Does WePOP have any unpatched vulnerabilities?

No. All known vulnerabilities in WePOP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WePOP compatible with WordPress 6.9.4?

According to WordPress.org data, WePOP 1.6.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WePOP compatible with PHP 7.4+?

WePOP requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WePOP updated?

WePOP was last updated on Mar 8, 2026. Frequent updates are generally a positive security signal.

What is WePOP's security score?

WePOP has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WePOP Security & Risk Analysis

wordpress.org/plugins/wepop

A lightweight, dependency-free lightbox plugin for WordPress. Supports images and videos without jQuery.

20 active installs v1.6.2 PHP 7.4+ WP 5.0+ Updated Mar 8, 2026

galleryimagelightboxpopupvideo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WePOP Safe to Use in 2026?

Generally Safe

Score 100/100

WePOP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago

Risk Assessment

Based on the static analysis and vulnerability history provided, the 'wepop' plugin v1.6.2 exhibits a strong security posture. The code demonstrates excellent adherence to secure coding practices, with all identified SQL queries utilizing prepared statements, all output being properly escaped, and robust use of nonce and capability checks for its entry points. The absence of known CVEs and a clean vulnerability history further contribute to its favorable security assessment. There are no detected dangerous functions, file operations, or external HTTP requests, which are common sources of vulnerabilities.

While the static analysis does not reveal any critical or high-severity taint flows, nor any insecurely exposed entry points (AJAX handlers, REST API routes), the overall attack surface is very small. The plugin presents a single REST API route, which has an associated permission callback, meaning it is not directly exposed to unauthorized access. The absence of shortcodes and cron events also limits potential attack vectors. Therefore, the plugin appears to be well-developed from a security perspective with no immediate red flags.

Vulnerabilities

None known

WePOP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WePOP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped3 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

wepop_save_settings (includes\config.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WePOP Attack Surface

Entry Points1

Unprotected0

REST API Routes 1

POST/wp-json/wepop/v1/disablewepop.php:182

WordPress Hooks 8

actionadmin_menuincludes\config.php:16

actionadmin_initincludes\config.php:48

actioninitwepop.php:52

filterthe_contentwepop.php:91

actionwp_enqueue_scriptswepop.php:130

actionwp_footerwepop.php:141

actionenqueue_block_editor_assetswepop.php:175

actionrest_api_initwepop.php:181

Maintenance & Trust

WePOP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 8, 2026

PHP min version7.4

Downloads717

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

WePOP Alternatives

Image and Video Lightbox, Image PopUp

lightbox-popup

100

Image and Video Lightbox is an high customizable and responsive plugin for displaying images and videos in popup.

1K 1 CVE

Lightbox & Modal Popup WordPress Plugin – FooBox

foobox-image-lightbox

A responsive image lightbox for WordPress galleries, WordPress attachments & FooGallery

100K 5 CVEs

WP Lightbox 2

wp-lightbox-2

WP Lightbox 2 adds stunning lightbox effects to images and galleries on your WordPress site.

30K 4 CVEs

MetaSlider Lightbox – Modals & Lightboxes – Image, Gallery, Video, Slideshow Lightbox

ml-slider-lightbox

100

MetaSlider Lightbox is the lightbox and modal plugin for WordPress. Build a lightbox for images, galleries, video, slideshows and more.

10K No CVEs

Album Gallery

new-album-gallery

Create stunning photo and video albums with responsive layouts, lightbox display, and customizable hover effects.

4K 3 CVEs

Developer Profile

WePOP Developer Profile

WeDOK

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WePOP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wepop/css/popup.css/wp-content/plugins/wepop/js/popup.js/wp-content/plugins/wepop/js/editor.js

Script Paths

/wp-content/plugins/wepop/js/popup.js/wp-content/plugins/wepop/js/editor.js

HTML / DOM Fingerprints

Data Attributes

data-wepop

JS Globals

wedokPopSettingswepopEditorText

REST Endpoints

/wepop/v1/disable

FAQ