Does Ocean Modal Window have any unpatched vulnerabilities?

No. All known vulnerabilities in Ocean Modal Window have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ocean Modal Window compatible with WordPress 6.9.4?

According to WordPress.org data, Ocean Modal Window 2.3.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Ocean Modal Window updated?

Ocean Modal Window was last updated on Nov 26, 2025. Frequent updates are generally a positive security signal.

What is Ocean Modal Window's security score?

Ocean Modal Window has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ocean Modal Window Security & Risk Analysis

wordpress.org/plugins/ocean-modal-window

Create the good kind of popups with ease and display anywhere on your website!

10K active installs v2.3.3 PHP + WP 5.6+ Updated Nov 26, 2025

modalmodal-popupoceanwp

A · Safe

CVEs total1

Unpatched0

Last CVENov 28, 2025

Plugin page Download

Safety Verdict

Is Ocean Modal Window Safe to Use in 2026?

Generally Safe

Score 97/100

Ocean Modal Window has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 28, 2025Updated 4mo ago

Risk Assessment

The "ocean-modal-window" v2.3.3 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and avoids dangerous functions, several significant concerns are present. The most critical issue is the presence of an unprotected AJAX handler, which represents a direct entry point for potential attacks without any authentication or authorization checks. This is further exacerbated by the lack of nonce checks, making it easier for attackers to craft malicious requests. The vulnerability history, with a past high-severity "Code Injection" vulnerability, indicates a potential for severe security flaws. Although this vulnerability is listed as patched, the historical pattern suggests a need for diligent security review of new versions. The plugin's static analysis shows a small attack surface but one that is not adequately secured, combined with a moderate rate of unescaped output, which could lead to cross-site scripting vulnerabilities.

Key Concerns

AJAX handler without auth checks
Missing nonce checks
Output escaping not fully proper (60%)
Past high-severity vulnerability (Code Injection)

Vulnerabilities

Ocean Modal Window Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-13307high · 7.2Improper Control of Generation of Code ('Code Injection')

Ocean Modal Window <= 2.3.2 - Authenticated (Editor+) Remote Code Execution

Nov 28, 2025 Patched in 2.3.3 (23d)

Code Analysis

Analyzed Mar 16, 2026

Ocean Modal Window Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped57 total outputs

Attack Surface

1 unprotected

Ocean Modal Window Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_get_mw_conditional_rulesocean-modal-window.php:222

WordPress Hooks 22

actionin_plugin_update_message-ocean-modal-window/ocean-modal-window.phpincludes\update-message.php:23

actionadmin_enqueue_scriptsincludes\update-message.php:24

actioninitocean-modal-window.php:123

actioninitocean-modal-window.php:125

actioninitocean-modal-window.php:127

filteroceanwp_theme_stringsocean-modal-window.php:129

actioncustomize_preview_initocean-modal-window.php:215

filterocean_customize_options_dataocean-modal-window.php:216

actionwp_enqueue_scriptsocean-modal-window.php:217

filterocean_metaboxes_post_types_scriptsocean-modal-window.php:218

actionbutterbean_registerocean-modal-window.php:219

actionadd_meta_boxes_ocean_modal_windowocean-modal-window.php:220

actionwp_enqueue_scriptsocean-modal-window.php:221

actionwp_footerocean-modal-window.php:223

actionadmin_enqueue_scriptsocean-modal-window.php:224

actionsave_postocean-modal-window.php:225

filterocean_head_cssocean-modal-window.php:226

filteroe_theme_panelsocean-modal-window.php:227

filterocean_post_setting_metaocean-modal-window.php:228

actionbutterbean_registerocean-modal-window.php:231

actionenqueue_block_editor_assetsocean-modal-window.php:232

actionowp_fs_loadedocean-modal-window.php:3163

Maintenance & Trust

Ocean Modal Window Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 26, 2025

PHP min version

Downloads395K

Community Trust

Rating96/100

Number of ratings11

Active installs10K

Alternatives

Ocean Modal Window Alternatives

Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions

popup-anything-on-click

Create popup on a page load or Create popup by clicking link, image and button. Create popups, opt-in forms, & exit popups, floating bars and more!

30K 4 CVEs

Modal Window – create popup modal window

modal-window

WordPress popup plugin for easily creating a popup and modal window with any kind of content and settings.

10K 7 CVEs

Modal Popup Box: A Flexible Pop Up Box Builder

modal-popup-box

Create and manage a customizable pop up box on your WordPress website. Embed anything from videos and images to forms and shortcodes.

2K 2 CVEs

One Click Modal

one-click-modal

Simple plugin that allows you to show any Elementor widget inside of a modal window. Requires Elementor.

90 No CVEs

CocoPopup – Gutenberg Popup Builder for WordPress

cocopopup

100

Create powerful popups in WordPress with CocoPopup – a flexible Gutenberg popup builder for marketing, WooCommerce & more.

40 No CVEs

Developer Profile

Ocean Modal Window Developer Profile

oceanwp

8 plugins · 1.2M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

230 days

View full developer profile

Detection Fingerprints

How We Detect Ocean Modal Window

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ocean-modal-window/assets/css/backend.css/wp-content/plugins/ocean-modal-window/assets/css/frontend.css/wp-content/plugins/ocean-modal-window/assets/js/backend.js/wp-content/plugins/ocean-modal-window/assets/js/frontend.js/wp-content/plugins/ocean-modal-window/assets/js/script.js

Script Paths

/wp-content/plugins/ocean-modal-window/assets/js/backend.js/wp-content/plugins/ocean-modal-window/assets/js/frontend.js/wp-content/plugins/ocean-modal-window/assets/js/script.js

Version Parameters

ocean-modal-window/assets/css/backend.css?ver=ocean-modal-window/assets/css/frontend.css?ver=ocean-modal-window/assets/js/backend.js?ver=ocean-modal-window/assets/js/frontend.js?ver=ocean-modal-window/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

omw-modal-wrapperomw-modal-contentomw-modal-closeomw-modal-overlay

Data Attributes

data-omw-id

JS Globals

oceanModal

FAQ