Does woo-popup have any unpatched vulnerabilities?

No. All known vulnerabilities in woo-popup have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is woo-popup compatible with WordPress 4.2.39?

According to WordPress.org data, woo-popup 1.3.4 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is woo-popup updated?

woo-popup was last updated on Oct 30, 2015. Frequent updates are generally a positive security signal.

What is woo-popup's security score?

woo-popup has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

woo-popup Security & Risk Analysis

wordpress.org/plugins/woo-popup

Display a pop up window after the chosen page is loaded.

30 active installs v1.3.4 PHP + WP 3.5.1+ Updated Oct 30, 2015

display-info-after-a-product-is-addedmodal-windowpop-upwoocommercewoopopup

A · Safe

CVEs total1

Unpatched0

Last CVEMay 21, 2015

Plugin page Download

Safety Verdict

Is woo-popup Safe to Use in 2026?

Generally Safe

Score 85/100

woo-popup has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 21, 2015Updated 10yr ago

Risk Assessment

The "woo-popup" plugin v1.3.4 exhibits a mixed security posture. On the positive side, the static analysis reveals a limited attack surface with no discovered AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed. Furthermore, no dangerous functions were identified, and there are no active unpatched CVEs. However, several areas raise concern. The complete absence of nonce checks and capability checks is a significant weakness, particularly for a plugin that might interact with WordPress's core functionalities. The static analysis also indicates that only 50% of SQL queries use prepared statements, suggesting a potential for SQL injection vulnerabilities. Similarly, 50% of output is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) attacks. The vulnerability history shows a past medium-severity XSS vulnerability, and while it is patched, the pattern of XSS susceptibility warrants attention. The plugin also performs file operations and external HTTP requests, which, without proper sanitization and authentication checks, could be exploited.

Key Concerns

No Nonce Checks
No Capability Checks
50% of SQL queries not prepared
50% of output not escaped
Past medium severity XSS vulnerability

Vulnerabilities

woo-popup Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2015-10095medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

woo-popup <= 1.2.2 - Reflecte Cross-Site Scripting

May 21, 2015 Patched in 1.3.0 (3185d)

Code Analysis

Analyzed Mar 16, 2026

woo-popup Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared2 total queries

Output Escaping

50% escaped22 total outputs

Attack Surface

woo-popup Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionadmin_enqueue_scriptsadmin\class-woo-popup-admin.php:57

actionadmin_enqueue_scriptsadmin\class-woo-popup-admin.php:58

actionadmin_menuadmin\class-woo-popup-admin.php:61

actionadmin_initadmin\class-woo-popup-admin.php:68

actioninitpublic\class-woo-popup.php:94

actionwpmu_new_blogpublic\class-woo-popup.php:97

actionwp_enqueue_scriptspublic\class-woo-popup.php:100

actionwp_enqueue_scriptspublic\class-woo-popup.php:101

actionwp_enqueue_scriptspublic\class-woo-popup.php:104

actionplugins_loadedwoo-popup.php:48

actionplugins_loadedwoo-popup.php:57

Maintenance & Trust

woo-popup Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedOct 30, 2015

PHP min version

Downloads13K

Community Trust

Rating70/100

Number of ratings6

Active installs30

Alternatives

woo-popup Alternatives

YITH WooCommerce Popup

yith-woocommerce-popup

Create and customize your popup windows using templates carefully designed by YITH.

2K 2 CVEs

Formula04 WooCommerce Quick Window

formula04-woocommerce-quick-window

Creates a button/popup that allows your customers to view more details about a product without having to go to the individual page; add to cart too!

10 No CVEs

Raw HTML Modal Window

raw-html-modal-window

This plugin is intended for folks who prefer to use HTML/CSS for ultimate control of the layout for a pop-up window. It uses minimum sys resources

0 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

Developer Profile

woo-popup Developer Profile

Guillaume

2 plugins · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

3185 days

View full developer profile

Detection Fingerprints

How We Detect woo-popup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-popup/assets/css/admin.css/wp-content/plugins/woo-popup/assets/js/admin.js

Script Paths

http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css

Version Parameters

woo-popup/assets/css/admin.css?ver=woo-popup/assets/js/admin.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-popup-contentdata-popup-pagedata-popup-classdata-popup-themedata-start-datedata-end-date+3 more

FAQ