WP-Safety

Elegance Modal Box Security & Risk Analysis

wordpress.org/plugins/elegance-modal-box

Simple, elegant and responsive modal pop-up box which appears when a visitor enters your site. Cookies support for apper-just-once function.

70 active installs v1.2.0 PHP + WP 3.0.0+ Updated Dec 27, 2014
advertislightboxmodal-boxmodalspop-up
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Elegance Modal Box Safe to Use in 2026?

Generally Safe

Score 85/100

Elegance Modal Box has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The elegance-modal-box plugin v1.2.0 exhibits a mixed security posture. On the positive side, the absence of known CVEs and the exclusive use of prepared statements for SQL queries are strong indicators of good security practices and a history of stability. The plugin also avoids file operations and external HTTP requests, further reducing its attack surface.

However, significant concerns arise from the static analysis. The most critical finding is the presence of a taint flow with an unsanitized path, indicating a potential vulnerability where user input could be used in a way that leads to unintended consequences, though its severity is not rated as critical or high. Furthermore, a complete lack of output escaping for all 24 identified outputs is a major security flaw. This means any dynamic content displayed by the plugin is vulnerable to cross-site scripting (XSS) attacks.

While the plugin has no recorded vulnerabilities, this historical absence does not guarantee future security. The identified taint flow and the pervasive lack of output escaping represent immediate and serious risks that require attention. The plugin's strengths lie in its SQL handling and avoidance of common risky operations, but its output sanitization and taint handling are severe weaknesses.

Key Concerns

  • Unescaped output on all outputs
  • Flow with unsanitized path
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Elegance Modal Box Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Elegance Modal Box Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
24
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped24 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<elegance-modal-admin> (elegance-modal-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Elegance Modal Box Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[elegance-modal-box] elegance-modal.php:133
WordPress Hooks 4
actionadmin_menuelegance-modal.php:22
actionadmin_enqueue_scriptselegance-modal.php:46
actionget_footerelegance-modal.php:53
actionwp_enqueue_scriptselegance-modal.php:145
Maintenance & Trust

Elegance Modal Box Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.0
Last updatedDec 27, 2014
PHP min version
Downloads12K

Community Trust

Rating86/100
Number of ratings6
Active installs70
Alternatives

Elegance Modal Box Alternatives

Pop-up

Pop-up

pop-up-pop-up

A
99

Pop-up Popups

10K 2 CVEs
WP Modal Popup with Cookie Integration

WP Modal Popup with Cookie Integration

wp-modal-popup-with-cookie-integration

A
98

WP Modal Popup with Cookie Integration is the smart, responsive, customizable and beautifully coded popup for visitors with cookie integration.

1K 2 CVEs
Responsive Lightbox

Responsive Lightbox

responsive-lightbox-lite

A
100

This plugin offers a nice and elegant way to add Lightbox functionality for images, html content and media on your webpages.

10K No CVEs
Bootstrap Modals

Bootstrap Modals

bootstrap-modals

C
63

This plugin adds Bootstrap Modal functionality to WordPress. All you need to do is add the Modal HTML mark up code.

1K 1 unpatched
VenoBox Lightbox

VenoBox Lightbox

venobox-lightbox

A
85

This plugin adds the VenoBox Responsive Lightbox to links to display Vimeo and YouTube videos, images, galleries, iframe, inline content in a lightbox &hellip;

1K No CVEs
Developer Profile

Elegance Modal Box Developer Profile

elegancenet

1 plugin · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Elegance Modal Box

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/elegance-modal-box/css/elegance-modal-admin.css/wp-content/plugins/elegance-modal-box/js/elegance-modal-admin.js/wp-content/plugins/elegance-modal-box/css/elegance-modal.css/wp-content/plugins/elegance-modal-box/js/jquery-cookie.js/wp-content/plugins/elegance-modal-box/js/elegance-modal.js
Script Paths
/wp-content/plugins/elegance-modal-box/js/jquery.timepicker.js/wp-content/plugins/elegance-modal-box/js/elegance-modal-admin.js/wp-content/plugins/elegance-modal-box/js/jquery-cookie.js/wp-content/plugins/elegance-modal-box/js/elegance-modal.js
Version Parameters
elegance-modal-style?ver=elegance-modal-admin?ver=elegance-modal-script?ver=elegance-modal-script-handle?ver=jquery-cookie?ver=1.0.0elegance-modal-script?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
elegance-responsiveelegance-modal-content
Data Attributes
data-widthdata-heightdata-appear_afterdata-cookie_lifetimedata-wrap_backgrounddata-box_background+4 more
JS Globals
elegance_modal_scriptsmake_elegance_modalshow_elegance_modal_shortcodeshow_elegance_modalelegance_modal_admin_actionselegance_modal_admin+3 more
Shortcode Output
<div id="elegance-modal-wrap" style="display:none;"></div><div id="elegance-modal" class="elegance-responsive" style="display:none;" <div id="elegance-modal-box"><span id="elegance-modal-close">X</span>
FAQ

Frequently Asked Questions about Elegance Modal Box