WP Popover Security & Risk Analysis
wordpress.org/plugins/wp-popoverEasily add Bootstrap popover to your site. You can create custom post and use as popover anywhere in your site with short code.
Is WP Popover Safe to Use in 2026?
Generally Safe
Score 85/100WP Popover has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-popover plugin v1.0.0 exhibits a concerning security posture, primarily due to significant weaknesses in its input handling and authorization mechanisms. While the plugin demonstrates good practices in avoiding raw SQL queries and external HTTP requests, the absence of proper output escaping for all identified outputs is a critical flaw. This means that any user-supplied data that is displayed back to the user could potentially be exploited through cross-site scripting (XSS) attacks. The presence of a dangerous `unserialize` function, coupled with an unprotected AJAX handler, presents a high risk of remote code execution (RCE) or other severe attacks if an attacker can control the data being unserialized. The lack of nonce and capability checks on the AJAX endpoint further exacerbates this risk, as it allows unauthenticated users to trigger potentially harmful operations. The plugin's vulnerability history being clean is a positive sign, suggesting it may not have been widely targeted or that previous versions were not exploitable. However, this does not mitigate the inherent risks identified in the current codebase.
Key Concerns
- Unprotected AJAX handler
- Dangerous function: unserialize
- All outputs unescaped
- Missing nonce checks
- Missing capability checks
WP Popover Security Vulnerabilities
WP Popover Code Analysis
Dangerous Functions Found
Output Escaping
WP Popover Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 6
Maintenance & Trust
WP Popover Maintenance & Trust
Maintenance Signals
Community Trust
WP Popover Alternatives
Gravity Booster – Styles & Layouts for Gravity Forms
styles-and-layouts-for-gravity-forms
Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …
Easy Footnotes
easy-footnotes
Easy Footnotes lets you quickly and easily add footnotes throughout your WordPress posts using a simple shortcode in the text editor.
Hide Tooltips on Hover – Clean Up Title Attributes Without Losing Accessibility
hide-titles-on-hover
Hide browser tooltips on hover while preserving accessibility for screen readers.
Text Hover
text-hover
Add hover text (aka tooltips) to content in posts. Handy for providing explanations of names, terms, phrases, abbreviations, and acronyms.
Magic Tooltips For Contact Form 7
magic-tooltips-for-contact-form-7
Magic Tooltips For Contact Form 7 is a WordPress Contact Form 7 tooltip plugin that let's you add tooltips to the Contact Form 7 form fields.
WP Popover Developer Profile
3 plugins · 830 total installs
How We Detect WP Popover
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-popover/assets/js/script.js/wp-content/plugins/wp-popover/assets/css/style.css/wp-content/plugins/wp-popover/assets/css/admin_style.css/wp-content/plugins/wp-popover/assets/js/admin-script.jshttps://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jshttps://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsassets/js/script.jsassets/js/admin-script.jswp-popover/assets/js/script.js?ver=wp-popover/assets/css/style.css?ver=wp-popover/assets/css/admin_style.css?ver=wp-popover/assets/js/admin-script.js?ver=HTML / DOM Fingerprints
wpobp_global_settingswpobp-popoverWPOBP_Vars[wpob-popover id=