Does Bootstrap Modals have any unpatched vulnerabilities?

Yes — Bootstrap Modals currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Bootstrap Modals compatible with WordPress 5.2.24?

According to WordPress.org data, Bootstrap Modals 1.3.2 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Bootstrap Modals updated?

Bootstrap Modals was last updated on May 17, 2019. Frequent updates are generally a positive security signal.

What is Bootstrap Modals's security score?

Bootstrap Modals has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bootstrap Modals Security & Risk Analysis

wordpress.org/plugins/bootstrap-modals

This plugin adds Bootstrap Modal functionality to WordPress. All you need to do is add the Modal HTML mark up code.

1K active installs v1.3.2 PHP + WP 3.8+ Updated May 17, 2019

bootstrapmodalspop-upswindows

C · Use Caution

CVEs total1

Unpatched1

Last CVEDec 31, 2025

Plugin page Download

Safety Verdict

Is Bootstrap Modals Safe to Use in 2026?

Use With Caution

Score 63/100

Bootstrap Modals has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 31, 2025Updated 6yr ago

Risk Assessment

The bootstrap-modals plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no raw SQL queries, and a complete absence of file operations or external HTTP requests. The presence of capability checks suggests an attempt at securing certain functionalities. However, the lack of nonce checks on the entry points (shortcodes) is a significant concern, as it opens the door to potential Cross-Site Request Forgery (CSRF) attacks if the shortcodes can be manipulated to perform actions on behalf of logged-in users without their explicit consent. Furthermore, the 31% of output that is not properly escaped indicates a risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website's pages.

Key Concerns

Unpatched Medium Severity CVE
Missing Nonce Checks on Entry Points
Insufficient Output Escaping

Vulnerabilities

Bootstrap Modals Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-62095medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bootstrap Modals <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 31, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Bootstrap Modals Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

69% escaped13 total outputs

Attack Surface

Bootstrap Modals Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[bs_modal] modal.php:694

[bs_trigger] modal.php:735

WordPress Hooks 6

actionplugins_loadedmodal.php:19

actionwp_enqueue_scriptsmodal.php:30

actionadmin_enqueue_scriptsmodal.php:55

actionadmin_menumodal.php:72

actionadmin_initmodal.php:113

actionwp_enqueue_scriptsmodal.php:544

Maintenance & Trust

Bootstrap Modals Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedMay 17, 2019

PHP min version

Downloads43K

Community Trust

Rating90/100

Number of ratings8

Active installs1K

Alternatives

Bootstrap Modals Alternatives

Pop-up

pop-up-pop-up

Pop-up Popups

10K 2 CVEs

TCBD Modals

tcbd-modals

100

This plugin will enable Awesome Modals box in your Wordpress theme.

10 No CVEs

Boxzilla – Pop-Ups for WordPress

boxzilla

100

Flexible pop-ups or slide-ins, showing up at just the right time.

20K No CVEs

Poptin – Exit Pop Ups & Email Popups

poptin

100

Free exit intent popup builder, gamified popups with spin the wheel, contact form builder & lead generation pop ups platform for your website. 🎉

20K 1 CVE

Bootstrap for Contact Form 7

bootstrap-for-contact-form-7

This plugin modifies the output of the popular Contact Form 7 plugin to be styled in compliance with themes using the Bootstrap CSS framework.

10K No CVEs

Developer Profile

Bootstrap Modals Developer Profile

neilgee

8 plugins · 9K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

396 days

View full developer profile

Detection Fingerprints

How We Detect Bootstrap Modals

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bootstrap-modals/css/bootstrap.css/wp-content/plugins/bootstrap-modals/css/custommodal.css/wp-content/plugins/bootstrap-modals/js/bootstrap.min.js/wp-content/plugins/bootstrap-modals/js/wp-color-picker-alpha.min.js

Script Paths

/wp-content/plugins/bootstrap-modals/js/bootstrap.min.js/wp-content/plugins/bootstrap-modals/js/wp-color-picker-alpha.min.js

Version Parameters

bootstrap-modals/css/bootstrap.css?ver=bootstrap-modals/css/custommodal.css?ver=bootstrap-modals/js/bootstrap.min.js?ver=bootstrap-modals/js/wp-color-picker-alpha.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

ng_modal_disable_bootstrap

FAQ