WP-Safety

Boot-Modal Security & Risk Analysis

wordpress.org/plugins/boot-modal

This plugin use a simple shortcode to insert a link anywhere to open any page in a Bootstrap modal window.

90 active installs v1.10 PHP + WP 3.0.1+ Updated Jan 7, 2025
bootstrapmodalshortcode
91
A · Safe
CVEs total1
Unpatched0
Last CVEJan 7, 2025
Plugin page Download
Safety Verdict

Is Boot-Modal Safe to Use in 2026?

Generally Safe

Score 91/100

Boot-Modal has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 7, 2025Updated 1yr ago
Risk Assessment

The "boot-modal" v1.10 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implements capability checks for its identified entry points. The absence of file operations and external HTTP requests further reduces potential attack vectors. However, a significant concern arises from the low percentage (29%) of properly escaped output across 75 identified output points. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of a medium-severity XSS vulnerability discovered on January 7, 2025. The static analysis reveals no critical or high severity taint flows, and the attack surface is relatively small with no immediately unprotected entry points. Despite these strengths, the prevalent lack of output escaping coupled with past XSS issues warrants careful consideration, as unsanitized output can lead to malicious code injection and user compromise.

Key Concerns

  • Low output escaping rate
  • Past medium severity XSS vulnerability
  • No nonce checks on entry points
Vulnerabilities
1 published

Boot-Modal Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-22551medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Boot-Modal <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 1.10 (8d)
Version History

Boot-Modal Release Timeline

v1.9.11 CVE
CVE-2025-22551
v1.71 CVE
CVE-2025-22551
v1.6.11 CVE
CVE-2025-22551
v1.51 CVE
CVE-2025-22551
v1.1.51 CVE
CVE-2025-22551
Code Analysis
Analyzed Mar 16, 2026

Boot-Modal Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
53
22 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared2 total queries

Output Escaping

29% escaped75 total outputs
Attack Surface

Boot-Modal Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[bootmodal] boot_modal.php:73
WordPress Hooks 13
actionplugins_loadedboot_modal.php:23
filterwidget_textboot_modal.php:72
actionwp_enqueue_scriptsboot_modal.php:77
actionwp_headboot_modal.php:80
actionadmin_enqueue_scriptsboot_modal.php:368
actionadmin_initboot_modal.php:369
actionadmin_menuboot_modal.php:370
actionadmin_noticesboot_modal.php:378
actionadmin_headboot_modal.php:753
actionadmin_enqueue_scriptsboot_modal.php:756
filtermce_external_languagesboot_modal.php:759
filtermce_external_pluginsboot_modal.php:774
filtermce_buttonsboot_modal.php:776
Maintenance & Trust

Boot-Modal Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 7, 2025
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs90
Alternatives

Boot-Modal Alternatives

Bootstrap Shortcodes

Bootstrap Shortcodes

bootstrap-shortcodes

B
79

Wordpress plugin to add shortcodes for Twitter Bootstrap 3.3

5K 1 unpatched
Bootstrap Modals

Bootstrap Modals

bootstrap-modals

C
63

This plugin adds Bootstrap Modal functionality to WordPress. All you need to do is add the Modal HTML mark up code.

1K 1 unpatched
Twitter's Bootstrap Shortcodes Ultimate Add-on

Twitter's Bootstrap Shortcodes Ultimate Add-on

twitters-bootstrap-shortcodes-ultimate

A
85

Add short codes for Twitter's Bootstrap 3 CSS and components to your site add-on for Shortcodes Ultimate.

300 No CVEs
Flexia Core

Flexia Core

flexia-core

A
85

Core plugin for Flexia theme. Controls all the plugin territory functionality for Flexia.

200 No CVEs
Lana Shortcodes

Lana Shortcodes

lana-shortcodes

A
85

Bootstrap framework based shortcodes

30 1 CVE
Developer Profile

Boot-Modal Developer Profile

albedo0

3 plugins · 510 total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
177 days
View full developer profile
Detection Fingerprints

How We Detect Boot-Modal

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/boot-modal/js/boot-modal.js
Script Paths
/wp-content/plugins/boot-modal/js/boot-modal.js
Version Parameters
boot-modal/js/boot-modal.js?ver=

HTML / DOM Fingerprints

CSS Classes
bootmodalboot-modal-open-buttonboot-modal-close-button
HTML Comments
<!-- Shortcode's params --><!-- Other params --><!-- Button or link text --><!-- Construct link or button -->
Data Attributes
data-bs-dismissdata-bs-targetdata-bs-toggledata-dismissdata-targetdata-toggle+2 more
JS Globals
window.bootmodal_options
Shortcode Output
[bootmodal post="post" buttonclass="" buttontext="" buttontype="" buttoncloseclass="" buttonclosetext="" size="" urlkey="" urlvalue="" animation="" dismiss="yes"]
FAQ

Frequently Asked Questions about Boot-Modal