitors …

10K 8 CVEs

FireBox Popups – Increase Sales and Grow Your Email List

firebox

Our WordPress Popup Plugin can help you create any kind of popup! Optin Popups, Exit Popup, Scroll Popup, Page Load Popup, Floating Bars and more!

8K 1 CVE

Developer Profile

POWR Popup Developer Profile

POWR

5 plugins · 1K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect POWR Popup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/powr-popup/src/css/admin-style.css

Version Parameters

powr-popup/src/css/admin-style.css?ver=

HTML / DOM Fingerprints

Data Attributes

data-powrio-embedded-iframe

FAQ