WP-Safety

appful Mobile App Plugin [OLD – NEW VERSION BELOW] Security & Risk Analysis

wordpress.org/plugins/appful

Create a stunning native mobile App in 5 minutes. Mobile App for iPhone & Android. Try us for free!

30 active installs v1.1.2 PHP 5.6.20+ WP 5.2+ Updated Jun 16, 2023
androidappiosmobilemobile-app
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is appful Mobile App Plugin [OLD – NEW VERSION BELOW] Safe to Use in 2026?

Generally Safe

Score 85/100

appful Mobile App Plugin [OLD – NEW VERSION BELOW] has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "appful" plugin version 1.1.2 presents a concerning security posture, primarily due to significant unaddressed risks in its attack surface and code analysis. While the plugin has no recorded vulnerability history, suggesting it may not have been a target or has historically been secure, this is overshadowed by the static analysis findings. The presence of two AJAX handlers without authentication checks is a critical vulnerability, allowing unauthenticated users to potentially trigger plugin functionalities with unknown consequences. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating that user-supplied data could be processed in a way that leads to dangerous operations. The code's limited use of prepared statements for SQL queries and poor output escaping also raises alarms about potential SQL injection and cross-site scripting (XSS) vulnerabilities, respectively. The use of dangerous functions like `shell_exec` and `system` in combination with these unmitigated risks is a recipe for disaster. In conclusion, while the lack of past CVEs is a positive indicator, the current version of "appful" exhibits substantial security weaknesses that require immediate attention, particularly concerning its unprotected entry points and data sanitization.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flows
  • Dangerous functions (shell_exec, system)
  • Low percentage of prepared SQL statements
  • Poor output escaping percentage
Vulnerabilities
None known

appful Mobile App Plugin [OLD – NEW VERSION BELOW] Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

appful Mobile App Plugin [OLD – NEW VERSION BELOW] Release Timeline

v1.1.2Current
v1.1.1
v1.1.0
Code Analysis
Analyzed Mar 16, 2026

appful Mobile App Plugin [OLD – NEW VERSION BELOW] Code Analysis

Dangerous Functions
3
Raw SQL Queries
8
10 prepared
Unescaped Output
88
8 escaped
Nonce Checks
7
Capability Checks
8
File Operations
10
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

shell_exececho shell_exec( "ping -c 3 " . escapeshellarg( $_REQUEST["pingHost"] != 1 ? $_REQUEST["pingHost"] :singletons\api.php:1020
shell_exececho shell_exec( 'traceroute ' . escapeshellarg( $_REQUEST["trace"] != 1 ? $_REQUEST["trace"] : "appsingletons\api.php:1026
systemsystem( "killall -q traceroute" );singletons\api.php:1027

SQL Query Safety

56% prepared18 total queries

Output Escaping

8% escaped96 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
<api> (singletons\api.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

appful Mobile App Plugin [OLD – NEW VERSION BELOW] Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_zaki_like_dislike_ajaxsingletons\api.php:30
noprivwp_ajax_zaki_like_dislike_ajaxsingletons\api.php:31
WordPress Hooks 40
filterrewrite_rules_arrayappful.php:38
actionwidgets_initappful.php:80
actioncomment_postappful.php:91
actiontransition_post_statusappful.php:92
actiontransition_comment_statusappful.php:93
actioninitappful.php:96
actionadmin_initappful.php:97
actionadmin_noticesappful.php:103
actionadmin_noticesappful.php:110
actionadmin_noticesappful.php:115
filterrewrite_rules_arrayappful.php:120
filterrewrite_rules_arrayappful.php:149
actioncomment_id_not_foundmodels\comment.php:62
actioncomment_closedmodels\comment.php:63
actioncomment_on_draftmodels\comment.php:64
filtercomment_post_redirectmodels\comment.php:65
filtera3_lazy_load_run_filtermodels\post.php:139
filterbjll/enabledmodels\post.php:142
filterdo_rocket_lazyloadmodels\post.php:143
actionwpsingletons\api.php:13
actionadmin_menusingletons\api.php:14
actionupdate_option_appful_api_basesingletons\api.php:15
actionpre_update_option_appful_api_controllerssingletons\api.php:16
actionpost_submitbox_misc_actionssingletons\api.php:18
actionpre_post_updatesingletons\api.php:19
actionsave_postsingletons\api.php:20
filterpost_row_actionssingletons\api.php:21
actionwp_headsingletons\api.php:22
actionwp_footersingletons\api.php:23
actiondelete_termsingletons\api.php:25
actionedited_termsingletons\api.php:26
actioncreate_termsingletons\api.php:27
actionwp_enqueue_scriptssingletons\api.php:28
actionprofile_updatesingletons\api.php:32
actionwoocommerce_subscription_status_updatedsingletons\api.php:33
filterredirect_canonicalsingletons\api.php:55
filterposts_wheresingletons\introspector.php:106
filterquery_varssingletons\query.php:13
actionedit_termsingletons\taxonomy.php:129
actioncreate_termsingletons\taxonomy.php:130
Maintenance & Trust

appful Mobile App Plugin [OLD – NEW VERSION BELOW] Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJun 16, 2023
PHP min version5.6.20
Downloads52K

Community Trust

Rating84/100
Number of ratings5
Active installs30
Alternatives

appful Mobile App Plugin [OLD – NEW VERSION BELOW] Alternatives

WPMobile.App

WPMobile.App

wpappninja

A
91

Android and iOS mobile application. Easy setup, free test.

4K 9 CVEs
Mobile Smart App Banner

Mobile Smart App Banner

mobile-smart-app-banner

A
100

Transform your mobile website visitors into app users with intelligent smart app banners that boost downloads across iOS and Android devices.

200 No CVEs
WP-AppKit – Mobile apps and PWA for WordPress

WP-AppKit – Mobile apps and PWA for WordPress

wp-appkit

A
85

Important ✋: beginning with version 1.5.3, we don't support anymore native iOS app. This is a tough choice we explain here.

200 No CVEs
IdeaPress – Turn WordPress into Mobile Apps (Android, iPhone, WinPhone)

IdeaPress – Turn WordPress into Mobile Apps (Android, iPhone, WinPhone)

ideapress-json-api

A
85

Don't write a single line of code. Turn your wordpress into mobile app in 5 mins. (Android, iOS, winPhone)

80 No CVEs
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps

APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps

appexperts

D
46

APPExperts is a freemium mobile app builder that gives you the power to turn your WordPress-powered website into a mobile application for iOS and Andr &hellip;

30 2 unpatched
Developer Profile

appful Mobile App Plugin [OLD – NEW VERSION BELOW] Developer Profile

Oskar Neumann

1 plugin · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect appful Mobile App Plugin [OLD – NEW VERSION BELOW]

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/appful/css/appful.css/wp-content/plugins/appful/js/appful.js
Script Paths
/wp-content/plugins/appful/js/appful.js
Version Parameters
appful/style.css?ver=appful/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
widget_appful
Data Attributes
data-appful
JS Globals
appful_api
REST Endpoints
/wp-json/appful-api/info/wp-json/appful-api/assetlinks.json/wp-json/appful-api/apple-app-site-association
FAQ

Frequently Asked Questions about appful Mobile App Plugin [OLD – NEW VERSION BELOW]