WP-Safety

Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen Security & Risk Analysis

wordpress.org/plugins/ysleadgen

Popup builder for exit intent popups, coupon popups, floating bars, and opt-in forms to grow leads and increase conversions on WordPress sites.

10 active installs v1.1.6 PHP 7.4+ WP 5.3+ Updated Mar 12, 2026
contact-formform-builderpopup-builderpopup-makerwordpress-popup
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen Safe to Use in 2026?

Generally Safe

Score 100/100

Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "ysleadgen" v1.1.6 plugin exhibits a generally strong security posture with excellent practices in SQL query preparation and output escaping, indicating developers are aware of common web vulnerabilities. The absence of known CVEs and bundled libraries further contributes positively. However, a significant concern arises from the 8 AJAX handlers that lack authentication checks. While the plugin has a large number of nonce and capability checks, these unprotected AJAX endpoints represent a direct attack vector that could be exploited if they handle user-supplied input without proper validation, potentially leading to unauthorized actions.

The taint analysis reveals 9 flows with unsanitized paths, all classified as high severity. This is a critical finding and suggests that user input is not being sufficiently cleaned before being used in sensitive operations. Coupled with the unprotected AJAX handlers, these unsanitized paths present a substantial risk of various vulnerabilities, including cross-site scripting (XSS) or path traversal, depending on how the unsanitized data is processed.

While the plugin's vulnerability history is clean, suggesting a good track record or recent development, the current static analysis findings of unprotected AJAX endpoints and high-severity unsanitized flows cannot be ignored. The strengths lie in the robust implementation of prepared statements and output escaping. The weaknesses, however, are significant and require immediate attention: the unprotected entry points and the identified taint flows pose a clear and present danger to the security of a WordPress site using this plugin.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
Vulnerabilities
None known

Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
62 prepared
Unescaped Output
3
257 escaped
Nonce Checks
64
Capability Checks
62
File Operations
11
External Requests
10
Bundled Libraries
0

SQL Query Safety

94% prepared66 total queries

Output Escaping

99% escaped260 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

19 flows9 with unsanitized paths
handleExportPopupLeads (app\Controllers\Ajax.php:2045)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen Attack Surface

Entry Points62
Unprotected8

AJAX Handlers 59

authwp_ajax_ysleadgen_get_current_userapp\Controllers\Ajax.php:35
authwp_ajax_ysleadgen_get_total_analyticsapp\Controllers\Ajax.php:36
authwp_ajax_ysleadgen_get_device_analyticsapp\Controllers\Ajax.php:37
authwp_ajax_ysleadgen_get_conversion_source_analyticsapp\Controllers\Ajax.php:38
authwp_ajax_ysleadgen_load_template_selectionapp\Controllers\Ajax.php:41
authwp_ajax_ysleadgen_publish_popupapp\Controllers\Ajax.php:42
authwp_ajax_ysleadgen_create_popupapp\Controllers\Ajax.php:43
authwp_ajax_ysleadgen_create_campaignapp\Controllers\Ajax.php:44
authwp_ajax_ysleadgen_save_templateapp\Controllers\Ajax.php:45
authwp_ajax_ysleadgen_get_popupsapp\Controllers\Ajax.php:46
authwp_ajax_ysleadgen_get_popupapp\Controllers\Ajax.php:47
authwp_ajax_ysleadgen_update_popup_templateapp\Controllers\Ajax.php:48
authwp_ajax_ysleadgen_create_formapp\Controllers\Ajax.php:51
authwp_ajax_ysleadgen_save_formapp\Controllers\Ajax.php:52
authwp_ajax_ysleadgen_get_formapp\Controllers\Ajax.php:53
authwp_ajax_ysleadgen_load_form_Templatesapp\Controllers\Ajax.php:54
authwp_ajax_ysleadgen_publish_formapp\Controllers\Ajax.php:55
authwp_ajax_ysleadgen_get_display_form_rulesapp\Controllers\Ajax.php:56
authwp_ajax_ysleadgen_search_postsapp\Controllers\Ajax.php:59
authwp_ajax_ysleadgen_get_initial_pagesapp\Controllers\Ajax.php:60
authwp_ajax_ysleadgen_get_all_contentapp\Controllers\Ajax.php:61
authwp_ajax_ysleadgen_search_contentapp\Controllers\Ajax.php:62
authwp_ajax_ysleadgen_get_captured_dataapp\Controllers\Ajax.php:65
authwp_ajax_ysleadgen_get_popup_analyticsapp\Controllers\Ajax.php:66
authwp_ajax_ysleadgen_get_form_analyticsapp\Controllers\Ajax.php:67
authwp_ajax_ysleadgen_toggle_campaign_statusapp\Controllers\Ajax.php:70
authwp_ajax_ysleadgen_duplicate_campaignapp\Controllers\Ajax.php:73
authwp_ajax_ysleadgen_rename_campaignapp\Controllers\Ajax.php:74
authwp_ajax_ysleadgen_delete_campaignapp\Controllers\Ajax.php:75
authwp_ajax_ysleadgen_get_display_rulesapp\Controllers\Ajax.php:76
authwp_ajax_ysleadgen_save_display_rulesapp\Controllers\Ajax.php:77
authwp_ajax_ysleadgen_save_form_display_rulesapp\Controllers\Ajax.php:78
authwp_ajax_ysleadgen_get_template_onlyapp\Controllers\Ajax.php:81
authwp_ajax_ysleadgen_get_form_template_onlyapp\Controllers\Ajax.php:82
authwp_ajax_ysleadgen_get_popup_templateapp\Controllers\Ajax.php:83
authwp_ajax_ysleadgen_get_form_templateapp\Controllers\Ajax.php:84
authwp_ajax_ysleadgen_assign_template_to_popupapp\Controllers\Ajax.php:87
authwp_ajax_ysleadgen_assign_template_to_formapp\Controllers\Ajax.php:88
authwp_ajax_ysleadgen_export_leadsapp\Controllers\Ajax.php:91
authwp_ajax_ysleadgen_export_popup_leadsapp\Controllers\Ajax.php:92
authwp_ajax_ysleadgen_export_form_leadsapp\Controllers\Ajax.php:93
authwp_ajax_ysleadgen_save_ga_settingsapp\Controllers\Ajax.php:96
authwp_ajax_ysleadgen_get_ga_settingsapp\Controllers\Ajax.php:97
authwp_ajax_ysleadgen_save_recaptcha_settingsapp\Controllers\Ajax.php:100
authwp_ajax_ysleadgen_get_recaptcha_settingsapp\Controllers\Ajax.php:101
authwp_ajax_ysleadgen_get_analytics_chart_dataapp\Controllers\Ajax.php:104
authwp_ajax_ysleadgen_get_onboarding_statusapp\Controllers\Ajax.php:107
authwp_ajax_ysleadgen_get_onboarding_progressapp\Controllers\Ajax.php:108
authwp_ajax_ysleadgen_save_onboarding_progressapp\Controllers\Ajax.php:109
authwp_ajax_ysleadgen_complete_onboardingapp\Controllers\Ajax.php:110
authwp_ajax_ysleadgen_get_lazy_popupapp\Controllers\Ajax.php:111
authwp_ajax_ysleadgen_get_template_by_idapp\Controllers\Ajax.php:114
authwp_ajax_ysleadgen_verify_api_keyapp\Controllers\MailChimp.php:24
authwp_ajax_ysleadgen_disconnect_api_keyapp\Controllers\MailChimp.php:25
authwp_ajax_ysleadgen_get_mailchimp_listsapp\Controllers\MailChimp.php:26
authwp_ajax_ysleadgen_get_mailchimp_membersapp\Controllers\MailChimp.php:27
authwp_ajax_ysleadgen_save_campaign_integrationsapp\Controllers\MailChimp.php:28
authwp_ajax_ysleadgen_get_campaign_integrationsapp\Controllers\MailChimp.php:29
authwp_ajax_yslg_deactivation_surveyapp\Deactivation.php:25

REST API Routes 1

POST/wp-json/ysleadgen/v1/frontendapp\Controllers\Api\Frontend.php:26

Shortcodes 2

[ysleadgen_form] app\Controllers\FormCampaign.php:23
[ysleadgen_floating_bar] app\Controllers\PopupCampaign.php:31
WordPress Hooks 20
actionadmin_menuapp\Admin\Page.php:26
actionadmin_initapp\Admin\Page.php:28
actionadmin_enqueue_scriptsapp\Admin\Page.php:35
actionadmin_initapp\Admin\Page.php:36
actionadmin_noticesapp\Admin\Page.php:77
filteradmin_footer_textapp\Admin\Page.php:82
filterupdate_footerapp\Admin\Page.php:83
actionplugins_loadedapp\Boot.php:26
actionrest_api_initapp\Boot.php:44
actionwp_enqueue_scriptsapp\Controllers\FormCampaign.php:24
actionwp_enqueue_scriptsapp\Controllers\PopupCampaign.php:27
actioninitapp\Controllers\PopupCampaign.php:28
actionwp_body_openapp\Controllers\PopupCampaign.php:29
actionwp_footerapp\Controllers\PopupCampaign.php:30
filtersafecss_filter_attrapp\Controllers\PopupCampaign.php:32
actioninitapp\Controllers\PopupCampaign.php:36
filtersafe_style_cssapp\Controllers\PopupCampaign.php:38
filtersafe_style_cssapp\Controllers\PopupCampaign.php:749
actionadmin_enqueue_scriptsapp\Deactivation.php:24
actionadmin_noticesapp\Helpers\Plugin.php:55
Maintenance & Trust

Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.4
Downloads643

Community Trust

Rating100/100
Number of ratings6
Active installs10
Alternatives

Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen Alternatives

Popup Builder – Create highly converting, mobile friendly marketing popups.

Popup Builder – Create highly converting, mobile friendly marketing popups.

popup-builder

B
76

Increase Sales, Lead Generation, Conversion rates and receive good Call to Action rates with smart WordPress popup plugin.

200K 23 CVEs
Getsitecontrol — Email Marketing Plugin | Popup Maker, Automations & Newsletters

Getsitecontrol — Email Marketing Plugin | Popup Maker, Automations & Newsletters

getsitecontrol

A
100

Complete email marketing toolset with a powerful popup builder on board. Generate leads with email opt-in forms, send professional newsletters, build …

1K No CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

metform

A
87

The most popular Elementor forms builder to create WordPress forms like contact forms, booking forms, feedback form, survey forms, application forms a …

600K 26 CVEs
Developer Profile

Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen Developer Profile

YS Innovations

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ysleadgen/admin-ui/dist/bundle.js/wp-content/plugins/ysleadgen/admin-ui/dist/output.css
Script Paths
/wp-content/plugins/ysleadgen/admin-ui/dist/bundle.js
Version Parameters
ysleadgen/admin-ui/dist/bundle.js?ver=ysleadgen/admin-ui/dist/output.css?ver=

HTML / DOM Fingerprints

CSS Classes
ysleadgen-admin
Data Attributes
data-page="dashboard"
JS Globals
ysLeadGenData
REST Endpoints
/wp-json/ysleadgen/v1/
FAQ

Frequently Asked Questions about Popup Builder & Opt-in Forms – Exit Intent, Coupon & Floating Bar Popups by YSLeadGen