Does GDY Modular Content have any unpatched vulnerabilities?

No. All known vulnerabilities in GDY Modular Content have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GDY Modular Content compatible with WordPress 6.7.5?

According to WordPress.org data, GDY Modular Content 0.10.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is GDY Modular Content compatible with PHP 5.6+?

GDY Modular Content requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GDY Modular Content updated?

GDY Modular Content was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is GDY Modular Content's security score?

GDY Modular Content has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GDY Modular Content Security & Risk Analysis

wordpress.org/plugins/gdy-modular-content

Create and edit modular content from the frontend of your site.

30 active installs v0.10.2 PHP 5.6+ WP 3.6+ Updated Mar 12, 2026

content-editablefrontend-editinggdy-modular-contentgdymcmodular-content

A · Safe

CVEs total1

Unpatched0

Last CVEJan 6, 2025

Download

Safety Verdict

Is GDY Modular Content Safe to Use in 2026?

Generally Safe

Score 99/100

GDY Modular Content has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 6, 2025Updated 23d ago

Risk Assessment

The "gdy-modular-content" plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the static analysis did not reveal any critical or high-severity taint flows, the absence of authorization checks on 19 out of 20 AJAX entry points creates a wide attack surface. Furthermore, the complete lack of nonce checks on these handlers is a major oversight, leaving them vulnerable to Cross-Site Request Forgery (CSRF) attacks. The SQL queries are also a significant concern, with 100% of them not utilizing prepared statements, which can lead to SQL injection vulnerabilities if the input is not meticulously sanitized, even though the taint analysis didn't flag specific SQL injection flaws.

The plugin's vulnerability history, showing a past medium-severity Cross-site Scripting (XSS) vulnerability, reinforces the concerns around input sanitization and output escaping. Although no currently unpatched vulnerabilities are listed, the nature of the past vulnerability aligns with the observed low percentage of properly escaped outputs (23%), suggesting that this remains a potential area of weakness. The fact that the last vulnerability was in early 2025 is also notable, though potentially a data artifact. Overall, while the plugin has avoided critical flaws in recent analyses, the high number of unprotected AJAX endpoints and the lack of essential security checks like nonces and prepared statements present substantial risks that require immediate attention.

Key Concerns

19 unprotected AJAX handlers
No nonce checks on AJAX handlers
100% SQL queries without prepared statements
Low output escaping percentage (23%)
History of XSS vulnerability

Vulnerabilities

GDY Modular Content Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12153medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting

Jan 6, 2025 Patched in 0.9.93 (18d)

Code Analysis

Analyzed Mar 16, 2026

GDY Modular Content Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

190

56 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared15 total queries

Output Escaping

23% escaped246 total outputs

Data Flows

12 unsanitized

Data Flow Analysis

15 flows12 with unsanitized paths

gdymc_activate_module_action (actions\module.php:20)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

19 unprotected

GDY Modular Content Attack Surface

Entry Points21

Unprotected19

AJAX Handlers 20

authwp_ajax_gdymc_action_deletemoduleincludes\ajax.php:6

authwp_ajax_gdymc_action_deletemoduletypeincludes\ajax.php:38

authwp_ajax_gdymc_action_changemoduletypeincludes\ajax.php:88

authwp_ajax_gdymc_action_changesinglemoduletypeincludes\ajax.php:110

authwp_ajax_gdymc_action_addmoduleincludes\ajax.php:134

authwp_ajax_gdymc_action_saveincludes\ajax.php:185

authwp_ajax_gdymc_action_insertlinkincludes\ajax.php:226

authwp_ajax_gdymc_action_editbuttonincludes\ajax.php:321

authwp_ajax_gdymc_action_imageoverlayincludes\ajax.php:737

authwp_ajax_gdymc_action_imageinfoincludes\ajax.php:896

authwp_ajax_gdymc_update_attachment_imageincludes\ajax.php:974

authwp_ajax_gdymc_action_imagelistincludes\ajax.php:1004

authwp_ajax_gdyModularContentUploadActionincludes\ajax.php:1336

authwp_ajax_gdymc_action_pagelistincludes\ajax.php:1369

authwp_ajax_gdymc_action_postlistincludes\ajax.php:1432

authwp_ajax_gdymc_action_filelistincludes\ajax.php:1491

authwp_ajax_gdymc_action_categorylistincludes\ajax.php:1551

authwp_ajax_gdyModularContentDeleteActionincludes\ajax.php:1643

authwp_ajax_gdymc_action_cropimageincludes\ajax.php:1662

authwp_ajax_gdymc_editlock_removeincludes\editlock.php:139

Shortcodes 1

[gdymc_area] hooks\miscellaneous.php:148

WordPress Hooks 59

actionadmin_post_gdymc_activate_moduleactions\module.php:18

actionadmin_post_gdymc_deactivate_moduleactions\module.php:53

actionadmin_post_gdymc_rename_moduleactions\module.php:89

actionadmin_post_gdymc_save_moduleactions\module.php:111

actionadmin_post_gdymc_run_setupactions\setup.php:3

actioninitgdy-modular-content.php:27

filterplugin_localegdy-modular-content.php:38

actionset_current_usergdy-modular-content.php:121

actionwp_logoutgdy-modular-content.php:150

filtershow_admin_bargdy-modular-content.php:162

filterbody_classgdy-modular-content.php:173

actionshutdowngdy-modular-content.php:196

actionwp_enqueue_scriptsgdy-modular-content.php:209

actionadmin_menuhooks\admin-menu.php:3

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:7

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:17

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:27

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:37

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:47

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:57

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:67

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:77

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:87

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:97

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:107

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:117

actiongdymc_adminbarbuttons_lefthooks\adminbar-buttons.php:127

actiongdymc_adminbarbuttons_righthooks\adminbar-buttons.php:155

actiongdymc_adminbarbuttons_righthooks\adminbar-buttons.php:171

actiongdymc_adminbarbuttons_righthooks\adminbar-buttons.php:198

actiongdymc_noarea_righthooks\adminbar-buttons.php:199

actiongdymc_roledeny_righthooks\adminbar-buttons.php:200

actiongdymc_galleryimage_afterhooks\miscellaneous.php:7

actiongdymc_error_module_missinghooks\miscellaneous.php:24

actiongdymc_error_module_incompletehooks\miscellaneous.php:38

actiongdymc_error_module_missinghooks\miscellaneous.php:53

actiongdymc_error_module_incompletehooks\miscellaneous.php:54

actiongdymc_error_area_nomoduleshooks\miscellaneous.php:76

actiongdymc_error_adminbar_nomodulefolderhooks\miscellaneous.php:94

actiongdymc_error_adminbar_nomoduleshooks\miscellaneous.php:105

actiongdymc_error_adminbar_noareahooks\miscellaneous.php:116

actiongdymc_transfer_attachment_image_sizehooks\miscellaneous.php:168

actioninithooks\miscellaneous.php:264

actiongdymc_modulebarbuttons_lefthooks\modulebar-buttons.php:9

actiongdymc_modulebarbuttons_lefthooks\modulebar-buttons.php:19

actiongdymc_modulebarbuttons_lefthooks\modulebar-buttons.php:29

actiongdymc_modulebarbuttons_righthooks\modulebar-buttons.php:54

actiongdymc_module_options_defaultshooks\modulebar-buttons.php:70

actiongdymc_module_options_visibilityhooks\modulebar-buttons.php:138

filtergdymc_langhooks\translation.php:5

filteroverride_post_lockincludes\editlock.php:90

actionwp_headincludes\editlock.php:97

filterheartbeat_receivedincludes\editlock.php:119

actionwp_footerincludes\editlock.php:159

actionwp_footerincludes\elements.php:10

actionwp_footerincludes\elements.php:26

actionwp_footerincludes\elements.php:45

actionwp_footerincludes\elements.php:76

actioninitincludes\version.php:29

Maintenance & Trust

GDY Modular Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 12, 2026

PHP min version5.6

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

GDY Modular Content Alternatives

Frontend Admin by DynamiApps

acf-frontend-form-element

This awesome plugin allows you to easily display frontend forms on your site so your clients can easily edit content by themselves from the frontend.

10K 13 CVEs

Frontend Product Editor for WooCommerce

frontend-product-editor

The frontend product editor for WooCommerce helps you quickly edit products from the frontend.

500 No CVEs

Frontend Editor ACF

frontend-editor-acf

100

The frontend editor for Advanced Custom Field. I helps you to quickly edit post custom fields (created using Advanced Custom Fields) from the frontend …

100 No CVEs

Edit Widget

edit-widget

This Plugin gives Link in Front-end for Administrator to go to Edit (edit widget link) options of widget in Back-end when Admin is logged in

10 No CVEs

FrontKit for WordPress

frontkit

FrontKit for WordPress.

10 No CVEs

Developer Profile

GDY Modular Content Developer Profile

GDY

2 plugins · 130 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

18 days

View full developer profile

Detection Fingerprints

How We Detect GDY Modular Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gdy-modular-content/_styles/style.css/wp-content/plugins/gdy-modular-content/scripts/log4javascript.js/wp-content/plugins/gdy-modular-content/scripts/rangy_core.js/wp-content/plugins/gdy-modular-content/scripts/rangy_selectionsaverestore.js/wp-content/plugins/gdy-modular-content/scripts/rangy_classapplier.js/wp-content/plugins/gdy-modular-content/scripts/kinetic.js/wp-content/plugins/gdy-modular-content/scripts/mousetrap.js/wp-content/plugins/gdy-modular-content/scripts/dropzone.js+3 more

Script Paths

/wp-content/plugins/gdy-modular-content/scripts/log4javascript.js/wp-content/plugins/gdy-modular-content/scripts/rangy_core.js/wp-content/plugins/gdy-modular-content/scripts/rangy_selectionsaverestore.js/wp-content/plugins/gdy-modular-content/scripts/rangy_classapplier.js/wp-content/plugins/gdy-modular-content/scripts/kinetic.js/wp-content/plugins/gdy-modular-content/scripts/mousetrap.js+4 more

Version Parameters

ver=0.10.2

HTML / DOM Fingerprints

CSS Classes

gdymc_bargdymc_loggedgdymc_editgdymc_visitorgdymc_hardpreviewgdymc_softpreview

Data Attributes

gdymc_hardpreviewgdymc_softpreview

JS Globals

gdymc_dynamic_data

FAQ