WP-Safety

Appypie Web to Mobile App Security & Risk Analysis

wordpress.org/plugins/appypie-web-to-app

Transform your WordPress site or Woocommerce store into a powerful Mobile App with powerful native app features.

40 active installs v1.2.0 PHP 7.2+ WP 4.9+ Updated Nov 2, 2023
androidappy-pieiosmobile-app-converter
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Appypie Web to Mobile App Safe to Use in 2026?

Generally Safe

Score 85/100

Appypie Web to Mobile App has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The appypie-web-to-app plugin version 1.2.0 exhibits a concerning security posture primarily due to a significant attack surface exposed without proper authentication or authorization checks. All six identified AJAX handlers lack any form of authentication, presenting a direct pathway for unauthenticated users to interact with these functionalities. While the plugin demonstrates good practices by using prepared statements for all SQL queries and avoiding dangerous functions, the absence of nonce checks on AJAX actions is a critical oversight. Furthermore, the taint analysis revealed four flows with unsanitized paths, indicating potential vulnerabilities related to how user-supplied data is handled before being used in file operations. The vulnerability history being clean is a positive sign, suggesting the developers may not have introduced severe security flaws historically, but this does not mitigate the current risks identified in the code analysis.

Key Concerns

  • AJAX handlers without authentication checks
  • AJAX handlers without nonce checks
  • Flows with unsanitized paths
  • Unescaped output detected
Vulnerabilities
None known

Appypie Web to Mobile App Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Appypie Web to Mobile App Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
45
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
8
External Requests
7
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

100% prepared4 total queries

Output Escaping

0% escaped45 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
get_state_ajax_callback (appypie-woocommerce-app-maker.php:378)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Appypie Web to Mobile App Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_verify_tokenappypie-woocommerce-app-maker.php:71
noprivwp_ajax_verify_tokenappypie-woocommerce-app-maker.php:72
authwp_ajax_create_appappypie-woocommerce-app-maker.php:73
noprivwp_ajax_create_appappypie-woocommerce-app-maker.php:74
authwp_ajax_payment_appappypie-woocommerce-app-maker.php:75
noprivwp_ajax_payment_appappypie-woocommerce-app-maker.php:76
WordPress Hooks 5
actionadmin_menuappypie-woocommerce-app-maker.php:68
actionadmin_initappypie-woocommerce-app-maker.php:69
actionadmin_footerappypie-woocommerce-app-maker.php:70
actionadmin_enqueue_scriptsappypie-woocommerce-app-maker.php:84
actionlogin_enqueue_scriptsappypie-woocommerce-app-maker.php:85
Maintenance & Trust

Appypie Web to Mobile App Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedNov 2, 2023
PHP min version7.2
Downloads7K

Community Trust

Rating80/100
Number of ratings2
Active installs40
Alternatives

Appypie Web to Mobile App Alternatives

WPMobile.App

WPMobile.App

wpappninja

A
89

Android and iOS mobile application. Easy setup, free test.

4K 9 CVEs
GoodBarber

GoodBarber

goodbarber

A
98

GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and/or Android

1K 2 CVEs
Pushover Integration for WooCommerce

Pushover Integration for WooCommerce

pushover-for-woocommerce

A
92

Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.

800 No CVEs
Push notification for Mobile and Web app

Push notification for Mobile and Web app

push-notification-mobile-and-web-app

A
99

Push notification for Android, iOS and the Web

500 1 CVE
Device-Based Redirect

Device-Based Redirect

device-based-redirect

A
100

Redirect users to your app pages in app store or play store based on their device type with custom URLs and page-specific redirects.

300 No CVEs
Developer Profile

Appypie Web to Mobile App Developer Profile

Appy Pie

4 plugins · 60 total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
28 days
View full developer profile
Detection Fingerprints

How We Detect Appypie Web to Mobile App

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/appypie-web-to-app/list/css/style.css/wp-content/plugins/appypie-web-to-app/list/css/font.css/wp-content/plugins/appypie-web-to-app/list/css/payment.css/wp-content/plugins/appypie-web-to-app/list/css/fontello.css/wp-content/plugins/appypie-web-to-app/list/css/appyslim.css/wp-content/plugins/appypie-web-to-app/list/css/font-awesome.min.css/wp-content/plugins/appypie-web-to-app/list/js/bootstrap.min.js/wp-content/plugins/appypie-web-to-app/list/js/jquery.validate.min.js
Script Paths
/wp-content/plugins/appypie-web-to-app/list/js/bootstrap.min.js/wp-content/plugins/appypie-web-to-app/list/js/jquery.validate.min.js

HTML / DOM Fingerprints

JS Globals
window.opener.location.reload(true)
REST Endpoints
/wp-json/wp/v2/users
FAQ

Frequently Asked Questions about Appypie Web to Mobile App