[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX_FyzHp9zS2CpNvkIwCtzAnhP6JTx9PgKvSZIxIZFn8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":62,"crawl_stats":38,"alternatives":70,"analysis":177,"fingerprints":491},"modal-dialog","Modal Dialog","3.5.17","Yannick Lefebvre","https:\u002F\u002Fprofiles.wordpress.org\u002Fjackdewey\u002F","\u003Cp>The purpose of this plugin is to allow users to create one or more modal dialog(s) \u002F pop-up window(s) that will appear when a user visits their site. The number of times that these can load is configurable. They can load content from external sites or custom HTML code into the dialog. This plugin can be used to invite people to register to a newsletter, respond to a survey, or simply welcome come to a site upon their first visit.\u003C\u002Fp>\n\u003Cp>You can try it out in a temporary copy of WordPress \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fmodal-dialog\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","The purpose of this plugin is to allow users to create one or more modal dialog(s) \u002F pop-up window(s) that will appear when a user visits their site.",500,147896,88,16,"2026-02-15T19:33:00.000Z","6.9.4","2.8","",[20,21,22,23,24],"dialog","modal","multiple","pop-up","window","https:\u002F\u002Fylefebvre.github.io\u002Fwordpress-plugins\u002Fmodal-dialog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmodal-dialog.3.5.17.zip",99,2,0,"2023-04-21 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-31071","modal-dialog-reflected-cross-site-scripting","Modal Dialog \u003C= 3.5.14 - Reflected Cross-Site Scripting","The Modal Dialog plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the modal config id in versions up to, and including, 3.5.14  due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note that only sites running PHP \u003C 8.0 are vulnerable.",null,"\u003C3.5.15","3.5.15","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F99140d47-88bb-48a1-863a-93a558541800?source=api-prod",277,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":44,"published_date":58,"updated_date":45,"references":59,"days_to_patch":61},"CVE-2023-24001","modal-dialog-authenticated-admin-stored-cross-site-scripting","Modal Dialog \u003C= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting","The Modal Dialog plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=3.5.9","3.5.10",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-01-23 00:00:00",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd5f82abe-64bb-4539-8fe7-261fad60cfa9?source=api-prod",365,{"slug":63,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":65,"avg_security_score":66,"avg_patch_time_days":67,"trust_score":68,"computed_at":69},"jackdewey",8,10970,89,529,71,"2026-04-05T02:06:01.471Z",[71,93,117,135,158],{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":90,"download_link":91,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"responsive-lightbox-lite","Responsive Lightbox","1.3.5","subhansanjaya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsubhansanjaya\u002F","\u003Cp>Responsive Lightbox WordPress plugin adds Lightbox functionality for images, html content and media on your webpages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fweaveapps.com\u002Fshop\u002Fwordpress-plugins\u002Fresponsive-lightbox-lite\u002F\" rel=\"nofollow ugc\">Live demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features of this plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive.\u003C\u002Fli>\n\u003Cli>Light weight.\u003C\u002Fli>\n\u003Cli>Option to set automatically add Lightbox to your images, gallery, videos  etc.\u003C\u002Fli>\n\u003Cli>Customisable through settings and CSS.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The \u003Ca href=\"http:\u002F\u002Fweaveapps.com\u002Fshop\u002Fwordpress-plugins\u002Fresponsive-lightbox-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Responsive Lightbox Pro\u003C\u002Fa> includes added support for:\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Responsive and HiDPI compatible.\u003C\u002Fli>\n\u003Cli>Designed to work with the both classic and gutenberg editors\u003C\u002Fli>\n\u003Cli>Touch enabled and mobile friendly.\u003C\u002Fli>\n\u003Cli>Option to add LightBox functionality automatically to your images, gallery, videos etc.\u003C\u002Fli>\n\u003Cli>7 built in CSS powered effects (Fade, Slide, Fall etc.).\u003C\u002Fli>\n\u003Cli>Show image captions automatically.\u003C\u002Fli>\n\u003Cli>Add LightBox functionality for any type of content such as images, image galleries, AJAX, iFrame, Flash, Youtube or Vimeo videos, another website, inline content, HTML etc.\u003C\u002Fli>\n\u003Cli>Easy to use standard admin interface with more than 15 options.\u003C\u002Fli>\n\u003Cli>2 built in themes and simple templating system add your own theme easily.\u003C\u002Fli>\n\u003Cli>Translation ready.\u003C\u002Fli>\n\u003Cli>Multisite support.\u003C\u002Fli>\n\u003Cli>Search engine optimised.\u003C\u002Fli>\n\u003Cli>Light weight. (Smaller file size which load faster.).\u003C\u002Fli>\n\u003Cli>Support all browsers: Firefox, Chrome, IE, Safari etc.\u003C\u002Fli>\n\u003Cli>Compatible with any theme.\u003C\u002Fli>\n\u003Cli>Developed in best practices of CSS3 and HTML5.\u003C\u002Fli>\n\u003Cli>Easy to customise through settings and custom option to override styles, if necessary without editing the css files.\u003C\u002Fli>\n\u003Cli>Change default colors with color pickers.\u003C\u002Fli>\n\u003Cli>Integrated with automatic updates.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin offers a nice and elegant way to add Lightbox functionality for images, html content and media on your webpages.",10000,197423,92,41,"2025-08-08T09:41:00.000Z","6.8.5","4.5",[87,4,88,23,89],"lightbox","nivo-lightbox","responsive-lightbox","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresponsive-lightbox-lite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-lightbox-lite.1.3.5.zip",100,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":64,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":18,"tags":107,"homepage":112,"download_link":113,"security_score":114,"vuln_count":115,"unpatched_count":115,"last_vuln_date":116,"fetched_at":31},"bootstrap-modals","Bootstrap Modals","1.3.2","neilgee","https:\u002F\u002Fprofiles.wordpress.org\u002Fneilgee\u002F","\u003Cp>This plugin adds Bootstrap v3 Modal functionality to WordPress.\u003C\u002Fp>\n\u003Cp>It adds just the Bootstrap Javascript Plugin for Modals and associated CSS.\u003C\u002Fp>\n\u003Cp>This does not bring in any other Bootstrap javascript or CSS functionality.\u003C\u002Fp>\n\u003Cp>There is sample HTML mark up code in the readme.txt for a selector and modal target element.\u003C\u002Fp>\n\u003Cp>Options to override the default CSS modal styling and also use a shortcode.\u003C\u002Fp>\n\u003Cp>Option to disable Bootstrap JS\u002FCSS files in case of conflict.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Use either the Bootstrap API markup or Javascript to trigger the modal windows, this can be found here: http:\u002F\u002Fgetbootstrap.com\u002Fjavascript\u002F#modals\u003C\u002Fp>\n\u003Cp>There is also further usage information here: http:\u002F\u002Fcoolestguidesontheplanet.com\u002Fbootstrap\u002Fmodal.php\u003C\u002Fp>\n\u003Cp>Mark up needs to be directly applied to post\u002Fpage or widget area or via a shortcode.\u003C\u002Fp>\n\u003Cp>Options to override the default CSS styling.\u003C\u002Fp>\n\u003Cp>Here is a simple HTML Modal MarkUp\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C!-- Button trigger modal -->\n\u003Ca class=\"btn btn-primary btn-lg\" href=\"#myModal1\" data-toggle=\"modal\">Launch demo modal\u003C\u002Fa>\n\n\u003C!-- Modal -->\n\u003Cdiv id=\"myModal1\" class=\"modal fade\" tabindex=\"-1\">\n    \u003Cdiv class=\"modal-dialog\">\n        \u003Cdiv class=\"modal-content\">\n            \u003Cdiv class=\"modal-header\">\n                \u003Cbutton class=\"close\" type=\"button\" data-dismiss=\"modal\">×\u003C\u002Fbutton>\n                    \u003Ch4 class=\"modal-title\">My Title in a Modal Window\u003C\u002Fh4>\n            \u003C\u002Fdiv>\n            \u003Cdiv class=\"modal-body\">This is the body of a modal...\u003C\u002Fdiv>\n            \u003Cdiv class=\"modal-footer\">This is the footer of a modal...\u003C\u002Fdiv>\n            \u003C\u002Fdiv>\u003C!-- \u002F.modal-content -->\n    \u003C\u002Fdiv>\u003C!-- \u002F.modal-dialog -->\n\u003C\u002Fdiv>\u003C!-- \u002F.modal -->\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can change the modal size by adding an extra CSS class to the \u003Cstrong>.modal-dialog\u003C\u002Fstrong> div;\u003C\u002Fp>\n\u003Cpre>modal-lg\u003C\u002Fpre>\n\u003Cp>or\u003C\u002Fp>\n\u003Cpre>modal-sm\u003C\u002Fpre>\n\u003Cp>for large and small respectively.\u003C\u002Fp>\n\u003Cp>Since version 1.0.2 extra CSS is included to set the close button to a state similar to Bootstrap install, to override the default CSS for the close button use a CSS selector .modal-dialog .close { } in your CSS styles.\u003C\u002Fp>\n","This plugin adds Bootstrap Modal functionality to WordPress. All you need to do is add the Modal HTML mark up code.",1000,43489,90,"2019-05-17T06:49:00.000Z","5.2.24","3.8",[108,109,110,111],"bootstrap","modals","pop-ups","windows","http:\u002F\u002Fwpbeaches.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbootstrap-modals.1.3.2.zip",63,1,"2025-12-31 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":101,"downloaded":125,"rating":92,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":18,"download_link":134,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"makeiteasy-popup","MakeITeasy Popup","1.4.0","Lovro Hrust","https:\u002F\u002Fprofiles.wordpress.org\u002Flovor\u002F","\u003Cp>Need popups to grab your users’ attention? Marketing call-to-actions that open on scroll, timer, click, matched referer, hover, or exit intent?\u003Cbr \u002F>\nMultiple popups on one page? This plugin has it all. It provides styling consistent with core block editor blocks plus additional features.\u003C\u002Fp>\n\u003Ch4>Why choose Makeiteasy Popup?\u003C\u002Fh4>\n\u003Cp>▶️ Unlike some other plugins, Makeiteasy Popup integrates seamlessly with WordPress,\u003Cbr \u002F>\nfeeling like a native, built-in WP block. It’s lightweight and self-sufficient,\u003Cbr \u002F>\nwithout the heavy burden of a large blocks library.\u003Cbr \u002F>\nIt relies on a single tiny dependency – micromodal.js – with a combined total of only 10 kB of JavaScript❕\u003C\u002Fp>\n\u003Cp>👆 Try demo – there is a “Live preview” button on the top of this page 👆\u003C\u002Fp>\n\u003Cp>❗ Sometimes “Live preview” does not start due to slower responds of servers with resources. If progress stops with black screen or\u003Cbr \u002F>\nprogress indicator does not advance anymore (loading should be finished at max 30 seconds) – in that case please refresh the page in browser.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>🥇 \u003Cstrong>Feature-Rich\u003C\u002Fstrong> and \u003Cstrong>free\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>🥈 \u003Cstrong>Fully Open Source\u003C\u002Fstrong>: Including the block source code. Fork and adjust as needed.\u003C\u002Fli>\n\u003Cli>🥉 \u003Cstrong>Developer friendly\u003C\u002Fstrong>: Hooks for modifications and unopinionated starting CSS.\u003C\u002Fli>\n\u003Cli>⏲️ \u003Cstrong>Future-Proof Compatibility\u003C\u002Fstrong>: Guaranteed compatibility with future WordPress versions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>🆕 Added “open on exit intent” feature. \u003Cstrong>It works only on desktop.\u003C\u002Fstrong> When popup is set up to open on exit intent and\u003Cbr \u002F>\nuser moves mouse outside the top border of the browser inner window (screen), popup appears. User can choose when feature is activated\u003Cbr \u002F>\n(after how many seconds since page was loaded), so popup can’t open too early.\u003C\u002Fp>\n\u003Cp>⏱️❗\u003Cstrong>Queue\u003C\u002Fstrong> if another popup is opened, popup is placed in queue and opened upon closing the former.\u003C\u002Fp>\n\u003Ch3>Known limitations\u003C\u002Fh3>\n\u003Cp>Currently, opening several modal popups simultaneously is impossible due to the limitations of the Micromodal.js library.\u003Cbr \u002F>\nFuture versions will replace this library with the native \u003Ccode>Dialog\u003C\u002Fcode> HTML element, including automatic migration for existing popups.\u003C\u002Fp>\n\u003Ch3>Block options\u003C\u002Fh3>\n\u003Cp>The block sidebar provides many options, most of which function similarly to other blocks. Notable options include:\u003Cbr \u002F>\n– \u003Cstrong>Opening time selector\u003C\u002Fstrong>: See the detailed section below.\u003Cbr \u002F>\n– \u003Cstrong>Layout type\u003C\u002Fstrong>: Floating, Fixed, Attached\u003Cbr \u002F>\n– \u003Cstrong>Popup Enabled\u003C\u002Fstrong>: Temporarily hide the popup without deleting it.\u003Cbr \u002F>\n– \u003Cstrong>Open on interval\u003C\u002Fstrong>: Open on given interval in days.\u003Cbr \u002F>\n– \u003Cstrong>Open on matching referer\u003C\u002Fstrong>: Open if the user’s referral URL matches.\u003C\u002Fp>\n\u003Ch4>Layout Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Floating\u003C\u002Fstrong>: popup floats above content. Clicking on area outside popup closes it.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fixed\u003C\u002Fstrong>: popup is “fixed” to one of sides of screen — top, bottom, right, left\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attached\u003C\u002Fstrong>: popup is attached to element on screen. When user scrolls, it moves with it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Modality\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Modal\u003C\u002Fstrong>: popup blocks everything else on screen, scrolling is not possible, popup can be closed by clicking outside of popup\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modeless\u003C\u002Fstrong>: popup is non-blocking, user can scroll, popup can’t be closed by clicking outside of popup\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developers\u003C\u002Fh3>\n\u003Ch4>Github repository\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FLovor01\u002Fmakeiteasy-popup\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FLovor01\u002Fmakeiteasy-popup\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Changing the Close button\u003C\u002Fh4>\n\u003Cp>Using Javascript:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>import { ReactComponent as CloseIcon } from '..\u002Fassets\u002Fclose-x.svg';\naddFilter( 'makeiteasy-closeButtonIcon', 'makeiteasy\u002Fmakeiteasy-popup\u002Fclose-icon', () => (\u003CCloseIcon \u002F>) );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you customize button this way and you already have posts(or pages) with popup block,\u003Cbr \u002F>\non post reopening the message “This block contains unexpected or invalid content.” will be presented.\u003Cbr \u002F>\nIn such case choose “Attempt to repair block” and if it looks good, save post.\u003C\u002Fp>\n\u003Cp>Using PHP:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_action( 'render_block_makeiteasy\u002Fpopup', function($content) {\n  $svg = file_get_contents( __DIR__ . '\u002Fpath_to_file\u002Fclose-button-dark.svg' );\n  return preg_replace(\n    '~(\u003Cbutton.*class=\"makeiteasy-popup-close\".*?>).*(\u003C\u002Fbutton>)~m',\n    \"$1$svg$2\",\n    $content\n    );\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Attaching Code to Modal Events\u003C\u002Fh4>\n\u003Cp>Custom events ‘makeiteasy\u002FopenModal’ and ‘makeiteasy\u002FcloseModal’ are fired on modal open and close. Events fire on modal itself, DOM element\u003Cbr \u002F>\nwith class \u003Ccode>.wp-block-makeiteasy-popup\u003C\u002Fcode>.\u003C\u002Fp>\n","Advanced block based pop-up solution.",11646,5,"2026-03-06T00:25:00.000Z","7.0","6.8","7.4",[132,20,21,23,133],"block","popup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmakeiteasy-popup.1.4.0.zip",{"slug":136,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":144,"num_ratings":145,"last_updated":146,"tested_up_to":147,"requires_at_least":148,"requires_php":18,"tags":149,"homepage":154,"download_link":155,"security_score":156,"vuln_count":115,"unpatched_count":29,"last_vuln_date":157,"fetched_at":31},"woo-popup","1.3.4","Guillaume","https:\u002F\u002Fprofiles.wordpress.org\u002Fguillaume-lostweb\u002F","\u003Cp>A plugin to show a pop up window with any text, links, images, and even shortcodes when on the chosen page or all pages. Useful to present your customers with possible shipping delays if using woocommerce or anything else you can think about.\u003Cbr \u002F>\nYou can use it permanently or between 2 defined dates.\u003Cbr \u002F>\nWas made for woocommerce, late shipping or important info at the begining, but can be used on any wordpress installation.\u003C\u002Fp>\n\u003Ch3>Updates\u003C\u002Fh3>\n\u003Ch4>1.3\u003C\u002Fh4>\n\u003Cp>Updated PrettyPhoto and 2 more options, show\u002Fhide to returning visitors as well as prettyPhoto theming and cdn loading of the prettyPhoto.js file\u003C\u002Fp>\n\u003Ch4>1.2\u003C\u002Fh4>\n\u003Cp>Added option to display the popup permanently(no dates would then need to be selected) and possibility to choose the timezone you are in.\u003Cbr \u002F>\nAlso possibility to display the popup on all pages.\u003C\u002Fp>\n\u003Ch4>1.1\u003C\u002Fh4>\n\u003Cp>Added wpaoutop for formatting and possibility to add a class to the content.\u003C\u002Fp>\n","Display a pop up window after the chosen page is loaded.",30,12834,70,6,"2015-10-30T18:02:00.000Z","4.2.39","3.5.1",[150,151,23,152,153],"display-info-after-a-product-is-added","modal-window","woocommerce","woopopup","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-popup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-popup.1.3.4.zip",85,"2015-05-21 00:00:00",{"slug":159,"name":160,"version":161,"author":162,"author_profile":163,"description":164,"short_description":165,"active_installs":29,"downloaded":166,"rating":29,"num_ratings":29,"last_updated":167,"tested_up_to":168,"requires_at_least":169,"requires_php":170,"tags":171,"homepage":18,"download_link":176,"security_score":156,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"raw-html-modal-window","Raw HTML Modal Window","1.1","electricfire","https:\u002F\u002Fprofiles.wordpress.org\u002Felectricfire\u002F","\u003Cp>Raw HTML Modal Window is a plugin for folks that feel comfortable using HTML and CSS code to ultimately control the layout of their pop-up window.\u003C\u002Fp>\n\u003Cp>By default it shows a pop-up on the front page, you can provide a single or list of post\u002Fpage IDs to trigger it on any spesific page(s). The plugin is very lightweight and uses minimum system resources.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 4.5 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.5.37 or higher\u003C\u002Fli>\n\u003Cli>MySQL 5.x or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Main Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Provides example HTML and CSS code to get you started\u003C\u002Fli>\n\u003Cli>Very lightweight on system resources, uses “staight” Javascript, no framework or library required.\u003C\u002Fli>\n\u003Cli>Outputs its CSS and Javascript code directly into the\u003Cbr \u002F>\npage to minimize HTTP requests.\u003C\u002Fli>\n\u003Cli>Provides delay, z-index, fading speed control through the admin interface.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin is intended for folks who prefer to use HTML\u002FCSS for ultimate control of the layout for a pop-up window. It uses minimum sys resources",1170,"2018-12-14T10:27:00.000Z","5.0.25","4.0","5.5.37",[172,173,151,174,175],"fast","lightweight","pop-up-window","web-designers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fraw-html-modal-window.zip",{"attackSurface":178,"codeSignals":238,"taintFlows":334,"riskAssessment":480,"analyzedAt":490},{"hooks":179,"ajaxHandlers":234,"restRoutes":235,"shortcodes":236,"cronEvents":237,"entryPointCount":29,"unprotectedCount":29},[180,187,192,196,199,203,207,210,213,217,220,223,226,230],{"type":181,"name":182,"callback":183,"priority":184,"file":185,"line":186},"filter","screen_layout_columns","on_screen_layout_columns",10,"modal-dialog-admin.php",11,{"type":188,"name":189,"callback":190,"file":185,"line":191},"action","admin_menu","on_admin_menu",13,{"type":188,"name":193,"callback":194,"file":185,"line":195},"admin_post_save_modal_dialog_general","on_save_changes_general",15,{"type":188,"name":197,"callback":198,"file":185,"line":14},"admin_post_save_modal_dialog_configurations","on_save_changes_configurations",{"type":188,"name":200,"callback":201,"file":185,"line":202},"add_meta_boxes","add_post_meta_boxes",18,{"type":188,"name":204,"callback":205,"file":185,"line":206},"edit_post","md_editsave_post_field",20,{"type":188,"name":208,"callback":205,"file":185,"line":209},"save_post",21,{"type":188,"name":211,"callback":211,"file":185,"line":212},"admin_enqueue_scripts",23,{"type":188,"name":214,"callback":215,"file":216,"line":156},"admin_head","modal_dialog_admin_header","modal-dialog.php",{"type":188,"name":218,"callback":219,"file":216,"line":13},"wp_enqueue_scripts","enqueue_scripts",{"type":181,"name":221,"callback":222,"priority":186,"file":216,"line":66},"modal_dialog_content","do_shortcode",{"type":188,"name":224,"callback":225,"priority":115,"file":216,"line":92},"wp_head","modal_dialog_header",{"type":188,"name":227,"callback":228,"priority":101,"file":216,"line":229},"wp_footer","modal_dialog_footer",101,{"type":188,"name":231,"callback":232,"priority":184,"file":216,"line":233},"comment_post_redirect","comment_redirect_filter",106,[],[],[],[],{"dangerousFunctions":239,"sqlUsage":240,"outputEscaping":242,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":126,"bundledLibraries":333},[],{"prepared":29,"raw":29,"locations":241},[],{"escaped":243,"rawEcho":244,"locations":245},37,43,[246,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331],{"file":185,"line":247,"context":248},266,"raw output",{"file":185,"line":250,"context":248},273,{"file":185,"line":252,"context":248},296,{"file":185,"line":254,"context":248},297,{"file":185,"line":256,"context":248},298,{"file":185,"line":258,"context":248},305,{"file":185,"line":260,"context":248},333,{"file":185,"line":262,"context":248},509,{"file":185,"line":264,"context":248},567,{"file":185,"line":266,"context":248},571,{"file":185,"line":268,"context":248},672,{"file":185,"line":270,"context":248},834,{"file":185,"line":272,"context":248},838,{"file":185,"line":274,"context":248},863,{"file":185,"line":276,"context":248},864,{"file":185,"line":278,"context":248},865,{"file":185,"line":280,"context":248},866,{"file":185,"line":282,"context":248},872,{"file":185,"line":284,"context":248},879,{"file":185,"line":286,"context":248},885,{"file":185,"line":288,"context":248},889,{"file":185,"line":290,"context":248},960,{"file":185,"line":292,"context":248},962,{"file":185,"line":294,"context":248},963,{"file":216,"line":296,"context":248},123,{"file":216,"line":298,"context":248},128,{"file":216,"line":300,"context":248},129,{"file":216,"line":302,"context":248},130,{"file":216,"line":304,"context":248},131,{"file":216,"line":306,"context":248},132,{"file":216,"line":308,"context":248},133,{"file":216,"line":310,"context":248},134,{"file":216,"line":312,"context":248},135,{"file":216,"line":314,"context":248},138,{"file":216,"line":316,"context":248},139,{"file":216,"line":318,"context":248},140,{"file":216,"line":320,"context":248},141,{"file":216,"line":322,"context":248},142,{"file":216,"line":324,"context":248},143,{"file":216,"line":326,"context":248},144,{"file":216,"line":328,"context":248},145,{"file":216,"line":330,"context":248},161,{"file":216,"line":332,"context":248},794,[],[335,367,379,394,416,430,445],{"entryPoint":336,"graph":337,"unsanitizedCount":28,"severity":41},"on_show_page (modal-dialog-admin.php:242)",{"nodes":338,"edges":362},[339,344,349,352,356],{"id":340,"type":341,"label":342,"file":185,"line":343},"n0","source","$_GET",252,{"id":345,"type":346,"label":347,"file":185,"line":250,"wp_function":348},"n1","sink","echo() [XSS]","echo",{"id":350,"type":341,"label":342,"file":185,"line":351},"n2",284,{"id":353,"type":354,"label":355,"file":185,"line":351},"n3","transform","→ modal_dialog_default_config()",{"id":357,"type":346,"label":358,"file":359,"line":360,"wp_function":361},"n4","update_option() [Settings Manipulation]","modal-dialog-defaults.php",61,"update_option",[363,365,366],{"from":340,"to":345,"sanitized":364},false,{"from":350,"to":353,"sanitized":364},{"from":353,"to":357,"sanitized":364},{"entryPoint":368,"graph":369,"unsanitizedCount":115,"severity":41},"modal_dialog_header (modal-dialog.php:220)",{"nodes":370,"edges":376},[371,373,375],{"id":340,"type":341,"label":342,"file":216,"line":372},332,{"id":345,"type":354,"label":374,"file":216,"line":372},"→ modal_dialog_admin_header()",{"id":350,"type":346,"label":347,"file":216,"line":330,"wp_function":348},[377,378],{"from":340,"to":345,"sanitized":364},{"from":345,"to":350,"sanitized":364},{"entryPoint":380,"graph":381,"unsanitizedCount":28,"severity":41},"modal_dialog_footer (modal-dialog.php:353)",{"nodes":382,"edges":390},[383,385,386,388,389],{"id":340,"type":341,"label":342,"file":216,"line":384},362,{"id":345,"type":346,"label":347,"file":216,"line":332,"wp_function":348},{"id":350,"type":341,"label":342,"file":216,"line":387},457,{"id":353,"type":354,"label":355,"file":216,"line":387},{"id":357,"type":346,"label":358,"file":359,"line":360,"wp_function":361},[391,392,393],{"from":340,"to":345,"sanitized":364},{"from":350,"to":353,"sanitized":364},{"from":353,"to":357,"sanitized":364},{"entryPoint":395,"graph":396,"unsanitizedCount":415,"severity":41},"\u003Cmodal-dialog> (modal-dialog.php:0)",{"nodes":397,"edges":409},[398,399,400,401,402,403,405,407],{"id":340,"type":341,"label":342,"file":216,"line":384},{"id":345,"type":346,"label":347,"file":216,"line":332,"wp_function":348},{"id":350,"type":341,"label":342,"file":216,"line":372},{"id":353,"type":354,"label":374,"file":216,"line":372},{"id":357,"type":346,"label":347,"file":216,"line":330,"wp_function":348},{"id":404,"type":341,"label":342,"file":216,"line":387},"n5",{"id":406,"type":354,"label":355,"file":216,"line":387},"n6",{"id":408,"type":346,"label":358,"file":359,"line":360,"wp_function":361},"n7",[410,411,412,413,414],{"from":340,"to":345,"sanitized":364},{"from":350,"to":353,"sanitized":364},{"from":353,"to":357,"sanitized":364},{"from":404,"to":406,"sanitized":364},{"from":406,"to":408,"sanitized":364},3,{"entryPoint":417,"graph":418,"unsanitizedCount":29,"severity":429},"on_save_changes_general (modal-dialog-admin.php:342)",{"nodes":419,"edges":426},[420,423],{"id":340,"type":341,"label":421,"file":185,"line":422},"$_POST['_wp_http_referer']",370,{"id":345,"type":346,"label":424,"file":185,"line":422,"wp_function":425},"wp_redirect() [Open Redirect]","wp_redirect",[427],{"from":340,"to":345,"sanitized":428},true,"low",{"entryPoint":431,"graph":432,"unsanitizedCount":29,"severity":429},"on_save_changes_configurations (modal-dialog-admin.php:374)",{"nodes":433,"edges":442},[434,437,439,441],{"id":340,"type":341,"label":435,"file":185,"line":436},"$_POST (x2)",384,{"id":345,"type":346,"label":358,"file":185,"line":438,"wp_function":361},472,{"id":350,"type":341,"label":421,"file":185,"line":440},475,{"id":353,"type":346,"label":424,"file":185,"line":440,"wp_function":425},[443,444],{"from":340,"to":345,"sanitized":428},{"from":350,"to":353,"sanitized":428},{"entryPoint":446,"graph":447,"unsanitizedCount":115,"severity":429},"\u003Cmodal-dialog-admin> (modal-dialog-admin.php:0)",{"nodes":448,"edges":472},[449,451,452,453,455,457,458,459,460,463,466,468,470],{"id":340,"type":341,"label":450,"file":185,"line":343},"$_GET (x2)",{"id":345,"type":346,"label":347,"file":185,"line":250,"wp_function":348},{"id":350,"type":341,"label":342,"file":185,"line":343},{"id":353,"type":346,"label":358,"file":185,"line":454,"wp_function":361},367,{"id":357,"type":341,"label":456,"file":185,"line":422},"$_POST['_wp_http_referer'] (x2)",{"id":404,"type":346,"label":424,"file":185,"line":422,"wp_function":425},{"id":406,"type":341,"label":435,"file":185,"line":436},{"id":408,"type":346,"label":358,"file":185,"line":438,"wp_function":361},{"id":461,"type":341,"label":462,"file":185,"line":436},"n8","$_POST (x23)",{"id":464,"type":346,"label":347,"file":185,"line":465,"wp_function":348},"n9",591,{"id":467,"type":341,"label":342,"file":185,"line":351},"n10",{"id":469,"type":354,"label":355,"file":185,"line":351},"n11",{"id":471,"type":346,"label":358,"file":359,"line":360,"wp_function":361},"n12",[473,474,475,476,477,478,479],{"from":340,"to":345,"sanitized":428},{"from":350,"to":353,"sanitized":428},{"from":357,"to":404,"sanitized":428},{"from":406,"to":408,"sanitized":428},{"from":461,"to":464,"sanitized":428},{"from":467,"to":469,"sanitized":364},{"from":469,"to":471,"sanitized":364},{"summary":481,"deductions":482},"The 'modal-dialog' v3.5.17 plugin exhibits a mixed security posture. On the positive side, there are no identified AJAX handlers or REST API routes without authentication or proper permission checks, and no shortcodes or cron events are present, contributing to a minimal attack surface. Furthermore, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are good security practices. The presence of nonce and capability checks also indicates some effort towards securing functionalities.\n\nHowever, a significant concern arises from the static analysis regarding output escaping. With 46% of outputs not properly escaped, there is a considerable risk of Cross-Site Scripting (XSS) vulnerabilities. This is further corroborated by the vulnerability history, which shows two medium-severity CVEs, both identified as Cross-Site Scripting (XSS), with the last one occurring relatively recently in April 2023. The taint analysis also highlights five flows with unsanitized paths, suggesting potential avenues for injection attacks, although these were not classified as critical or high severity in this analysis.\n\nIn conclusion, while the plugin has strengths in minimizing its attack surface and securing database interactions, the prevalent issue of unescaped output and the history of XSS vulnerabilities are serious concerns. The recent nature of past vulnerabilities suggests that these issues may not have been fully addressed or that the underlying coding practices still leave room for such weaknesses. Users should be cautious due to the potential for XSS, and developers should prioritize improving output sanitization.",[483,485,487],{"reason":484,"points":145},"Significant portion of outputs not properly escaped",{"reason":486,"points":184},"History of medium severity XSS vulnerabilities",{"reason":488,"points":489},"Flows with unsanitized paths found",4,"2026-03-16T19:33:00.279Z",{"wat":492,"direct":505},{"assetPaths":493,"generatorPatterns":499,"scriptPaths":500,"versionParams":502},[494,495,496,497,498],"\u002Fwp-content\u002Fplugins\u002Fmodal-dialog\u002Ffancybox\u002Fjquery.fancybox-1.3.4.css","\u002Fwp-content\u002Fplugins\u002Fmodal-dialog\u002Fjs\u002Fmodal-dialog.js","\u002Fwp-content\u002Fplugins\u002Fmodal-dialog\u002Fjs\u002Fmodal-dialog-admin.js","\u002Fwp-content\u002Fplugins\u002Fmodal-dialog\u002Fcss\u002Fmodal-dialog-admin.css","\u002Fwp-content\u002Fplugins\u002Fmodal-dialog\u002Fcss\u002Fmodal-dialog.css",[],[501,495,496],"\u002Fwp-content\u002Fplugins\u002Fmodal-dialog\u002Ffancybox\u002Fjquery.fancybox-1.3.4.js",[503,504],"modal-dialog\u002Fstyle.css?ver=","modal-dialog\u002Fscript.js?ver=",{"cssClasses":506,"htmlComments":514,"htmlAttributes":518,"restEndpoints":520,"jsGlobals":521,"shortcodeOutput":524},[507,508,509,510,511,512,513],"modal-dialog-popup","fancybox-close","fancybox-title-over","fancybox-nav","fancybox-prev","fancybox-next","fancybox-overlay",[515,516,517,517],"\u003C!-- [if lt IE 7] -->","\u003C!-- [\u002Fif] -->","\u003C!-- modal-dialog -->",[519],"data-modal-dialog-id",[],[522,523],"jQuery.fancybox","modal_dialog_var",[525,526],"[modal-dialog","[\u002Fmodal-dialog]"]