Does Modal have any unpatched vulnerabilities?

No. All known vulnerabilities in Modal have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Modal compatible with WordPress 3.5.2?

According to WordPress.org data, Modal 1.0.7 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Modal updated?

Modal was last updated on Jul 29, 2013. Frequent updates are generally a positive security signal.

What is Modal's security score?

Modal has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Modal Security & Risk Analysis

wordpress.org/plugins/modal

Enable modal pages and posts on your blog. Create modal forms for better calls to action!

20 active installs v1.0.7 PHP + WP 3.3.0+ Updated Jul 29, 2013

dialogmodalmodal-dialogmodal-pagemodal-post

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Modal Safe to Use in 2026?

Generally Safe

Score 85/100

Modal has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "modal" plugin v1.0.7 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, SQL injection risks due to prepared statements, and a lack of file operations or external HTTP requests are all positive indicators. Furthermore, the data shows 100% proper output escaping, meaning reflected cross-site scripting (XSS) is unlikely to be an issue.

The attack surface is minimal, with only one shortcode identified and no unprotected entry points. The taint analysis reporting zero flows, especially those with unsanitized paths or critical/high severity, is a significant strength. The plugin's vulnerability history is also completely clean, with no known CVEs, which suggests a history of secure development and maintenance.

Overall, the "modal" plugin v1.0.7 appears to be a very secure option. The primary area of potential, albeit minor, concern from the static analysis is the presence of a shortcode with no explicit mention of capability checks or nonce validation directly associated with its processing. While the overall entry points are low and unprotected ones are zero, shortcodes can sometimes be an avenue for unintended behavior if not properly secured. However, given the other strong signals, this is a very low risk.

Key Concerns

Shortcode exists without explicit capability checks

Vulnerabilities

None known

Modal Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Modal Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped4 total outputs

Attack Surface

Modal Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[modal] modal.php:81

Maintenance & Trust

Modal Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJul 29, 2013

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Modal Alternatives

Responsive Lightbox

responsive-lightbox-lite

100

This plugin offers a nice and elegant way to add Lightbox functionality for images, html content and media on your webpages.

10K No CVEs

ILC FLVBox

ilc-flvbox

Plays FLV video inline in content or in a modal dialog.

10 No CVEs

MakeITeasy Popup

makeiteasy-popup

100

Advanced block based pop-up solution.

1K No CVEs

Modal Dialog

modal-dialog

The purpose of this plugin is to allow users to create one or more modal dialog(s) / pop-up window(s) that will appear when a user visits their site.

500 2 CVEs

CHBD Simple jQuery Modal

chbd-simple-jquery-modal

This plugin will help users to show some nice sorts of jquery styles based on modal features into their websites.

10 No CVEs

Developer Profile

Modal Developer Profile

David Riccitelli

3 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Modal

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/modal/js/modal.js/wp-content/plugins/modal/css/jquery-ui-1.9.2.custom.css

Script Paths

/wp-content/plugins/modal/js/modal.js

Version Parameters

modal/js/modal.js?ver=modal/css/jquery-ui-1.9.2.custom.css?ver=

HTML / DOM Fingerprints

CSS Classes

modal-dialog

Data Attributes

onclick

JS Globals

scmodal

Shortcode Output

<a class='' onclick='scmodal('

FAQ