Does AppPresser – Mobile App Framework have any unpatched vulnerabilities?

No. All known vulnerabilities in AppPresser – Mobile App Framework have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AppPresser – Mobile App Framework compatible with WordPress 6.9.4?

According to WordPress.org data, AppPresser – Mobile App Framework 4.5.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is AppPresser – Mobile App Framework updated?

AppPresser – Mobile App Framework was last updated on Dec 10, 2025. Frequent updates are generally a positive security signal.

What is AppPresser – Mobile App Framework's security score?

AppPresser – Mobile App Framework has a WP-Safety security score of 82/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AppPresser – Mobile App Framework Security & Risk Analysis

Name: AppPresser – Mobile App Framework
Rating: 3.7 (53 reviews)

wordpress.org/plugins/apppresser

Connect your WordPress site to a native mobile app.

1K active installs v4.5.2 PHP + WP 4.7.0+ Updated Dec 10, 2025

android-appapplicationiphone-appmobile-appwordpress-mobile

B · Generally Safe

CVEs total9

Unpatched0

Last CVEOct 29, 2025

Plugin page Download

Safety Verdict

Is AppPresser – Mobile App Framework Safe to Use in 2026?

Mostly Safe

Score 82/100

AppPresser – Mobile App Framework is generally safe to use. 9 past CVEs were resolved. Keep it updated.

9 known CVEsLast CVE: Oct 29, 2025Updated 3mo ago

Risk Assessment

The AppPresser plugin v4.5.2 exhibits a concerning security posture due to a significant number of unprotected entry points, specifically AJAX handlers and REST API routes. While the static analysis shows no critical or high-severity taint flows and a good percentage of SQL queries using prepared statements and properly escaped output, the sheer volume of unprotected endpoints (17 out of 18) presents a substantial attack surface. This indicates a potential for unauthorized actions or information disclosure if vulnerabilities exist within these endpoints.

The plugin's vulnerability history, with a past critical CVE and several high and medium severity vulnerabilities, including Cross-site Scripting, Missing Authorization, and CSRF, further exacerbates these concerns. While there are currently no unpatched CVEs, the recurring nature of these vulnerability types suggests a pattern of security oversight in handling user input and authorization checks.

In conclusion, despite some positive indicators like the absence of dangerous functions and a reasonable use of prepared statements, the plugin's high number of unprotected entry points and its history of significant vulnerabilities necessitate caution. The risk is elevated due to the potential for attackers to leverage these exposed endpoints, especially in conjunction with previously identified vulnerability patterns. While strengths in code hygiene are present, they are overshadowed by the significant risks associated with the extensive attack surface.

Key Concerns

High number of unprotected AJAX handlers (7/8)
High number of unprotected REST API routes (10/10)
Past critical CVE
Multiple past high-severity CVEs (4)
Multiple past medium-severity CVEs (4)
4 flows with unsanitized paths
Significant portion of output not properly escaped (25%)

Vulnerabilities

AppPresser – Mobile App Framework Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

6 CVEs in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

9 total CVEs

CVE-2025-11881medium · 5.3Missing Authorization

AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure

Oct 29, 2025 Patched in 4.5.1 (1d)

CVE-2025-1561high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AppPresser – Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting

Mar 12, 2025 Patched in 4.4.11 (1d)

CVE-2024-11024critical · 9.8Improper Handling of Missing Values

AppPresser – Mobile App Framework <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset

Nov 25, 2024 Patched in 4.4.7 (1d)

CVE-2024-9305high · 8.1Weak Password Recovery Mechanism for Forgotten Password

AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP

Oct 15, 2024 Patched in 4.4.5 (1d)

CVE-2024-4611high · 8.1Improper Check or Handling of Exceptional Conditions

AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

May 28, 2024 Patched in 4.4.0 (1d)

CVE-2024-32776medium · 5.3Missing Authorization

AppPresser <= 4.3.0 - Missing Authorization

Apr 22, 2024 Patched in 4.3.1 (8d)

CVE-2024-31374medium · 4.3Cross-Site Request Forgery (CSRF)

AppPresser <= 4.3.0 - Cross-Site Request Forgery via force_logging_off()

Apr 10, 2024 Patched in 4.3.1 (7d)

CVE-2024-31268medium · 4.3Cross-Site Request Forgery (CSRF)

AppPresser <= 4.3.0 - Cross-Site Request Forgery via toggle_logging_callback()

Apr 5, 2024 Patched in 4.3.1 (7d)

CVE-2023-4214high · 8.1Unverified Password Change

AppPresser <= 4.2.5 - Insecure Password Reset Mechanism

Nov 16, 2023 Patched in 4.3.0 (68d)

Code Analysis

Analyzed Mar 16, 2026

AppPresser – Mobile App Framework Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

132 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

75% escaped175 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

generate_sysinfo_download (inc\AppPresser_SystemInfo.php:28)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

17 unprotected

AppPresser – Mobile App Framework Attack Surface

Entry Points18

Unprotected17

AJAX Handlers 8

authwp_ajax_appp_search_post_handlerinc\AppPresser_Admin_Settings.php:88

authwp_ajax_appp_hide_quickstartinc\AppPresser_Admin_Settings.php:90

authwp_ajax_app_license_dismissinc\AppPresser_License_Check.php:46

noprivwp_ajax_app_license_dismissinc\AppPresser_License_Check.php:47

authwp_ajax_log_dismissinc\AppPresser_Logger.php:46

noprivwp_ajax_log_dismissinc\AppPresser_Logger.php:47

authwp_ajax_appp_loginc\AppPresser_Log_Admin.php:55

noprivwp_ajax_appp_loginc\AppPresser_Log_Admin.php:56

REST API Routes 10

GET/wp-json/appp/v1/logininc\AppPresser_WPAPI_Mods.php:47

GET/wp-json/appp/v1/login/refreshinc\AppPresser_WPAPI_Mods.php:59

GET/wp-json/appp/v1/logoutinc\AppPresser_WPAPI_Mods.php:71

GET/wp-json/appp/v1/registerinc\AppPresser_WPAPI_Mods.php:83

GET/wp-json/appp/v1/verifyinc\AppPresser_WPAPI_Mods.php:95

GET/wp-json/appp/v1/verify-resendinc\AppPresser_WPAPI_Mods.php:107

GET/wp-json/appp/v1/reset-passwordinc\AppPresser_WPAPI_Mods.php:119

GET/wp-json/appp/v1/system-infoinc\AppPresser_WPAPI_Mods.php:131

GET/wp-json/appp/v1/submit-forminc\AppPresser_WPAPI_Mods.php:143

GET/wp-json/appp/v1/myappp-verify/(?P<key>[\w-]+)inc\AppPresser_WPAPI_Mods.php:155

WordPress Hooks 122

actionplugins_loadedapppresser.php:105

actionplugins_loadedapppresser.php:117

actionadmin_initapppresser.php:118

actioninitapppresser.php:119

actioninitapppresser.php:120

actionsend_headersapppresser.php:123

actionwp_enqueue_scriptsapppresser.php:124

actionwp_headapppresser.php:125

actionwp_enqueue_scriptsapppresser.php:126

filterstylesheetapppresser.php:129

filtertemplateapppresser.php:130

filterscript_loader_srcapppresser.php:134

actiontgmpa_registerapppresser.php:161

filtermyappp_allow_originapppresser.php:236

actionplugins_loadedinc\AppPresser_Admin_Settings.php:68

filterapppresser_theme_settings_fileinc\AppPresser_Admin_Settings.php:71

actionadmin_menuinc\AppPresser_Admin_Settings.php:81

actionadmin_initinc\AppPresser_Admin_Settings.php:84

actionadmin_initinc\AppPresser_Admin_Settings.php:85

actionapppresser_add_settingsinc\AppPresser_Admin_Settings.php:86

filterapppresser_field_markup_textinc\AppPresser_Admin_Settings.php:87

actionadmin_headinc\AppPresser_Admin_Settings.php:89

actionafter_appp_add_settingsinc\AppPresser_Admin_Settings.php:91

actionadmin_headinc\AppPresser_Admin_Settings.php:188

actionapppresser_tab_buttons_generalinc\AppPresser_Admin_Settings.php:583

actionadmin_noticesinc\AppPresser_Admin_Settings.php:979

actionadmin_noticesinc\AppPresser_Admin_Settings.php:985

actionadmin_noticesinc\AppPresser_Admin_Settings.php:990

actionadmin_noticesinc\AppPresser_Admin_Settings.php:993

actionrest_api_initinc\AppPresser_API_Limit.php:65

actionwp_footerinc\AppPresser_AppGeo.php:45

filterappgeo_default_positioninc\AppPresser_AppGeo.php:46

filterrest_allow_anonymous_commentsinc\AppPresser_Extend_Comments.php:11

actionrest_api_initinc\AppPresser_Extend_Comments.php:14

actionadmin_noticesinc\AppPresser_License_Check.php:93

actionadmin_enqueue_scriptsinc\AppPresser_Logger.php:45

actionadmin_noticesinc\AppPresser_Logger.php:50

actioninitinc\AppPresser_Logger.php:51

actionappp_debug_loginc\AppPresser_Logger.php:351

actionapppresser_add_settingsinc\AppPresser_Log_Admin.php:50

actionapppresser_tab_bottom_loginc\AppPresser_Log_Admin.php:51

actionapppresser_tab_bottom_loginc\AppPresser_Log_Admin.php:52

actionadmin_headinc\AppPresser_Log_Admin.php:53

actionadmin_footerinc\AppPresser_Log_Admin.php:54

actionapppresser_add_settingsinc\AppPresser_Media_Settings.php:44

filterapppresser_field_override_media_post_typesinc\AppPresser_Media_Settings.php:45

actionadd_meta_boxesinc\AppPresser_Media_Settings.php:47

actionsave_postinc\AppPresser_Media_Settings.php:48

actionupgrader_process_completeinc\AppPresser_Plugin_Updater.php:81

actionload-update-core.phpinc\AppPresser_Plugin_Updater.php:97

filterpre_set_site_transient_update_pluginsinc\AppPresser_Plugin_Updater.php:108

filtertransient_update_pluginsinc\AppPresser_Plugin_Updater.php:109

actionapppresser_add_settingsinc\AppPresser_SystemInfo.php:23

actionapppresser_tab_top_systeminfoinc\AppPresser_SystemInfo.php:24

actionapppresser_tab_bottom_loginc\AppPresser_SystemInfo.php:25

filterapppresser_field_markup_paragraphinc\AppPresser_Theme_Customizer.php:23

actionadmin_initinc\AppPresser_Theme_Customizer.php:32

actioncustomize_registerinc\AppPresser_Theme_Customizer.php:38

actioncustomize_render_controlinc\AppPresser_Theme_Customizer.php:40

filterclean_urlinc\AppPresser_Theme_Customizer.php:42

filtergettextinc\AppPresser_Theme_Customizer.php:44

filteresc_htmlinc\AppPresser_Theme_Customizer.php:46

actionplugins_loadedinc\AppPresser_Theme_Switcher.php:24

actionplugins_loadedinc\AppPresser_Theme_Switcher.php:25

actionplugins_loadedinc\AppPresser_Theme_Switcher.php:26

actionplugins_loadedinc\AppPresser_Theme_Switcher.php:27

filterpre_option_show_on_frontinc\AppPresser_Theme_Switcher.php:28

filterpre_option_page_on_frontinc\AppPresser_Theme_Switcher.php:29

filteroption_templateinc\AppPresser_Theme_Switcher.php:108

filteroption_stylesheetinc\AppPresser_Theme_Switcher.php:109

filtertemplateinc\AppPresser_Theme_Switcher.php:110

filtershow_appp_theme_noticeinc\AppPresser_Theme_Switcher.php:365

actionupgrader_process_completeinc\AppPresser_Theme_Updater.php:97

actionload-update-core.phpinc\AppPresser_Theme_Updater.php:113

filtersite_transient_update_themesinc\AppPresser_Theme_Updater.php:124

filtertransient_update_themesinc\AppPresser_Theme_Updater.php:125

filterappp_login_datainc\AppPresser_User_Roles.php:20

actionrest_api_initinc\AppPresser_WPAPI_Mods.php:24

actionrest_api_initinc\AppPresser_WPAPI_Mods.php:26

filterwp_authenticate_userinc\AppPresser_WPAPI_Mods.php:29

actionrest_api_initinc\AppPresser_WPAPI_Mods.php:32

filterappp_allow_api_origininc\AppPresser_WPAPI_Mods.php:200

filterappp_allow_api_origininc\AppPresser_WPAPI_Mods.php:208

actioninitinc\class-tgm-plugin-activation.php:268

filterload_textdomain_mofileinc\class-tgm-plugin-activation.php:269

actioninitinc\class-tgm-plugin-activation.php:272

actionadmin_menuinc\class-tgm-plugin-activation.php:421

actionadmin_headinc\class-tgm-plugin-activation.php:422

filterinstall_plugin_complete_actionsinc\class-tgm-plugin-activation.php:425

filterupdate_plugin_complete_actionsinc\class-tgm-plugin-activation.php:426

actionadmin_noticesinc\class-tgm-plugin-activation.php:429

actionadmin_initinc\class-tgm-plugin-activation.php:430

actionadmin_enqueue_scriptsinc\class-tgm-plugin-activation.php:431

actionload-plugins.phpinc\class-tgm-plugin-activation.php:436

actionswitch_themeinc\class-tgm-plugin-activation.php:439

actionswitch_themeinc\class-tgm-plugin-activation.php:442

actionadmin_initinc\class-tgm-plugin-activation.php:447

actionswitch_themeinc\class-tgm-plugin-activation.php:452

actionload_textdomain_mofileinc\class-tgm-plugin-activation.php:475

filterupgrader_source_selectioninc\class-tgm-plugin-activation.php:889

actionplugins_loadedinc\class-tgm-plugin-activation.php:2112

filtertgmpa_table_data_itemsinc\class-tgm-plugin-activation.php:2236

filterupgrader_source_selectioninc\class-tgm-plugin-activation.php:2977

actionadmin_initinc\class-tgm-plugin-activation.php:3147

actionupgrader_process_completeinc\class-tgm-plugin-activation.php:3242

filterupgrader_post_installinc\class-tgm-plugin-activation.php:3301

filterupgrader_post_installinc\class-tgm-plugin-activation.php:3446

filterpre_set_site_transient_update_pluginsinc\EDD_SL_Plugin_Updater.php:64

filterplugins_apiinc\EDD_SL_Plugin_Updater.php:65

actionadmin_initinc\EDD_SL_Plugin_Updater.php:68

filterpre_set_site_transient_update_pluginsinc\EDD_SL_Plugin_Updater.php:205

filtersite_transient_update_themesinc\EDD_SL_Theme_Updater.php:53

filterdelete_site_transient_update_themesinc\EDD_SL_Theme_Updater.php:54

actionload-update-core.phpinc\EDD_SL_Theme_Updater.php:55

actionload-themes.phpinc\EDD_SL_Theme_Updater.php:56

actionload-themes.phpinc\EDD_SL_Theme_Updater.php:57

actionadmin_noticesinc\EDD_SL_Theme_Updater.php:67

actionapppresser_add_settingsinc\sample.php:14

filterapppresser_field_markup_custom_disabledinc\sample.php:115

filterapppresser_sanitize_settinginc\sample.php:132

actionapppresser_tab_buttons_new-tab-sluginc\sample.php:149

actionapppresser_tab_bottom_new-tab-sluginc\sample.php:157

Maintenance & Trust

AppPresser – Mobile App Framework Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 10, 2025

PHP min version

Downloads232K

Community Trust

Rating74/100

Number of ratings53

Active installs1K

Alternatives

AppPresser – Mobile App Framework Alternatives

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

appmysite

Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.

8K 1 unpatched

WPMobile.App

wpappninja

Android and iOS mobile application. Easy setup, free test.

4K 9 CVEs

Androapp – Native Android mobile app for wordpress site

androapp

Native mobile app for android platform, create a beautiful mobile app for your wordpress blog in minutes, no programming knowledge required.

400 No CVEs

Appmaker WP – Convert WordPress to Native Android & iOS App

appmaker-wp-mobile-app-manager

Appmaker WP helps you convert your wordpress news website or wp magazine into native iOS and Android mobile apps in minutes.

200 No CVEs

Mobile Smart App Banner

mobile-smart-app-banner

100

Transform your mobile website visitors into app users with intelligent smart app banners that boost downloads across iOS and Android devices.

200 No CVEs

Developer Profile

AppPresser – Mobile App Framework Developer Profile

Scott Bolinger

4 plugins · 1K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect AppPresser – Mobile App Framework

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/apppresser/css/apppresser.css/wp-content/plugins/apppresser/css/apppresser-admin.css/wp-content/plugins/apppresser/css/apppresser-customizer.css/wp-content/plugins/apppresser/js/apppresser.js/wp-content/plugins/apppresser/js/apppresser-admin.js/wp-content/plugins/apppresser/js/apppresser-customizer.js/wp-content/plugins/apppresser/js/apppresser-preview.js/wp-content/plugins/apppresser/js/apppresser-plugins.js+4 more

Version Parameters

apppresser/css/apppresser.css?ver=apppresser/css/apppresser-admin.css?ver=apppresser/css/apppresser-customizer.css?ver=apppresser/js/apppresser.js?ver=apppresser/js/apppresser-admin.js?ver=apppresser/js/apppresser-customizer.js?ver=apppresser/js/apppresser-preview.js?ver=apppresser/js/apppresser-plugins.js?ver=apppresser/js/apppresser-shortcodes.js?ver=apppresser/js/apppresser-theme-switcher.js?ver=apppresser/js/apppresser-service-worker.js?ver=apppresser/js/jquery.cookie.js?ver=

HTML / DOM Fingerprints

CSS Classes

apppresser-preview-wrapperapppresser-appapppresser-device

HTML Comments

AppPresser Admin Menu SettingsAppPresser Admin SettingsAppPresser Theme SwitcherAppPresser Customizer Preview

Data Attributes

data-appp-versiondata-appp-home-urldata-appp-ajax-urldata-appp-is-app

JS Globals

apppresser_settingsAppPresserPreview

FAQ