AppStore Links Security & Risk Analysis
wordpress.org/plugins/appstorePlugin for easy linking to (Mac) AppStore Apps. You can use the PGH-ID for automatically creating Affiliate-Links
Is AppStore Links Safe to Use in 2026?
Generally Safe
Score 85/100AppStore Links has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "appstore" plugin version 4.5.2 presents a mixed security posture. On the positive side, there are no reported vulnerabilities (CVEs) in its history, suggesting a generally stable and well-maintained codebase. Furthermore, the plugin does not rely on bundled libraries, which can often introduce security risks if outdated. The majority of SQL queries (86%) utilize prepared statements, indicating a good practice in database interaction to prevent SQL injection.
However, significant concerns arise from the static analysis. The most alarming finding is the complete lack of nonce checks and capability checks across all entry points. This means that any user, regardless of their privileges, can trigger actions through the plugin's shortcodes. Additionally, the output escaping is severely lacking, with only 3% of outputs being properly escaped. This opens the door to cross-site scripting (XSS) vulnerabilities, where malicious code could be injected and executed in the user's browser. The taint analysis also identified four flows with unsanitized paths, which, while not classified as critical or high severity, still represent potential security weaknesses in how file paths are handled.
In conclusion, while the absence of known vulnerabilities is a strong positive, the critical omissions of nonce and capability checks, coupled with poor output escaping and unsanitized path handling, create a substantial attack surface that is not adequately protected. The plugin's reliance on shortcodes as its sole entry point, without any authentication or authorization, is a particularly dangerous oversight that requires immediate attention.
Key Concerns
- Missing nonce checks on all entry points
- Missing capability checks on all entry points
- Low percentage of properly escaped output
- Unsanitized paths found in taint analysis
- SQL queries with potential for raw execution (14%)
AppStore Links Security Vulnerabilities
AppStore Links Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
AppStore Links Attack Surface
Shortcodes 3
WordPress Hooks 13
Maintenance & Trust
AppStore Links Maintenance & Trust
Maintenance Signals
Community Trust
AppStore Links Alternatives
AppStore Lookup for WordPress
appstore-lookup
Adds shortcodes that display data from iOS and Mac AppStore applications.
iPad Rubberneck Disrupter
ipad-rubberneck-disrupter
Hides the WordPress login password as it is typed on your iPad or other IOS device.
Push Notification iOS
push-notifications-ios
This plugin allows you to send Push Notifications directly from your WordPress site to your iOS app.
wp2phone
wp2phone
wp2phone plugin allows you to create, design and manage the content of a native iPhone & iPad app, directly in WordPress dashboard.
Multi Device Switcher
multi-device-switcher
Multi Device Switcher plugin allows you to set a separate theme for device (Smart Phone, Tablet PC, Mobile Phone, Game and custom).
AppStore Links Developer Profile
1 plugin · 10 total installs
How We Detect AppStore Links
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/appstore/images/stars.png/wp-content/plugins/appstore/images/update.png/wp-content/plugins/appstore/AppStore.phpHTML / DOM Fingerprints
apps// ToDo: Checken ob Thickbox installiert istdata-appstore-idAPPSTORE_DL_LINKNAMEPLUGIN_BASE_DIRECTORY<a href="" rel="nofollow" target="_blank" ></a><img class="apps" src="