WP-Safety

Modal Popup Box: A Flexible Pop Up Box Builder Security & Risk Analysis

wordpress.org/plugins/modal-popup-box

Create and manage a customizable pop up box on your WordPress website. Embed anything from videos and images to forms and shortcodes.

2K active installs v1.6.2 PHP 7.4+ WP 4.0+ Updated Dec 11, 2025
modal-popuppop-up-boxpopup-builderpopup-makerresponsive-popups
94
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 11, 2026
Plugin page Download
Safety Verdict

Is Modal Popup Box: A Flexible Pop Up Box Builder Safe to Use in 2026?

Generally Safe

Score 94/100

Modal Popup Box: A Flexible Pop Up Box Builder has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 11, 2026Updated 3mo ago
Risk Assessment

The "modal-popup-box" plugin, version 1.6.2, exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, file operations, and external HTTP requests, coupled with the use of prepared statements for all SQL queries and a high percentage of properly escaped output, are positive indicators. Furthermore, robust nonce and capability checks are implemented, suggesting an effort to protect against common attack vectors. The attack surface is minimal and appears to be protected.

However, the vulnerability history is a significant concern. With two known high-severity CVEs, both related to deserialization of untrusted data, this indicates a recurring pattern of potential weaknesses in how the plugin handles data. The fact that the last vulnerability was in 2026-02-11 is unusual and might suggest an error in the data provided; assuming it's a recent vulnerability, the lack of currently unpatched vulnerabilities is a positive sign, but the historical pattern of deserialization issues remains a notable risk.

In conclusion, while the code itself shows good development practices in areas like SQL sanitization and output escaping, the plugin's past has been marred by critical security flaws. Users should remain vigilant and ensure all updates are applied promptly, especially given the historical susceptibility to deserialization vulnerabilities.

Key Concerns

  • High severity vulnerabilities in history
  • Unusual date for last vulnerability
Vulnerabilities
2

Modal Popup Box: A Flexible Pop Up Box Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
2

2 total CVEs

CVE-2025-68526high · 7.5Deserialization of Untrusted Data

Modal Popup Box <= 1.6.1 - Authenticated (Contributor+) PHP Object Injection

Feb 11, 2026 Patched in 1.6.2 (7d)
CVE-2024-2008high · 8.8Deserialization of Untrusted Data

Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode

Apr 3, 2024 Patched in 1.5.3 (1d)
Code Analysis
Analyzed Mar 16, 2026

Modal Popup Box: A Flexible Pop Up Box Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
22
240 escaped
Nonce Checks
6
Capability Checks
16
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

92% escaped262 total outputs
Attack Surface

Modal Popup Box: A Flexible Pop Up Box Builder Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[MPBOX] include\modal-popup-box-shortcode.php:5
WordPress Hooks 36
actioninitclass-tgm-plugin-activation.php:268
filterload_textdomain_mofileclass-tgm-plugin-activation.php:269
actioninitclass-tgm-plugin-activation.php:272
actionadmin_menuclass-tgm-plugin-activation.php:421
actionadmin_headclass-tgm-plugin-activation.php:422
filterinstall_plugin_complete_actionsclass-tgm-plugin-activation.php:425
filterupdate_plugin_complete_actionsclass-tgm-plugin-activation.php:426
actionadmin_noticesclass-tgm-plugin-activation.php:429
actionadmin_initclass-tgm-plugin-activation.php:430
actionadmin_enqueue_scriptsclass-tgm-plugin-activation.php:431
actionload-plugins.phpclass-tgm-plugin-activation.php:436
actionswitch_themeclass-tgm-plugin-activation.php:439
actionswitch_themeclass-tgm-plugin-activation.php:442
actionadmin_initclass-tgm-plugin-activation.php:447
actionswitch_themeclass-tgm-plugin-activation.php:452
actionload_textdomain_mofileclass-tgm-plugin-activation.php:475
filterupgrader_source_selectionclass-tgm-plugin-activation.php:889
actionplugins_loadedclass-tgm-plugin-activation.php:2132
filtertgmpa_table_data_itemsclass-tgm-plugin-activation.php:2256
filterupgrader_source_selectionclass-tgm-plugin-activation.php:2997
actionadmin_initclass-tgm-plugin-activation.php:3167
actionupgrader_process_completeclass-tgm-plugin-activation.php:3262
filterupgrader_post_installclass-tgm-plugin-activation.php:3321
filterupgrader_post_installclass-tgm-plugin-activation.php:3470
actionplugins_loadedmodal-popup-box.php:69
actionadmin_menumodal-popup-box.php:72
actioninitmodal-popup-box.php:75
actionadd_meta_boxesmodal-popup-box.php:78
actionadmin_initmodal-popup-box.php:81
actionsave_postmodal-popup-box.php:84
filterwidget_textmodal-popup-box.php:87
filtermanage_modalpopupbox_posts_columnsmodal-popup-box.php:90
actionmanage_modalpopupbox_posts_custom_columnmodal-popup-box.php:93
actionwp_enqueue_scriptsmodal-popup-box.php:95
actionwp_enqueue_scriptsmodal-popup-box.php:398
actiontgmpa_registermodal-popup-box.php:401
Maintenance & Trust

Modal Popup Box: A Flexible Pop Up Box Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 11, 2025
PHP min version7.4
Downloads132K

Community Trust

Rating72/100
Number of ratings11
Active installs2K
Alternatives

Modal Popup Box: A Flexible Pop Up Box Builder Alternatives

Popup Builder – Create highly converting, mobile friendly marketing popups.

Popup Builder – Create highly converting, mobile friendly marketing popups.

popup-builder

B
76

Increase Sales, Lead Generation, Conversion rates and receive good Call to Action rates with smart WordPress popup plugin.

200K 23 CVEs
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers

Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers

popup-builder-block

C
60

Powerful Popup Builder Block for Gutenberg block editor.

60K 1 unpatched
WP Popups – WordPress Popup builder

WP Popups – WordPress Popup builder

wp-popups-lite

A
95

WP Popups is the best popup maker for WordPress. Easy but powerful plugin with display filters, scroll-triggered popups, and Gutenberg block editor.

30K 6 CVEs
CM Pop-Up – Create engaging popups to capture attention and boost interaction

CM Pop-Up – Create engaging popups to capture attention and boost interaction

cm-pop-up-banners

A
94

Create and customize popups. Display messages, Call to actions, promotions, or announcements to engage visitors and boost interaction.

9K 5 CVEs
WP Popup Builder – Popup Forms and Marketing Lead Generation

WP Popup Builder – Popup Forms and Marketing Lead Generation

wp-popup-builder

C
61

WP Popup Builder is a powerful tool to create amazing popup for your site. Its drag and drop feature help to create form in very easy step without hav &hellip;

3K 1 unpatched
Developer Profile

Modal Popup Box: A Flexible Pop Up Box Builder Developer Profile

A WP Life

61 plugins · 64K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
267 days
View full developer profile
Detection Fingerprints

How We Detect Modal Popup Box: A Flexible Pop Up Box Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/modal-popup-box/js//wp-content/plugins/modal-popup-box/css/

HTML / DOM Fingerprints

CSS Classes
modalpopupbox-shortcodecopy-msg-modalpopupbox
Data Attributes
id="modalpopupbox-shortcode-onclick="return MODALCopyShortcodeid='copy-msg-
JS Globals
MODALCopyShortcodeMPBOX
Shortcode Output
[MPBOX id=
FAQ

Frequently Asked Questions about Modal Popup Box: A Flexible Pop Up Box Builder