WP-Safety

Easy Modal Security & Risk Analysis

wordpress.org/plugins/easy-modal

The #1 WordPress Popup Plugin! Make glorious & powerful popups and market your content like never before - all in minutes!

8K active installs v2.1.0 PHP + WP 3.3.0+ Updated Nov 28, 2017
modalmodal-boxmodal-formmodal-windowpopup
53
C · Use Caution
CVEs total3
Unpatched1
Last CVEJan 11, 2026
Plugin page Download
Safety Verdict

Is Easy Modal Safe to Use in 2026?

Use With Caution

Score 53/100

Easy Modal has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Jan 11, 2026Updated 8yr ago
Risk Assessment

The "easy-modal" v2.1.0 plugin exhibits a mixed security posture. While it demonstrates some good practices, such as implementing nonce and capability checks in certain areas and a majority of its output escaping being properly handled, significant concerns remain. The presence of two unprotected AJAX handlers significantly increases the attack surface, making it vulnerable to unauthorized actions if exploited. The taint analysis reveals three high-severity flows with unsanitized paths, indicating potential injection vulnerabilities that could be leveraged by attackers. Furthermore, the plugin has a history of known vulnerabilities, including a currently unpatched one, and past issues commonly include Cross-Site Scripting and SQL Injection, suggesting recurring security weaknesses. The use of dangerous functions like `unserialize` also raises red flags, as it can be a vector for remote code execution if user-controlled data is unserialized without proper validation. While not all SQL queries are vulnerable, the low percentage of prepared statements is a concern, and the existence of raw SQL queries that could be vulnerable to injection, coupled with the high-severity taint flows, warrants careful attention. The plugin's strengths lie in its moderate output escaping and some implemented security checks, but these are overshadowed by the critical risks identified in the attack surface, taint analysis, and vulnerability history.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Unpatched CVE
  • High severity CVEs
  • Medium severity CVEs
  • Dangerous function (unserialize)
  • Low percentage of prepared statements
  • Unsanitized paths in taint analysis
Vulnerabilities
3

Easy Modal Security Vulnerabilities

CVEs by Year

2 CVEs in 2017
2017
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
2
Medium
1

3 total CVEs

CVE-2026-24617medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Modal <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 11, 2026Unpatched
CVE-2017-12946high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Easy Modal < 2.1.0 - Authenticated (Admin+) SQL Injection

Aug 7, 2017 Patched in 2.1.0 (2360d)
CVE-2017-12947high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Easy Modal < 2.1.0 - SQL Injection

Aug 7, 2017 Patched in 2.1.0 (2360d)
Code Analysis
Analyzed Mar 16, 2026

Easy Modal Code Analysis

Dangerous Functions
13
Raw SQL Queries
28
3 prepared
Unescaped Output
57
117 escaped
Nonce Checks
9
Capability Checks
5
File Operations
0
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_filter("gform_confirmation_anchor_{$form_id}", create_function("","return false;"));addons\gravityforms.php:16
create_functionadd_filter("gform_confirmation_anchor_{$form_id}", create_function("","return false;"));addons\gravityforms.php:33
unserialize$o_modal_list = unserialize($o_modal_list);classes\migrate.php:13
unserialize$Modal = unserialize($Modal);classes\migrate.php:20
unserialize$o_modal_list = unserialize($o_modal_list);classes\migrate.php:35
unserialize$Modal = unserialize($Modal);classes\migrate.php:42
unserialize$Theme = unserialize($Theme);classes\migrate.php:51
unserialize$o_settings = unserialize($o_settings);classes\migrate.php:58
unserialize$o_theme_list = unserialize($o_theme_list);classes\migrate.php:77
unserialize$Theme = unserialize($Theme);classes\migrate.php:84
unserialize$o_modal_list = unserialize($o_modal_list);classes\migrate.php:95
unserialize$Modal = unserialize($Modal);classes\migrate.php:102
unserialize$o_settings = unserialize($o_settings);classes\migrate.php:113

SQL Query Safety

10% prepared31 total queries

Output Escaping

67% escaped174 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
search_box (classes\view\admin\modal\index.php:243)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Easy Modal Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_puc_debug_check_nowincludes\updates\debug-bar-plugin.php:14
authwp_ajax_puc_debug_request_infoincludes\updates\debug-bar-plugin.php:15

Shortcodes 1

[modal] includes\shortcodes.php:2
WordPress Hooks 146
actionemodal_preload_modaladdons\gravityforms.php:5
actionemodal_preload_modaladdons\gravityforms.php:6
filtertiny_mce_before_initclasses\admin\editor.php:8
actionadmin_menuclasses\admin\menu.php:4
filteremodal_admin_submenu_pagesclasses\admin\menu.php:5
filteremodal_admin_submenu_pagesclasses\admin\menu.php:6
filteremodal_admin_submenu_pagesclasses\admin\menu.php:7
filteremodal_admin_submenu_pagesclasses\admin\menu.php:8
filteremodal_admin_submenu_pagesclasses\admin\menu.php:9
actionadmin_noticesclasses\admin\notice.php:7
actionload-post.phpclasses\admin\postmeta.php:4
actionload-post-new.phpclasses\admin\postmeta.php:5
actionadd_meta_boxesclasses\admin\postmeta.php:9
actionsave_postclasses\admin\postmeta.php:10
filterplugin_action_linksclasses\admin.php:15
actioninitclasses\admin.php:17
actionadmin_initclasses\admin.php:22
actionadmin_noticesclasses\admin.php:24
actionadmin_initclasses\admin.php:25
actionadmin_initclasses\admin.php:29
actionadmin_headclasses\admin.php:30
actionadmin_enqueue_scriptsclasses\admin.php:31
actionadmin_enqueue_scriptsclasses\admin.php:32
actionadmin_print_footer_scriptsclasses\admin.php:33
filteremodal_admin_current_controllerclasses\admin.php:261
filteremodal_modal_pre_saveclasses\controller\admin\modals.php:160
filteremodal_settings_pre_saveclasses\controller\admin\settings.php:69
filteremodal_theme_pre_saveclasses\controller\admin\theme.php:39
actionwp_headclasses\site.php:5
actionwp_footerclasses\site.php:6
actionwp_enqueue_scriptsclasses\site.php:7
actionwp_enqueue_scriptsclasses\site.php:8
filterclean_urlclasses\site.php:9
filteremodal_modal_class_attrclasses\view\modal.php:24
filteremodal_modal_data_attrclasses\view\modal.php:39
filteremodal_modal_innerclasses\view\modal.php:55
filteremodal_modal_innerclasses\view\modal.php:65
filteremodal_modal_innerclasses\view\modal.php:74
actionplugins_loadedeasy-modal.php:43
actionemodal_db_updateeasy-modal.php:44
filteremodal_modal_contenteasy-modal.php:52
filteremodal_modal_contenteasy-modal.php:53
filteremodal_modal_contenteasy-modal.php:54
filteremodal_modal_contenteasy-modal.php:55
filteremodal_modal_contenteasy-modal.php:56
filteremodal_modal_contenteasy-modal.php:57
filteremodal_modal_contenteasy-modal.php:58
actionplugins_loadedeasy-modal.php:218
actionemodal_example_modal_contentincludes\admin\content.php:3
actionemodal_admin_footerincludes\admin\footer.php:2
filteremodal_admin_help_tabsincludes\admin\help-general-tab.php:2
actionemodal_admin_help_tab_generalincludes\admin\help-general-tab.php:9
filteremodal_admin_modal_form_tabsincludes\admin\modal-form-close-tab.php:2
actionemodal_admin_modal_form_tab_closeincludes\admin\modal-form-close-tab.php:10
actionemodal_admin_modal_form_tab_close_settingsincludes\admin\modal-form-close-tab.php:21
actionemodal_admin_modal_form_tab_close_settingsincludes\admin\modal-form-close-tab.php:34
filteremodal_admin_modal_form_tabsincludes\admin\modal-form-display-tab.php:2
actionemodal_admin_modal_form_tab_displayincludes\admin\modal-form-display-tab.php:10
actionemodal_admin_modal_form_tab_display_settingsincludes\admin\modal-form-display-tab.php:21
actionemodal_admin_modal_form_tab_display_settingsincludes\admin\modal-form-display-tab.php:46
actionemodal_admin_modal_form_tab_display_settingsincludes\admin\modal-form-display-tab.php:99
actionemodal_admin_modal_form_tab_display_settingsincludes\admin\modal-form-display-tab.php:111
actionemodal_admin_modal_form_tab_display_settingsincludes\admin\modal-form-display-tab.php:169
filteremodal_admin_modal_form_tabsincludes\admin\modal-form-example-tab.php:2
actionemodal_admin_modal_form_tab_examplesincludes\admin\modal-form-example-tab.php:9
filteremodal_admin_modal_form_tabsincludes\admin\modal-form-general-tab.php:2
actionemodal_admin_modal_form_tab_generalincludes\admin\modal-form-general-tab.php:9
actionemodal_admin_modal_form_tab_general_settingsincludes\admin\modal-form-general-tab.php:19
actionemodal_admin_modal_form_tab_general_settingsincludes\admin\modal-form-general-tab.php:36
actionemodal_admin_modal_form_tab_general_settingsincludes\admin\modal-form-general-tab.php:56
actionemodal_admin_modal_form_tab_general_settingsincludes\admin\modal-form-general-tab.php:72
filteremodal_existing_addon_imagesincludes\admin\options.php:2
filteremodal_model_modal_meta_defaultsincludes\admin\options.php:22
filteremodal_model_theme_meta_defaultsincludes\admin\options.php:48
filteremodal_size_unit_optionsincludes\admin\options.php:115
filteremodal_border_style_optionsincludes\admin\options.php:126
filteremodal_font_family_optionsincludes\admin\options.php:142
filteremodal_text_align_optionsincludes\admin\options.php:156
filteremodal_modal_display_size_optionsincludes\admin\options.php:167
filteremodal_modal_display_size_optionsincludes\admin\options.php:175
filteremodal_modal_display_size_optionsincludes\admin\options.php:191
filteremodal_modal_display_animation_type_optionsincludes\admin\options.php:201
filteremodal_modal_display_animation_origin_optionsincludes\admin\options.php:215
filteremodal_modal_display_location_optionsincludes\admin\options.php:236
filteremodal_theme_close_location_optionsincludes\admin\options.php:252
actionemodal_post_meta_boxincludes\admin\postmeta.php:2
actionemodal_post_meta_boxincludes\admin\postmeta.php:9
actionemodal_post_meta_boxincludes\admin\postmeta.php:32
filteremodal_admin_settings_form_tabsincludes\admin\settings-form-general-tab.php:2
actionemodal_admin_settings_form_tab_generalincludes\admin\settings-form-general-tab.php:9
actionemodal_admin_settings_form_tab_general_settingsincludes\admin\settings-form-general-tab.php:20
filteremodal_admin_settings_form_tabsincludes\admin\settings-form-licenses-tab.php:2
actionemodal_admin_settings_form_tab_licensesincludes\admin\settings-form-licenses-tab.php:9
actionemodal_admin_settings_form_tab_licenses_settingsincludes\admin\settings-form-licenses-tab.php:20
actionemodal_admin_sidebarincludes\admin\sidebar.php:4
actionemodal_admin_sidebarincludes\admin\sidebar.php:28
actionemodal_admin_sidebarincludes\admin\sidebar.php:48
actionemodal_admin_sidebarincludes\admin\sidebar.php:56
actionemodal_admin_sidebarincludes\admin\sidebar.php:78
filteremodal_admin_theme_form_tabsincludes\admin\theme-form-close-tab.php:2
actionemodal_admin_theme_form_tab_closeincludes\admin\theme-form-close-tab.php:9
actionemodal_admin_theme_form_tab_close_settingsincludes\admin\theme-form-close-tab.php:19
actionemodal_admin_theme_form_tab_close_settingsincludes\admin\theme-form-close-tab.php:34
actionemodal_admin_theme_form_tab_close_settingsincludes\admin\theme-form-close-tab.php:49
actionemodal_admin_theme_form_tab_close_settingsincludes\admin\theme-form-close-tab.php:111
actionemodal_admin_theme_form_tab_close_settingsincludes\admin\theme-form-close-tab.php:153
actionemodal_admin_theme_form_tab_close_settingsincludes\admin\theme-form-close-tab.php:187
actionemodal_admin_theme_form_tab_close_settingsincludes\admin\theme-form-close-tab.php:239
actionemodal_admin_theme_form_tab_close_settingsincludes\admin\theme-form-close-tab.php:319
filteremodal_admin_theme_form_tabsincludes\admin\theme-form-container-tab.php:2
actionemodal_admin_theme_form_tab_containerincludes\admin\theme-form-container-tab.php:9
actionemodal_admin_theme_form_tab_container_settingsincludes\admin\theme-form-container-tab.php:20
actionemodal_admin_theme_form_tab_container_settingsincludes\admin\theme-form-container-tab.php:35
actionemodal_admin_theme_form_tab_container_settingsincludes\admin\theme-form-container-tab.php:67
actionemodal_admin_theme_form_tab_container_settingsincludes\admin\theme-form-container-tab.php:118
filteremodal_admin_theme_form_tabsincludes\admin\theme-form-content-tab.php:2
actionemodal_admin_theme_form_tab_contentincludes\admin\theme-form-content-tab.php:9
actionemodal_admin_theme_form_tab_content_settingsincludes\admin\theme-form-content-tab.php:20
filteremodal_admin_theme_form_tabsincludes\admin\theme-form-general-tab.php:2
actionemodal_admin_theme_form_tab_generalincludes\admin\theme-form-general-tab.php:9
actionemodal_admin_theme_form_tab_general_settingsincludes\admin\theme-form-general-tab.php:19
filteremodal_admin_theme_form_tabsincludes\admin\theme-form-overlay-tab.php:2
actionemodal_admin_theme_form_tab_overlayincludes\admin\theme-form-overlay-tab.php:9
actionemodal_admin_theme_form_tab_overlay_settingsincludes\admin\theme-form-overlay-tab.php:19
filteremodal_admin_theme_form_tabsincludes\admin\theme-form-title-tab.php:2
actionemodal_admin_theme_form_tab_titleincludes\admin\theme-form-title-tab.php:9
actionemodal_admin_theme_form_tab_title_settingsincludes\admin\theme-form-title-tab.php:20
actionemodal_admin_theme_form_tab_title_settingsincludes\admin\theme-form-title-tab.php:76
filteremodal_shortcode_modal_attsincludes\deprecated.php:2
filterpre_set_site_transient_update_pluginsincludes\plugin-updater.php:47
filterplugins_apiincludes\plugin-updater.php:48
filterhttp_request_argsincludes\plugin-updater.php:49
filterdebug_bar_panelsincludes\updates\debug-bar-plugin.php:11
actiondebug_bar_enqueue_scriptsincludes\updates\debug-bar-plugin.php:12
filterplugins_apiincludes\updates\plugin-update-checker.php:91
filtersite_transient_update_pluginsincludes\updates\plugin-update-checker.php:94
filtertransient_update_pluginsincludes\updates\plugin-update-checker.php:95
filterplugin_row_metaincludes\updates\plugin-update-checker.php:97
actionadmin_initincludes\updates\plugin-update-checker.php:98
actionall_admin_noticesincludes\updates\plugin-update-checker.php:99
filterupgrader_post_installincludes\updates\plugin-update-checker.php:102
actiondelete_site_transient_update_pluginsincludes\updates\plugin-update-checker.php:103
filtercron_schedulesincludes\updates\plugin-update-checker.php:122
actionadmin_initincludes\updates\plugin-update-checker.php:134
actionload-update-core.phpincludes\updates\plugin-update-checker.php:137
actionplugins_loadedincludes\updates\plugin-update-checker.php:147
Maintenance & Trust

Easy Modal Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedNov 28, 2017
PHP min version
Downloads241K

Community Trust

Rating88/100
Number of ratings124
Active installs8K
Alternatives

Easy Modal Alternatives

Modal Window – create popup modal window

Modal Window – create popup modal window

modal-window

A
96

WordPress popup plugin for easily creating a popup and modal window with any kind of content and settings.

10K 7 CVEs
Popup Box – Easily Create WordPress Popups

Popup Box – Easily Create WordPress Popups

popup-box

A
95

Popup Box lets you create responsive, customizable WordPress popups with live preview, flexible triggers, and smart targeting to boost engagement and &hellip;

5K 4 CVEs
WP Popup

WP Popup

wp-pop-up

A
100

Looking for a new way to entice your site visitors? WP Popup is the lightbox/popup plugin built with performance in mind.

900 No CVEs
PWP Lytebox

PWP Lytebox

pwp-lytebox

A
85

The fast and simple way to make all links pointing to images open in popup modal window.

40 No CVEs
woo-popup

woo-popup

woo-popup

A
85

Display a pop up window after the chosen page is loaded.

30 1 CVE
Developer Profile

Easy Modal Developer Profile

Daniel Iser

7 plugins · 828K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
588 days
View full developer profile
Detection Fingerprints

How We Detect Easy Modal

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-modal/css/bootstrap-modal.css/wp-content/plugins/easy-modal/css/custom.css/wp-content/plugins/easy-modal/css/admin.css/wp-content/plugins/easy-modal/js/admin.js/wp-content/plugins/easy-modal/js/editor.js/wp-content/plugins/easy-modal/js/custom.js/wp-content/plugins/easy-modal/js/bootstrap-modal.js/wp-content/plugins/easy-modal/js/bootstrap-modalmanager.js+2 more
Script Paths
/wp-content/plugins/easy-modal/js/admin.js/wp-content/plugins/easy-modal/js/editor.js/wp-content/plugins/easy-modal/js/custom.js/wp-content/plugins/easy-modal/js/bootstrap-modal.js/wp-content/plugins/easy-modal/js/bootstrap-modalmanager.js/wp-content/plugins/easy-modal/js/admin/modal.js+1 more
Version Parameters
easy-modal/css/bootstrap-modal.css?ver=easy-modal/css/custom.css?ver=easy-modal/css/admin.css?ver=easy-modal/js/admin.js?ver=easy-modal/js/editor.js?ver=easy-modal/js/custom.js?ver=easy-modal/js/bootstrap-modal.js?ver=easy-modal/js/bootstrap-modalmanager.js?ver=easy-modal/js/admin/modal.js?ver=easy-modal/js/admin/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
emodal-overlayemodal-containeremodal-headeremodal-titleemodal-closeemodal-contentemodal-theme-editor-wrapemodal-theme-editor-sidebar+2 more
HTML Comments
<!-- Easy Modal Theme Editor --><!-- Easy Modal Content --><!-- Easy Modal Close Button --><!-- Easy Modal Overlay -->+5 more
Data Attributes
data-modal-iddata-modal-themedata-modal-settingsdata-modal-triggerdata-modal-close-textdata-modal-overlay-color+1 more
JS Globals
easyModalEModalAdminEModalEditorEModalSettingsEModalThemeEditor
Shortcode Output
[easy-modal
FAQ

Frequently Asked Questions about Easy Modal