Raw HTML Modal Window Security & Risk Analysis
wordpress.org/plugins/raw-html-modal-windowThis plugin is intended for folks who prefer to use HTML/CSS for ultimate control of the layout for a pop-up window. It uses minimum sys resources
Is Raw HTML Modal Window Safe to Use in 2026?
Generally Safe
Score 85/100Raw HTML Modal Window has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "raw-html-modal-window" v1.1 plugin exhibits a generally good security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code utilizes prepared statements for all SQL queries, which is a strong security practice against SQL injection vulnerabilities. The lack of known CVEs and a clean vulnerability history are also positive indicators.
However, there are areas for concern. The output escaping is notably poor, with only 17% of outputs being properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. The presence of file operations without a clear indication of their purpose or sanitization could also introduce risks, especially if these operations involve user-controlled input. The lack of nonce checks on entry points is a weakness, as it makes the plugin susceptible to Cross-Site Request Forgery (CSRF) attacks, although the attack surface is currently zero.
In conclusion, while the plugin has a strong foundation in terms of avoiding common vulnerabilities like SQL injection and having no known past exploits, the insufficient output escaping and potential risks associated with file operations are significant weaknesses that require attention. Addressing these issues would greatly improve the plugin's overall security.
Key Concerns
- Poor output escaping (17%)
- File operations present
- No nonce checks on entry points
Raw HTML Modal Window Security Vulnerabilities
Raw HTML Modal Window Code Analysis
Output Escaping
Raw HTML Modal Window Attack Surface
WordPress Hooks 5
Maintenance & Trust
Raw HTML Modal Window Maintenance & Trust
Maintenance Signals
Community Trust
Raw HTML Modal Window Alternatives
Lightweight Contact Form
lightweight-contact-form
The most lightweight Contact Form plugin for WordPress. No CSS files, no overhead, no SPAM. The goal is fastest page speed.
Html Social share buttons
html-social-share-buttons
Are you searching for a lightweight sharing plugin? You are in right place. This plugin does not use JavaScript.
Instant Indexing for Google
fast-indexing-api
A very efficient yet simple plugin to take care of your indexing woos and helps get your content crawled by search bots instantly.
User Switching
user-switching
Instant switching between user accounts in WordPress and WooCommerce.
Nginx Helper
nginx-helper
Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.
Raw HTML Modal Window Developer Profile
1 plugin · 0 total installs
How We Detect Raw HTML Modal Window
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/raw-html-modal-window/includes/css/styles.css/wp-content/plugins/raw-html-modal-window/includes/js/modal_window.js/wp-content/plugins/raw-html-modal-window/includes/js/modal_window.jsraw-html-modal-window/includes/css/styles.css?ver=raw-html-modal-window/includes/js/modal_window.js?ver=HTML / DOM Fingerprints
efmw_modalefmw_modalMaskefmw_modalFixedDivefmw_modalContentefmw_closeModalNote:
Four <div> structure for modal window is used
becaue three <div> gets partially covered by
the header with some themes.For debugging:efmw_objefmw_obj.delay_timeefmw_obj.fade_out_duration