AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) Security & Risk Analysis

Name: AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)
Rating: 4.3 (138 reviews)

wordpress.org/plugins/appmysite

Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.

8K active installs v3.15.2 PHP 7.4+ WP 6.8+ Updated Feb 17, 2026

android-app-builderconvert-website-to-appiphone-app-builderwoocommerce-mobile-app-builderwordpress-mobile-app-builder

B · Generally Safe

CVEs total2

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) Safe to Use in 2026?

Mostly Safe

Score 77/100

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 1mo ago

Risk Assessment

The 'appmysite' plugin v3.15.2 presents a mixed security posture. While it demonstrates strengths such as the absence of dangerous functions and the use of prepared statements for all SQL queries, significant concerns arise from its attack surface. Specifically, two AJAX handlers lack authentication checks, creating potential entry points for unauthorized actions. The plugin also exhibits a history of medium severity vulnerabilities, including missing authorization and exposure of sensitive information, with one such vulnerability remaining unpatched as of September 2025. This pattern suggests recurring security weaknesses that require attention. Although Taint analysis shows no critical or high severity flows, and a good percentage of output is escaped, the unauthenticated AJAX endpoints combined with past authorization issues indicate a notable risk that needs to be addressed.

Key Concerns

Unprotected AJAX handlers
Unpatched medium severity CVE
History of missing authorization vulnerabilities
Output escaping is less than ideal (58%)

Vulnerabilities

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-58679medium · 6.5Missing Authorization

AppMySite <= 3.14.0 - Missing Authorization

Sep 22, 2025Unpatched

CVE-2023-49762medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

AppMySite <= 3.11.0 - Unauthenticated Information Disclsoure

Dec 4, 2023 Patched in 3.11.1 (50d)

Code Analysis

Analyzed Mar 16, 2026

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

35 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

58% escaped60 total outputs

Attack Surface

2 unprotected

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) Attack Surface

Entry Points32

Unprotected2

AJAX Handlers 3

authwp_ajax_ams_safe_mode_form_submitincludes\class-ams-admin-functions.php:32

authwp_ajax_save_ams_license_keyincludes\class-ams-admin-functions.php:34

authwp_ajax_ams_deactivation_form_submitincludes\class-ams-admin-functions.php:42

REST API Routes 29

GET/wp-json/wc/v3/ams-get-active-pluginsincludes\class-ams-rest-routes.php:56

GET/wp-json/wc/v3/ams-get-plugin-infoincludes\class-ams-rest-routes.php:66

GET/wp-json/wc/v3/ams-menuincludes\class-ams-rest-routes.php:76

GET/wp-json/wc/v3/ams-menu-namesincludes\class-ams-rest-routes.php:86

POST/wp-json/wc/v3/ams-loginincludes\class-ams-rest-routes.php:96

POST/wp-json/wc/v3/ams-verify-userincludes\class-ams-rest-routes.php:106

GET/wp-json/wc/v3/ams-profile-metaincludes\class-ams-rest-routes.php:116

POST/wp-json/wc/v3/ams-order-payment-urlincludes\class-ams-rest-routes.php:133

GET/wp-json/wc/v3/ams-verify-application-passwordincludes\class-ams-rest-routes.php:143

POST/wp-json/wc/v3/ams-wp-get-user-auth-cookiesincludes\class-ams-rest-routes.php:149

POST/wp-json/wc/v3/ams-send-password-reset-linkincludes\class-ams-rest-routes.php:163

POST/wp-json/wc/v3/ams-applicable-shipping-methodincludes\class-ams-rest-routes.php:173

GET/wp-json/wc/v3/ams-product-searchincludes\class-ams-rest-routes.php:190

GET/wp-json/wc/v3/ams-product-attributesincludes\class-ams-rest-routes.php:200

POST/wp-json/wc/v3/ams-verify-cart-itemsincludes\class-ams-rest-routes.php:210

GET/wp-json/wc/v3/ams-categoriesincludes\class-ams-rest-routes.php:220

GET/wp-json/wc/v3/ams-post-categoriesincludes\class-ams-rest-routes.php:230

GET/wp-json/wc/v3/ams-checkout-fieldsincludes\class-ams-rest-routes.php:240

POST/wp-json/wc/v3/ams-wc-points-rewards-effective-discountincludes\class-ams-rest-routes.php:250

GET/wp-json/wc/v3/ams-wc-points-rewards-settingsincludes\class-ams-rest-routes.php:277

POST/wp-json/wc/v3/ams-change-passwordincludes\class-ams-rest-routes.php:287

GET/wp-json/wc/v3/ams-user-wishlistincludes\class-ams-rest-routes.php:320

POST/wp-json/wc/v3/ams-user-wishlist/addincludes\class-ams-rest-routes.php:333

POST/wp-json/wc/v3/ams-user-wishlist/removeincludes\class-ams-rest-routes.php:351

POST/wp-json/wc/v3/ams-user-wishlist/clearincludes\class-ams-rest-routes.php:369

GET/wp-json/wc/v3/ams-user-bookmarksincludes\class-ams-rest-routes.php:382

POST/wp-json/wc/v3/ams-user-bookmarks/addincludes\class-ams-rest-routes.php:395

POST/wp-json/wc/v3/ams-user-bookmarks/removeincludes\class-ams-rest-routes.php:413

POST/wp-json/wc/v3/ams-user-bookmarks/clearincludes\class-ams-rest-routes.php:431

WordPress Hooks 30

actionadmin_noticesappmysite.php:41

actionbefore_woocommerce_initappmysite.php:81

filtertemplateincludes\ams-safe-mode-loader.php:19

filterstylesheetincludes\ams-safe-mode-loader.php:20

filteroption_active_pluginsincludes\ams-safe-mode-loader.php:21

filterplugin_action_linksincludes\ams-safe-mode-loader.php:22

actionadmin_menuincludes\class-ams-admin-functions.php:27

actionadmin_enqueue_scriptsincludes\class-ams-admin-scripts.php:24

actionadmin_footerincludes\class-ams-admin-scripts.php:34

filteruser_has_capincludes\class-ams-filters.php:31

filterwoocommerce_get_settings_productsincludes\class-ams-filters.php:33

filterwoocommerce_get_settings_productsincludes\class-ams-filters.php:35

filterwoocommerce_rest_prepare_product_objectincludes\class-ams-filters.php:37

filterwoocommerce_rest_prepare_product_objectincludes\class-ams-filters.php:39

filterwoocommerce_rest_prepare_shop_order_objectincludes\class-ams-filters.php:41

filterwoocommerce_get_shop_coupon_dataincludes\class-ams-filters.php:43

actionwoocommerce_order_status_processingincludes\class-ams-filters.php:45

filterrest_prepare_userincludes\class-ams-filters.php:47

actionrest_api_initincludes\class-ams-filters.php:49

actionpre_get_postsincludes\class-ams-filters.php:50

actionrest_api_initincludes\class-ams-rest-register-fields.php:31

actionrest_api_initincludes\class-ams-rest-register-fields.php:100

actionrest_api_initincludes\class-ams-rest-register-fields.php:102

actionrest_api_initincludes\class-ams-rest-register-fields.php:104

actionrest_api_initincludes\class-ams-rest-routes.php:32

filteroption_active_pluginsincludes\class-ams-rest-routes.php:37

filtertemplateincludes\class-ams-rest-routes.php:38

filterstylesheetincludes\class-ams-rest-routes.php:39

actionrest_api_initincludes\class-ams-rest-routes.php:46

filterrest_prepare_userincludes\class-ams-rest-routes.php:54

Maintenance & Trust

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 17, 2026

PHP min version7.4

Downloads392K

Community Trust

Rating86/100

Number of ratings138

Active installs8K

Alternatives

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) Alternatives

Mobile App Editor – WordPress to Android App Builder

mobile-app-editor

Native Android App Builder for wordpress and woocommerce.

40 No CVEs

B2App – Android & iOS native apps builder without using code

b2app-no-code-mobile-app-builder

This Plugin is used for convert WooCommerce store to Android & iOS mobile app without using code.

10 No CVEs

Developer Profile

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) Developer Profile

AppMySite

1 plugin · 8K total installs

trust score

Avg Security Score

77/100

Avg Patch Time

50 days

View full developer profile

Detection Fingerprints

How We Detect AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/appmysite/assets/js/ams-plugin-deactivation-survey.js/wp-content/plugins/appmysite/assets/css/ams-plugin-deactivation-survey.css/wp-content/plugins/appmysite/assets/js/ams-main.js/wp-content/plugins/appmysite/assets/css/ams-main.css

Script Paths

/wp-content/plugins/appmysite/assets/js/ams-plugin-deactivation-survey.js/wp-content/plugins/appmysite/assets/js/ams-main.js

Version Parameters

appmysite/style.css?ver=appmysite/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

ams-plugin-deactivation-survey-formams-deactivation-container

HTML Comments

AppMySite

Data Attributes

data-ams-nonce

JS Globals

frontend_ajax_object

REST Endpoints

/wp-json/appmysite/v1/config

FAQ