Does Wing Popup have any unpatched vulnerabilities?

No. All known vulnerabilities in Wing Popup have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wing Popup compatible with WordPress 6.8.5?

According to WordPress.org data, Wing Popup 1.0.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Wing Popup compatible with PHP 7.4+?

Wing Popup requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wing Popup updated?

Wing Popup was last updated on Oct 5, 2025. Frequent updates are generally a positive security signal.

What is Wing Popup's security score?

Wing Popup has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wing Popup Security & Risk Analysis

wordpress.org/plugins/wing-popup

Pop up everything you like! Easily create informative and promotional popups. Boost your sales, lead generation, and conversions rates.

0 active installs v1.0.2 PHP 7.4+ WP 6.5+ Updated Oct 5, 2025

conversionmarketingmodalpopuppopups

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Wing Popup Safe to Use in 2026?

Generally Safe

Score 100/100

Wing Popup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The static analysis of the "wing-popup" plugin version 1.0.2 indicates a generally strong security posture. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events suggests a minimal attack surface. Furthermore, the code signals show no dangerous functions, all SQL queries use prepared statements, and a high percentage of output is properly escaped. The lack of file operations and external HTTP requests also contributes positively to its security. The plugin also has no recorded vulnerability history, which is a positive indicator. However, the complete absence of nonce checks and capability checks is a significant concern. While the current analysis didn't reveal any exploitable vulnerabilities due to this, it leaves the plugin susceptible to various CSRF and privilege escalation attacks if any entry points are introduced in future updates or if sensitive actions are performed without proper authorization checks. This oversight represents a potential weakness that could be exploited.

Key Concerns

Missing nonce checks
Missing capability checks
Low attack surface but no auth checks

Vulnerabilities

None known

Wing Popup Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Wing Popup Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped40 total outputs

Attack Surface

Wing Popup Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionplugins_loadedincludes\class-wing-popup.php:103

actionadmin_enqueue_scriptsincludes\class-wing-popup.php:116

actionadmin_enqueue_scriptsincludes\class-wing-popup.php:117

actionwp_enqueue_scriptsincludes\class-wing-popup.php:131

actionwp_enqueue_scriptsincludes\class-wing-popup.php:132

actionwp_footerincludes\class-wing-popup.php:133

actionplugins_loadedwing-popup.php:60

actionin_plugin_update_message-wing-popup/wing-popup.phpwing-popup.php:63

actioninitwing-popup.php:106

Maintenance & Trust

Wing Popup Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 5, 2025

PHP min version7.4

Downloads950

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Wing Popup Alternatives

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs

SendPulse – Popup Builder for Email Optins, Lead Generation, Sticky Bars and Videos

sendpulse-popups

100

SendPulse Pop-ups plugin for WordPress. Create highly converting and mobile-friendly pop-ups, opt-in forms, exit popups, sticky bars, NPS surveys, etc

100 No CVEs

I Love PopUps Connector

i-love-popups-connector

100

Lightweight connector that loads the official I Love PopUps script on your site using your Project ID.

0 No CVEs

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs

Advanced Popups

advanced-popups

100

Display high-converting newsletter popups, a cookie notice, or a notification with the light-weight yet feature-rich plugin.

70K 1 CVE

Developer Profile

Wing Popup Developer Profile

wingdevs

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Wing Popup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wing-popup/assets/css/frontend.css/wp-content/plugins/wing-popup/assets/js/frontend.js/wp-content/plugins/wing-popup/assets/css/backend.css/wp-content/plugins/wing-popup/assets/js/backend.js/wp-content/plugins/wing-popup/assets/libs/bootstrap/css/bootstrap.min.css/wp-content/plugins/wing-popup/assets/libs/bootstrap/js/bootstrap.min.js/wp-content/plugins/wing-popup/assets/libs/owl-carousel/owl.carousel.min.css/wp-content/plugins/wing-popup/assets/libs/owl-carousel/owl.carousel.min.js+1 more

Script Paths

/wp-content/plugins/wing-popup/assets/js/frontend.js/wp-content/plugins/wing-popup/assets/js/backend.js/wp-content/plugins/wing-popup/assets/libs/bootstrap/js/bootstrap.min.js/wp-content/plugins/wing-popup/assets/libs/owl-carousel/owl.carousel.min.js/wp-content/plugins/wing-popup/assets/libs/sweetalert2/sweetalert2.min.js

Version Parameters

wing-popup/style.css?ver=wing-popup/script.js?ver=wing-popup/assets/css/frontend.css?ver=wing-popup/assets/js/frontend.js?ver=wing-popup/assets/css/backend.css?ver=wing-popup/assets/js/backend.js?ver=wing-popup/assets/libs/bootstrap/css/bootstrap.min.css?ver=wing-popup/assets/libs/bootstrap/js/bootstrap.min.js?ver=wing-popup/assets/libs/owl-carousel/owl.carousel.min.css?ver=wing-popup/assets/libs/owl-carousel/owl.carousel.min.js?ver=wing-popup/assets/libs/sweetalert2/sweetalert2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wdpop-popup-containerwdpop-popup-wrapperwdpop-close-buttonwing-popup-wrap

HTML Comments

<!-- The core plugin class that is used to define internationalization,
 * admin-specific hooks, and public-facing site hooks. -->

<!-- Begins execution of the plugin.
 *
 * Since everything within the plugin is registered via hooks,
 * then kicking off the plugin from this point in the file does
 * not affect the page life cycle.
 *
 * @since    1.0.0 -->

+2 more

Data Attributes

data-wdpop-iddata-wdpop-triggerdata-wdpop-delaydata-wdpop-scrolldata-wdpop-exit-intent

JS Globals

WDPOPwdpop_frontend_paramsWDPOP_Helper

REST Endpoints

/wp-json/wdpop/v1/popup

Shortcode Output

[wing_popup id="1"]

FAQ