PopCraft: Seamless Text Popovers in WordPress Security & Risk Analysis
wordpress.org/plugins/text-popoverElevate your WordPress editing experience with the Text Popover plugin, designed to seamlessly integrate with various blocks featuring toolbars such a …
Is PopCraft: Seamless Text Popovers in WordPress Safe to Use in 2026?
Generally Safe
Score 85/100PopCraft: Seamless Text Popovers in WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'text-popover' plugin v1.0.1 demonstrates a very strong security posture based on the provided static analysis results. There are no identified entry points like AJAX handlers, REST API routes, or shortcodes exposed to users, which significantly reduces the attack surface. The code also shows excellent adherence to secure coding practices, with no dangerous function calls, all SQL queries using prepared statements, and all output properly escaped. Furthermore, there are no file operations, external HTTP requests, or any indications of missed security checks like nonces or capability checks.
The lack of any identified taint flows, even with zero flows analyzed, suggests that if there were any, they would likely be well-sanitized. The plugin's vulnerability history is also pristine, with no recorded CVEs, indicating a lack of known security flaws over time. This clean record, coupled with the robust static analysis findings, points to a well-developed and secure plugin.
While the lack of entry points and comprehensive secure coding practices are significant strengths, the absence of any entry points at all could also imply limited functionality. However, based solely on the provided data, the plugin exhibits an exceptionally low risk profile. The primary concern, if any, would be the potential for future vulnerabilities if the plugin's functionality expands without maintaining these high security standards.
PopCraft: Seamless Text Popovers in WordPress Security Vulnerabilities
PopCraft: Seamless Text Popovers in WordPress Code Analysis
PopCraft: Seamless Text Popovers in WordPress Attack Surface
WordPress Hooks 3
Maintenance & Trust
PopCraft: Seamless Text Popovers in WordPress Maintenance & Trust
Maintenance Signals
Community Trust
PopCraft: Seamless Text Popovers in WordPress Alternatives
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
gutenkit-blocks-addon
GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.
Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder
the-plus-addons-for-block-editor
90+ Gutenberg Blocks & AI Website Builder with 1000+ Templates. Complete Page Builder, Popup Builder, Mega Menu, Form Builder & More. No Code.
Disable Block Editor FullScreen mode
disable-block-editor-fullscreen-mode
Disable the Block Editor fullscreen mode by default in WordPress 5.4+. Lightweight, no settings needed — just activate and it works.
Animated Counter
animated-counter
Easily animate numbers on the frontend by applying the Animated Counter format directly from the Gutenberg editor toolbar.
Disable Block Editor (Gutenberg)
disable-editor-by-1-click
Disable Gutenberg editor by 1 click, disable block editor in all Post Type(including custom post type)
PopCraft: Seamless Text Popovers in WordPress Developer Profile
5 plugins · 200 total installs
How We Detect PopCraft: Seamless Text Popovers in WordPress
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/text-popover/assets/js/popovertool.min.js/wp-content/plugins/text-popover/assets/css/popovertool.min.css/wp-content/plugins/text-popover/assets/js/popovertool.min.jspopover_tool_js?ver=1.0popover_tool_css?ver=1.0HTML / DOM Fingerprints
data-toggle="text-popover"