[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpk_A5sImvQBWOuSx8_erg9C52haa31VpsNh-2BTKbRw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":72,"crawl_stats":38,"alternatives":79,"analysis":177,"fingerprints":262},"simple-popup-plugin","Simple Popup Plugin","4.6","Garrett Grimm","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrimmdude\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fappsumo.com\u002Fsearch?tags=wordpress&utm_source=sumo&utm_medium=wp-widget&utm_campaign=simple-popup-plugin\" rel=\"nofollow ugc\">Check out the latest WordPress deals for your site.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Use this plugin to easily create links to simple popup windows.  It supports multiple popup links on posts\u002Fpages\u002Fwidgets and window positioning\u002Fcentering options.\u003C\u002Fp>\n","This plugin makes it easy to create a simple, modifiable popup window.",1000,125736,98,12,"2024-10-01T04:54:00.000Z","6.6.5","2.8","",[20,21,22,23,24],"bands","music","popup","simple","tools","http:\u002F\u002Fwww.grimmdude.com\u002Fwordpress-simple-popup-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-popup-plugin.4.6.zip",69,3,1,"2024-11-28 00:00:00","2026-03-15T15:16:48.613Z",[33,47,58],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2024-53741","simple-popup-authenticated-contributor-stored-cross-site-scripting","Simple Popup \u003C= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Simple Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=4.6","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-05 14:45:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe993667f-8275-4078-afd5-b26ff8528ab4?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":53,"updated_date":54,"references":55,"days_to_patch":57},"CVE-2024-8547","simple-popup-plugin-authenticated-contributor-stored-cross-site-scripting","Simple Popup Plugin \u003C= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.5","2024-09-27 13:55:41","2024-10-04 12:34:37",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F217da4de-38df-41ff-b138-f12d4f8999cd?source=api-prod",7,{"id":59,"url_slug":60,"title":61,"description":62,"plugin_slug":4,"theme_slug":38,"affected_versions":63,"patched_in_version":64,"severity":40,"cvss_score":65,"cvss_vector":66,"vuln_type":43,"published_date":67,"updated_date":68,"references":69,"days_to_patch":71},"CVE-2024-38689","simple-popup-authenticated-administrator-stored-cross-site-scripting","Simple Popup \u003C= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Simple Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","\u003C=4.4","4.5",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-07-10 00:00:00","2024-07-18 13:41:09",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5b28a733-2459-46f0-87c3-1a573a8cd55e?source=api-prod",9,{"slug":73,"display_name":7,"profile_url":8,"plugin_count":57,"total_installs":74,"avg_security_score":75,"avg_patch_time_days":76,"trust_score":77,"computed_at":78},"grimmdude",111450,84,881,68,"2026-04-04T05:52:57.252Z",[80,103,122,144,161],{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":18,"tags":95,"homepage":99,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":102,"last_vuln_date":38,"fetched_at":31},"alligator-menu-popup","Alligator Menu Popup","2.0.0","cubecolour","https:\u002F\u002Fprofiles.wordpress.org\u002Fnumeeja\u002F","\u003Cp>This is a fork of my similarly named Alligator Popup Plugin. Unlike the original plugin, this one enables you to open the target of a menu item of your WordPress custom menu in a popup window.\u003C\u002Fp>\n\u003Cp>Add the ‘mpopup’ class to a menu item in a custom menu to open the target in a popup Window.\u003C\u002Fp>\n\u003Cp>Enables you to specify that a menu item on your WordPress custom menu will open in a new popup window. An admin page allows you can control the size of the popup window and whether it has scrollbars.\u003C\u002Fp>\n\u003Ch4>Usage:\u003C\u002Fh4>\n\u003Cp>You will find the Menu Popup Settings Page at Settings => Menu Popup\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set the dimensions of the popup window and whether you want the popup window to be scrollable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Then edit your custom menu at Appearance => Menus\u003Cbr \u002F>\n* Enable the CSS Classes option in the Screen Options pull-down panel on the menu editor page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add the mpopup class to any menu item where you want the target page to open in a popup window.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When the menu item is clicked, the link should now open in a popup window.\u003C\u002Fp>\n","Add the 'mpopup' class to a menu item in a custom menu to open the target in a popup Window.",600,21022,96,17,"2025-06-23T09:50:00.000Z","6.8.5","4.9",[22,96,97,98,23],"popup-window","popups","shortcode","http:\u002F\u002Fcubecolour.co.uk\u002Falligator-menu-popup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falligator-menu-popup.2.0.0.zip",100,0,{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":101,"num_ratings":113,"last_updated":114,"tested_up_to":93,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":18,"download_link":121,"security_score":101,"vuln_count":102,"unpatched_count":102,"last_vuln_date":38,"fetched_at":31},"simple-popup-block","Simple Popup Block","1.2.6","CodeManas","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodemanas\u002F","\u003Cp>Introducing Simple Popup Block: the easy way to manage popups on your website.\u003Cbr \u002F>\nWith its user-friendly interface, creating customized popups is a breeze.\u003Cbr \u002F>\nEnjoy enhanced engagement without sacrificing page speed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Triggers\u003C\u002Fstrong> : Choose how your popup should be triggerred either on page scroll, click or after certain interval.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conditions\u003C\u002Fstrong> : Show popups only to your specific user based on roles. Option to show only to logged-in user or logged-out users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Behaviour\u003C\u002Fstrong> : Determine how the popup should be shown only once or multiple time or auto close after certain time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Templates\u003C\u002Fstrong> : Design your popup from the scratch or use one of the ready-made 5+ templates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy & Simple\u003C\u002Fstrong> : Easily create simple and interesting popups — all with a few quick clicks. No coding skills required.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built for Editor\u003C\u002Fstrong> : Work organically and smoothly with the Site Editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Useful Links\u003C\u002Fstrong>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fnew\u002F?pre-installed-plugin-slug=simple-popup-block\" rel=\"nofollow ugc\">Live Demo Test\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fdocs.cmblocks.com\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n","Easily manage and customize popups on your website with a user-friendly interface, enhancing engagement without sacrificing page speed.",500,7047,4,"2025-04-21T05:20:00.000Z","6.1","7.0",[118,119,22,120],"block","modal","simple-popup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-popup-block.1.2.6.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":18,"tags":137,"homepage":141,"download_link":142,"security_score":143,"vuln_count":102,"unpatched_count":102,"last_vuln_date":38,"fetched_at":31},"caspers-fly-in-cta","Casper's Flyin' Call-to-Action","2.0","XAce90","https:\u002F\u002Fprofiles.wordpress.org\u002Fxace90\u002F","\u003Cp>Casper’s Flyin CTA is the perfect plugin for announcements or calls to action: lightweight, easy to use, and lots of customization options; including two themes (display the CTA at the bottom of the page or have it slide it from the side), several screen positions based on your chosen theme, and full control over the colors and branding.\u003C\u002Fp>\n\u003Cp>Don’t let your visitors miss out on great deals or important announcements again!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong> I know the Options page is becoming really cluttered. I’m working on 3.0 which will reorganize the Admin page into a much more manageable set up. Thanks for everyone’s feedback!\u003C\u002Fp>\n","A lightweight, highly customizable call-to-action plugin that makes it easy to get your visitors' attention.",200,10442,78,8,"2021-04-16T18:38:00.000Z","5.7.15","4.0",[138,139,140,22,23],"call-to-action","cta","easy","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcaspers-fly-in-cta\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaspers-fly-in-cta.zip",85,{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":130,"downloaded":152,"rating":101,"num_ratings":113,"last_updated":153,"tested_up_to":154,"requires_at_least":155,"requires_php":116,"tags":156,"homepage":18,"download_link":160,"security_score":101,"vuln_count":102,"unpatched_count":102,"last_vuln_date":38,"fetched_at":31},"fastest-age-verification","Fastest Age Verification","1.4.1","Bulbul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Fbulbulislamdev\u002F","\u003Cp>\u003Cstrong>Fastest Age Verification\u003C\u002Fstrong> is the simplest and most efficient age gate solution for WordPress. It ensures compliance with age restrictions while keeping the user experience smooth and non-intrusive.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fastest Age Verification\u003C\u002Fstrong> – Loads instantly with minimal impact on performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Non-blocking\u003C\u002Fstrong> – Does not interfere with website content or slow down loading time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simplest Age Verification\u003C\u002Fstrong> – Easy setup with a user-friendly admin interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable\u003C\u002Fstrong> – Upload your logo and set button colors from the settings page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Persistent Verification\u003C\u002Fstrong> – Uses cookies to remember user responses for 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set Your Own Age Limit\u003C\u002Fstrong> – Admins can define the minimum age requirement.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Design\u003C\u002Fstrong> – Works perfectly on all screen sizes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the full license at \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">GNU.org\u003C\u002Fa>.\u003C\u002Fp>\n","A non-blocking, fastest age verification popup for WordPress with customizable logo, button colors, and user-defined minimum age.",1370,"2026-02-11T21:03:00.000Z","6.9.4","5.0",[157,145,158,22,159],"age-verification","non-blocking","simplest-age-verification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffastest-age-verification.1.4.1.zip",{"slug":162,"name":163,"version":164,"author":165,"author_profile":166,"description":167,"short_description":168,"active_installs":101,"downloaded":169,"rating":101,"num_ratings":29,"last_updated":170,"tested_up_to":171,"requires_at_least":172,"requires_php":18,"tags":173,"homepage":18,"download_link":176,"security_score":143,"vuln_count":102,"unpatched_count":102,"last_vuln_date":38,"fetched_at":31},"magic-popups-customizable-and-lightweight","Magic Popups – Custom and Lightweight Popups","1.0.2","Matt Fletcher","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattfletcher94\u002F","\u003Cp>Easily add lightweight and customizable popups to your WordPress site. This plugin allows you to create and customize as many popups as you wish. These popups are very lightweightand will not slow down your website.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Choose which pages the popup is displayed on.\u003C\u002Fli>\n\u003Cli>Choose how often a user sees each popup (daily, weekly, etc).\u003C\u002Fli>\n\u003Cli>Set an opening delay, ensuring your popup does not appear instantly.\u003C\u002Fli>\n\u003Cli>Set a title and description.\u003C\u002Fli>\n\u003Cli>Add a custom button with a URL.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add lightweight and customizable popups to your WordPress site. You can choose to display your popups on specific pages. You can also display the popu &hellip;",5343,"2022-09-03T07:31:00.000Z","6.0.11","4.0.1",[174,175,22,97,23],"custom","pop-up","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagic-popups-customizable-and-lightweight.1.0.2.zip",{"attackSurface":178,"codeSignals":201,"taintFlows":245,"riskAssessment":246,"analyzedAt":261},{"hooks":179,"ajaxHandlers":194,"restRoutes":195,"shortcodes":196,"cronEvents":200,"entryPointCount":29,"unprotectedCount":102},[180,186,190],{"type":181,"name":182,"callback":183,"file":184,"line":185},"action","wp_head","popup_plugin_script","simple_popup_plugin.php",63,{"type":181,"name":187,"callback":188,"file":184,"line":189},"admin_menu","simple_popup_menu",66,{"type":181,"name":191,"callback":192,"priority":29,"file":184,"line":193},"widgets_init","simple_popup_Widget_init",77,[],[],[197],{"tag":22,"callback":198,"file":184,"line":199},"popup_plugin_shortcode",75,[],{"dangerousFunctions":202,"sqlUsage":210,"outputEscaping":212,"fileOperations":102,"externalRequests":102,"nonceChecks":102,"capabilityChecks":102,"bundledLibraries":244},[203,208],{"fn":204,"file":205,"line":206,"context":207},"unserialize","simple-popup-widget.php",22,"$urls = unserialize( $instance['urls'] );",{"fn":204,"file":205,"line":77,"context":209},"$urls = ($instance['urls'] != '') ? unserialize( $instance['urls'] ) : array();",{"prepared":102,"raw":102,"locations":211},[],{"escaped":206,"rawEcho":213,"locations":214},16,[215,218,220,222,224,226,228,230,232,233,234,236,238,240,241,242],{"file":205,"line":216,"context":217},38,"raw output",{"file":205,"line":219,"context":217},39,{"file":205,"line":221,"context":217},40,{"file":205,"line":223,"context":217},41,{"file":205,"line":225,"context":217},72,{"file":205,"line":227,"context":217},79,{"file":205,"line":229,"context":217},80,{"file":205,"line":231,"context":217},82,{"file":205,"line":75,"context":217},{"file":205,"line":143,"context":217},{"file":184,"line":235,"context":217},47,{"file":184,"line":237,"context":217},48,{"file":184,"line":239,"context":217},52,{"file":184,"line":239,"context":217},{"file":184,"line":239,"context":217},{"file":184,"line":243,"context":217},106,[],[],{"summary":247,"deductions":248},"The \"simple-popup-plugin\" v4.6 presents a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and avoiding file operations and external HTTP requests, significant concerns arise from other areas. The presence of two \"unserialize\" calls is a major red flag, as deserialization vulnerabilities can lead to remote code execution if not handled with extreme care and proper input validation. Furthermore, the code analysis indicates that only 58% of output is properly escaped, suggesting a potential for Cross-Site Scripting (XSS) vulnerabilities, which is corroborated by the plugin's vulnerability history.\n\nThe plugin's vulnerability history is a cause for concern, with three known CVEs, one of which remains unpatched. All historical vulnerabilities are medium severity and have been related to Cross-Site Scripting. This pattern indicates a recurring weakness in how the plugin handles user-supplied input and sanitizes output, despite some positive coding practices. The recent vulnerability in late 2024 further underscores the ongoing need for vigilance and patching.\n\nIn conclusion, while the plugin avoids common pitfalls like unprotected AJAX handlers, REST API routes, and raw SQL queries, the latent risk from \"unserialize\" usage combined with a history of XSS vulnerabilities and an unpatched CVE points to a moderate to high-risk plugin. Users should be cautious, especially with the unpatched vulnerability.",[249,252,255,257,259],{"reason":250,"points":251},"Unpatched CVE found",18,{"reason":253,"points":254},"Dangerous function: unserialize used",15,{"reason":256,"points":133},"Low output escaping percentage",{"reason":258,"points":57},"No nonce checks implemented",{"reason":260,"points":57},"No capability checks implemented","2026-03-16T18:54:48.037Z",{"wat":263,"direct":268},{"assetPaths":264,"generatorPatterns":265,"scriptPaths":266,"versionParams":267},[],[],[],[],{"cssClasses":269,"htmlComments":271,"htmlAttributes":274,"restEndpoints":275,"jsGlobals":276,"shortcodeOutput":279},[270],"simple_popup_link",[272,273],"\u003C!--Simple Popup Plugin v4.0 \u002F RH Mods-->","\u003C!--\u002FSimple Popup Plugin-->",[],[],[277,278],"var swin=null;","function popitup(mypage,w,h,pos,myname,infocus){",[280,281,282,283,284,285],"\u003Ca href=\"","\" onclick=\"return popitup(this.href, ",", ",");\" class=\"simple_popup_link ","\">","\u003C\u002Fa>"]