Does Tsu Popup have any unpatched vulnerabilities?

No. All known vulnerabilities in Tsu Popup have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tsu Popup compatible with WordPress 4.0.38?

According to WordPress.org data, Tsu Popup 1.0 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Tsu Popup updated?

Tsu Popup was last updated on Jan 26, 2015. Frequent updates are generally a positive security signal.

What is Tsu Popup's security score?

Tsu Popup has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tsu Popup Security & Risk Analysis

wordpress.org/plugins/tsu-popup

Add your own tsu ( Social Network ) popup in any website.

10 active installs v1.0 PHP + WP 2.0+ Updated Jan 26, 2015

followinvitationinvitenetworktsu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tsu Popup Safe to Use in 2026?

Generally Safe

Score 85/100

Tsu Popup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "tsu-popup" v1.0 plugin exhibits a mixed security posture. On one hand, the absence of known CVEs and a clean taint analysis suggest a generally secure codebase with no immediately obvious critical vulnerabilities. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries. However, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function is a notable weakness, as it can be a vector for code injection if user-supplied input is passed to it without proper sanitization. Furthermore, a substantial portion of output (80%) is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities across various display points within the plugin. The lack of nonce checks and capability checks on potential entry points, coupled with a zero-count for these, indicates a potential oversight in securing user interactions.

Key Concerns

Use of dangerous function `create_function`
High percentage of unescaped output
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

Tsu Popup Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Tsu Popup Release Timeline

v1.0Current

Code Analysis

Analyzed Mar 17, 2026

Tsu Popup Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function('', 'echo "'.str_replace('"', '\"', $section['desc']).'";');class.settings-api.php:111

Output Escaping

20% escaped41 total outputs

Attack Surface

Tsu Popup Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_enqueue_scriptsclass.settings-api.php:31

actioninittsu-popup.php:17

actionadmin_inittsu-popup.php:33

actionadmin_menutsu-popup.php:34

actionwp_enqueue_scriptstsu-popup.php:483

actionwp_footertsu-popup.php:501

Maintenance & Trust

Tsu Popup Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedJan 26, 2015

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Tsu Popup Alternatives

Tsu

tsu

Tsu widget to share your profile / invitation with your readers.

10 No CVEs

Invite Anyone

invite-anyone

Makes BuddyPress's invitation features more powerful.

1K 6 CVEs

WP eCards – Branded Digital Greeting Cards

wp-ecards-invites

Add interactive digital greeting cards to your WordPress site — fully branded, customizable, and shareable by visitors through email or social media.

300 1 CVE

Social Media Engine

social-media-engine

Social follow links shortcode. Built on FontAwesome icons. 30 social networks supported: 500px, behance, bitbucket, delicious, deviantart, digg, drib …

40 1 unpatched

Invitations for Slack

invitations-for-slack

Build a Slack community by allowing your visitors (or registered users) to invite themselves to your Slack team.

30 No CVEs

Developer Profile

Tsu Popup Developer Profile

Md Nurullah

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tsu Popup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tsu-popup/css/style.css/wp-content/plugins/tsu-popup/js/main.js

Script Paths

/wp-content/plugins/tsu-popup/js/main.js

Version Parameters

tsu-popup/css/style.css?ver=tsu-popup/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

tsu-popuptsu-popup-close

Data Attributes

data-tsu-usernamedata-tsu-usernamedata-tsu-display_namedata-tsu-titledata-tsu-descdata-tsu-logo+11 more

JS Globals

tsu_popup_options

FAQ