WP-Safety

Modal Window – create popup modal window Security & Risk Analysis

wordpress.org/plugins/modal-window

WordPress popup plugin for easily creating a popup and modal window with any kind of content and settings.

10K active installs v6.2.4 PHP 7.4+ WP 5.0+ Updated Mar 9, 2026
lightboxmodalmodal-popupmodal-windowpopup
96
A · Safe
CVEs total7
Unpatched0
Last CVEFeb 19, 2025
Plugin page Download
Safety Verdict

Is Modal Window – create popup modal window Safe to Use in 2026?

Generally Safe

Score 96/100

Modal Window – create popup modal window has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Feb 19, 2025Updated 25d ago
Risk Assessment

The 'modal-window' plugin v6.2.4 exhibits a mixed security posture. While it demonstrates strong practices in output escaping (98%) and makes good use of prepared statements for SQL queries (77%), several concerns warrant attention. The presence of a dangerous function (`preg_replace(/e)`) is a significant red flag, as this can be a common vector for remote code execution if not handled with extreme care. Furthermore, the taint analysis reveals three high-severity flows with unsanitized paths, indicating potential for data leakage or manipulation if these paths are exploited. The plugin's history of 7 CVEs, including one high-severity vulnerability type (Cross-Site Scripting) and others related to CSRF, suggests a past tendency towards input validation and authorization weaknesses, though it's positive that there are currently no unpatched CVEs.

Key Concerns

  • Dangerous function: preg_replace(/e) present
  • High severity taint flows (3)
  • History of high severity CVEs
  • History of medium severity CVEs (6)
  • Vulnerability last recorded 2025-02-19
Vulnerabilities
7

Modal Window – create popup modal window Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2023
2023
3 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
6

7 total CVEs

CVE-2025-0897medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode

Feb 19, 2025 Patched in 6.1.6 (1d)
CVE-2025-24717medium · 4.3Cross-Site Request Forgery (CSRF)

Modal Window <= 6.1.4 - Cross-Site Request Forgery to Settings Ipdate

Jan 24, 2025 Patched in 6.1.5 (5d)
CVE-2024-43346medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Modal Window <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 16, 2024 Patched in 6.0.4 (7d)
CVE-2024-3472medium · 4.3Cross-Site Request Forgery (CSRF)

Modal Window – create popup modal window <= 5.3.9 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 5.3.10 (27d)
CVE-2024-2457medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Modal Window – create popup modal window <= 5.3.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Mar 20, 2024 Patched in 5.3.9 (73d)
CVE-2023-5161medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Sep 25, 2023 Patched in 5.3.6 (120d)
CVE-2021-25051high · 8.8Cross-Site Request Forgery (CSRF)

Modal Window – create popup modal window <= 5.2.1 - Cross-Site Request Forgery to Remote Code Execution

Dec 5, 2021 Patched in 5.2.2 (779d)
Code Analysis
Analyzed Mar 16, 2026

Modal Window – create popup modal window Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
20 prepared
Unescaped Output
8
386 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace( '/epublic\class-shortcodes.php:120

Bundled Libraries

TinyMCE

SQL Query Safety

77% prepared26 total queries

Output Escaping

98% escaped394 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

10 flows10 with unsanitized paths
menu (classes\Admin\Dashboard.php:163)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Modal Window – create popup modal window Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 1

authwp_ajax_modal_window_preview_contentadmin\class-wowp-admin.php:32

Shortcodes 6

[videoBox] public\class-shortcodes.php:9
[buttonBox] public\class-shortcodes.php:10
[iframeBox] public\class-shortcodes.php:11
[wow-icon] public\class-shortcodes.php:12
[w-row] public\class-shortcodes.php:13
[w-column] public\class-shortcodes.php:14
WordPress Hooks 13
actionadmin_initclasses\Admin\AdminActions.php:23
actionadmin_noticesclasses\Admin\AdminNotices.php:13
filterplugin_action_linksclasses\Admin\Dashboard.php:25
filterplugin_row_metaclasses\Admin\Dashboard.php:26
filteradmin_footer_textclasses\Admin\Dashboard.php:27
actionadmin_enqueue_scriptsclasses\Admin\Dashboard.php:28
actionadmin_menuclasses\Admin\Dashboard.php:29
actionadmin_menuincludes\class-wow-company.php:20
actionadmin_enqueue_scriptsincludes\class-wow-company.php:21
actionplugins_loadedmodal-window.php:69
actionwp_enqueue_scriptspublic\class-wowp-public.php:37
actionwp_footerpublic\class-wowp-public.php:38
actionwp_footerpublic\class-wowp-public.php:39
Maintenance & Trust

Modal Window – create popup modal window Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.4
Downloads415K

Community Trust

Rating76/100
Number of ratings36
Active installs10K
Alternatives

Modal Window – create popup modal window Alternatives

WP Popup

WP Popup

wp-pop-up

A
100

Looking for a new way to entice your site visitors? WP Popup is the lightbox/popup plugin built with performance in mind.

900 No CVEs
PWP Lytebox

PWP Lytebox

pwp-lytebox

A
85

The fast and simple way to make all links pointing to images open in popup modal window.

40 No CVEs
Lightbox & Modal Popup WordPress Plugin – FooBox

Lightbox & Modal Popup WordPress Plugin – FooBox

foobox-image-lightbox

A
94

A responsive image lightbox for WordPress galleries, WordPress attachments & FooGallery

100K 5 CVEs
Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions

Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions

popup-anything-on-click

A
97

Create popup on a page load or Create popup by clicking link, image and button. Create popups, opt-in forms, & exit popups, floating bars and more!

30K 4 CVEs
Ocean Modal Window

Ocean Modal Window

ocean-modal-window

A
97

Create the good kind of popups with ease and display anywhere on your website!

10K 1 CVE
Developer Profile

Modal Window – create popup modal window Developer Profile

Wow-Company

25 plugins · 98K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
236 days
View full developer profile
Detection Fingerprints

How We Detect Modal Window – create popup modal window

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/modal-window/admin/css/bootstrap-grid.css/wp-content/plugins/modal-window/admin/css/style.css/wp-content/plugins/modal-window/admin/js/bootstrap.bundle.js/wp-content/plugins/modal-window/admin/js/modal-admin.js/wp-content/plugins/modal-window/public/css/modal.css/wp-content/plugins/modal-window/public/js/modal-public.js
Version Parameters
modal-window/admin/css/bootstrap-grid.css?ver=modal-window/admin/css/style.css?ver=modal-window/admin/js/bootstrap.bundle.js?ver=modal-window/admin/js/modal-admin.js?ver=modal-window/public/css/modal.css?ver=modal-window/public/js/modal-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
modal-window-bodymodal-window-closemodal-window-contentmodal-window-footermodal-window-headermodal-window-overlaymodal-window-wrapperwow-modal-windows-pro+2 more
HTML Comments
<!-- Main admin section --><!-- End Main admin section --><!-- Preview content section --><!-- End Preview content section -->+12 more
Data Attributes
data-bs-toggledata-bs-targetdata-modal-window-iddata-modal-closedata-modal-overlay
JS Globals
WOWP_PluginModalWindowmodal_window_preview_contentmodal_adminmodal_public
REST Endpoints
/wp-json/modal-window/v1/preview
Shortcode Output
[Modal-Window]
FAQ

Frequently Asked Questions about Modal Window – create popup modal window