Does Simple Popup Notification have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Popup Notification compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Popup Notification 1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Popup Notification compatible with PHP 7.4+?

Simple Popup Notification requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Popup Notification updated?

Simple Popup Notification was last updated on May 13, 2025. Frequent updates are generally a positive security signal.

What is Simple Popup Notification's security score?

Simple Popup Notification has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Popup Notification Security & Risk Analysis

wordpress.org/plugins/simple-popup-notification

Add a WordPress popup box to the admin page settings, including backend options.

0 active installs v1.1 PHP 7.4+ WP 4.9+ Updated May 13, 2025

cta-button-linkcta-button-textenable-popupselect-image-position-optionupload-image

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Simple Popup Notification Safe to Use in 2026?

Generally Safe

Score 92/100

Simple Popup Notification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The static analysis of "simple-popup-notification" v1.1 indicates a generally good security posture. The plugin exhibits strong adherence to best practices, with a complete lack of dangerous functions, no raw SQL queries, and a high percentage of properly escaped output. The presence of a nonce check on its single AJAX handler further strengthens its defenses against common web attacks. The absence of any recorded vulnerabilities in its history suggests a well-maintained and secure codebase.

However, the code analysis reveals a key area for improvement: the absence of capability checks on its AJAX handler. While a nonce check is present, it does not verify user permissions, potentially allowing any logged-in user to trigger the AJAX functionality. This could be a concern if the AJAX action performs sensitive operations. The taint analysis found no critical or high-severity issues, and the limited attack surface is a positive sign.

In conclusion, "simple-popup-notification" v1.1 demonstrates a promising security foundation with its SQL preparedness, output escaping, and nonce usage. The primary weakness lies in the lack of authorization checks for its AJAX endpoint, which, while not a critical vulnerability based on the current data, represents a potential risk that should be addressed to ensure comprehensive security.

Key Concerns

AJAX handler without capability checks

Vulnerabilities

None known

Simple Popup Notification Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Simple Popup Notification Release Timeline

v1.1Current

v1.0

Code Analysis

Analyzed Mar 17, 2026

Simple Popup Notification Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped47 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

simppono_get_image_html_callback (includes\admin\class-simple-popup-notification-admin.php:319)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Popup Notification Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_get_image_htmlincludes\admin\class-simple-popup-notification-admin.php:33

WordPress Hooks 8

actionadmin_enqueue_scriptsincludes\admin\class-simple-popup-notification-admin.php:27

actionadmin_menuincludes\admin\class-simple-popup-notification-admin.php:28

filterplugin_row_metaincludes\admin\class-simple-popup-notification-admin.php:29

actionadmin_initincludes\admin\class-simple-popup-notification-admin.php:30

filterplugin_action_linksincludes\admin\class-simple-popup-notification-admin.php:31

actionadmin_initincludes\admin\class-simple-popup-notification-admin.php:32

actionwp_enqueue_scriptsincludes\frontend\class-simple-popup-notification-frontend.php:27

actionwp_footerincludes\frontend\class-simple-popup-notification-frontend.php:28

Maintenance & Trust

Simple Popup Notification Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 13, 2025

PHP min version7.4

Downloads305

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Simple Popup Notification Alternatives

WPB Image Widget

wpb-image-widget

A simple widget for showing responsive image in sidebar area. It's using WordPress's new media uploader.

100 1 unpatched

FotoWare WordPress Lite

access-fotoweb-media

The Plugin's WordPress editor button connector for FotoWare allows users to include images directly from the Fotoweb DAM, into the WordPress plat …

10 No CVEs

Boxer Image Upload

boxer-image-upload

This plugin could use for upload a single image to media and display on frontend by using a image upload widget.

10 No CVEs

KS Ads Widget

ks-ads-widget

A simple ads widget that uses the native WordPress media manager to add ads widgets to your site.

10 No CVEs

Upload Multiple Image

upload-multiple-image

This plugin adds a meta box for multiple images for all posts and pages.

10 No CVEs

Developer Profile

Simple Popup Notification Developer Profile

Galaxy Weblinks

41 plugins · 25K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

310 days

View full developer profile

Detection Fingerprints

How We Detect Simple Popup Notification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-popup-notification/includes/admin/css/simple-popup-notification-admin.css/wp-content/plugins/simple-popup-notification/includes/admin/js/color-picker.js/wp-content/plugins/simple-popup-notification/includes/admin/js/custom-script.js

Script Paths

/wp-content/plugins/simple-popup-notification/includes/admin/js/color-picker.js/wp-content/plugins/simple-popup-notification/includes/admin/js/custom-script.js

Version Parameters

/includes/admin/js/color-picker.js?ver=1.1/includes/admin/css/simple-popup-notification-admin.css?ver=1.1/includes/admin/js/custom-script.js?ver=1.1

HTML / DOM Fingerprints

CSS Classes

simple-popup-notification--noticee-notice__actionse-button--ctacta-secondarye-notemetabox-flexdpffm-howtouse

Data Attributes

simppono-popup-section

JS Globals

admin_ajax_object

FAQ

Simple Popup Notification Security & Risk Analysis

Is Simple Popup Notification Safe to Use in 2026?

Generally Safe

Key Concerns

Simple Popup Notification Security Vulnerabilities

Simple Popup Notification Release Timeline

Simple Popup Notification Code Analysis

Output Escaping

Data Flow Analysis

Simple Popup Notification Attack Surface

AJAX Handlers 1

Simple Popup Notification Maintenance & Trust

Maintenance Signals

Community Trust

Simple Popup Notification Alternatives

WPB Image Widget

FotoWare WordPress Lite

Boxer Image Upload

KS Ads Widget

Upload Multiple Image

Simple Popup Notification Developer Profile

How We Detect Simple Popup Notification

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Simple Popup Notification