BAAP Mobile Version Security & Risk Analysis

wordpress.org/plugins/baap-mobile-version

The BAAP Mobile Version is a complete toolkit to help mobilize your WordPress site. It has a mobile switcher, themes, widgets, and mobile admin panel.

40 active installs v2.0 PHP + WP 2.5+ Updated Apr 6, 2011

mobilemobile-internetmobile-webpdawireless

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BAAP Mobile Version Safe to Use in 2026?

Generally Safe

Score 85/100

BAAP Mobile Version has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "baap-mobile-version" plugin v2.0 presents a mixed security posture. On one hand, the static analysis shows a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. This lack of direct entry points from an external perspective is a positive sign. However, the code itself contains significant security concerns. The presence of `create_function`, which is deprecated and can be a source of vulnerabilities, along with a complete lack of proper SQL statement preparation and output escaping, are critical red flags. All SQL queries are executed without prepared statements, and none of the 213 identified outputs are properly escaped, indicating a high risk of SQL injection and cross-site scripting (XSS) vulnerabilities. The taint analysis, while not flagging critical or high severity flows, did identify that all analyzed flows involved unsanitized paths, reinforcing the potential for data manipulation and injection. The plugin's history of zero known vulnerabilities is a positive indicator, but it cannot outweigh the glaring security weaknesses present in the current code. The absence of nonce checks is also a concern for any form submissions or actions that might be added in future versions. Therefore, while the plugin may appear secure from the outside due to its limited attack surface, the internal code quality suggests a high risk of exploitable vulnerabilities.

Key Concerns

Dangerous function create_function found
SQL queries without prepared statements (100%)
Output escaping not properly implemented (0%)
No nonce checks
All taint flows have unsanitized paths

Vulnerabilities

None known

BAAP Mobile Version Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BAAP Mobile Version Code Analysis

Dangerous Functions

1

Raw SQL Queries

6

0 prepared

Unescaped Output

213

0 escaped

Nonce Checks

0

Capability Checks

1

File Operations

14

External Requests

3

Bundled Libraries

0

Dangerous Functions Found

create_function$function = create_function('$was,$is', "wpmp_mpexo_add_to_payload('$key', \$is);");plugins\wpmp_mpexo\wpmp_mpexo.php:110

SQL Query Safety

0% prepared6 total queries

Output Escaping

0% escaped213 total outputs

Data Flows

24 unsanitized

Data Flow Analysis

24 flows24 with unsanitized paths

<wpmp_ads> (plugins\wpmp_ads\wpmp_ads.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BAAP Mobile Version Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 66

actioninitbaap-mobile-version.php:76

actionadmin_noticesbaap-mobile-version.php:77

actionadmin_menubaap-mobile-version.php:78

actionsend_headersbaap-mobile-version.php:79

filterget_the_generator_xhtmlbaap-mobile-version.php:80

filterget_the_generator_htmlbaap-mobile-version.php:81

filterplugin_action_linksbaap-mobile-version.php:83

actioninitplugins\wpmp_ads\wpmp_ads.php:38

actioninitplugins\wpmp_analytics\wpmp_analytics.php:37

actionadmin_menuplugins\wpmp_analytics\wpmp_analytics.php:38

actionwp_footerplugins\wpmp_analytics\wpmp_analytics.php:39

actioninitplugins\wpmp_barcode\wpmp_barcode.php:38

actioninitplugins\wpmp_mpexo\wpmp_mpexo.php:37

actionshutdownplugins\wpmp_mpexo\wpmp_mpexo.php:38

actionadmin_menuplugins\wpmp_mpexo\wpmp_mpexo.php:39

actionupdate_option_siteurlplugins\wpmp_mpexo\wpmp_mpexo.php:42

actionupdate_option_blognameplugins\wpmp_mpexo\wpmp_mpexo.php:43

actionupdate_option_blogdescriptionplugins\wpmp_mpexo\wpmp_mpexo.php:44

actionupdate_option_admin_emailplugins\wpmp_mpexo\wpmp_mpexo.php:45

actionupdate_option_wpmp_mpexo_enabled_betaplugins\wpmp_mpexo\wpmp_mpexo.php:50

actionupdate_option_wpmp_mpexo_descriptionplugins\wpmp_mpexo\wpmp_mpexo.php:51

actionupdate_option_wpmp_mpexo_description_customplugins\wpmp_mpexo\wpmp_mpexo.php:52

actionupdate_option_wpmp_mpexo_emailplugins\wpmp_mpexo\wpmp_mpexo.php:53

actionupdate_option_wpmp_mpexo_classificationplugins\wpmp_mpexo\wpmp_mpexo.php:54

actionupdate_option_wpmp_mpexo_contentplugins\wpmp_mpexo\wpmp_mpexo.php:55

actionupdate_option_wpmp_mpexo_popularityplugins\wpmp_mpexo\wpmp_mpexo.php:56

actionupdate_option_wpmp_mpexo_diagnosticsplugins\wpmp_mpexo\wpmp_mpexo.php:57

actionadd_option_wpmp_mpexo_enabled_betaplugins\wpmp_mpexo\wpmp_mpexo.php:59

actionadd_option_wpmp_mpexo_descriptionplugins\wpmp_mpexo\wpmp_mpexo.php:60

actionadd_option_wpmp_mpexo_description_customplugins\wpmp_mpexo\wpmp_mpexo.php:61

actionadd_option_wpmp_mpexo_emailplugins\wpmp_mpexo\wpmp_mpexo.php:62

actionadd_option_wpmp_mpexo_classificationplugins\wpmp_mpexo\wpmp_mpexo.php:63

actionadd_option_wpmp_mpexo_contentplugins\wpmp_mpexo\wpmp_mpexo.php:64

actionadd_option_wpmp_mpexo_popularityplugins\wpmp_mpexo\wpmp_mpexo.php:65

actionadd_option_wpmp_mpexo_diagnosticsplugins\wpmp_mpexo\wpmp_mpexo.php:66

actioncreated_post_tagplugins\wpmp_mpexo\wpmp_mpexo.php:118

actionedited_post_tagplugins\wpmp_mpexo\wpmp_mpexo.php:119

actiondelete_post_tagplugins\wpmp_mpexo\wpmp_mpexo.php:120

actioncreated_categoryplugins\wpmp_mpexo\wpmp_mpexo.php:122

actionedited_categoryplugins\wpmp_mpexo\wpmp_mpexo.php:123

actiondelete_categoryplugins\wpmp_mpexo\wpmp_mpexo.php:124

actionpublish_postplugins\wpmp_mpexo\wpmp_mpexo.php:129

actionpending_postplugins\wpmp_mpexo\wpmp_mpexo.php:130

actiondraft_postplugins\wpmp_mpexo\wpmp_mpexo.php:131

actionprivate_postplugins\wpmp_mpexo\wpmp_mpexo.php:132

actionpublish_pageplugins\wpmp_mpexo\wpmp_mpexo.php:134

actionpending_pageplugins\wpmp_mpexo\wpmp_mpexo.php:135

actiondraft_pageplugins\wpmp_mpexo\wpmp_mpexo.php:136

actionprivate_pageplugins\wpmp_mpexo\wpmp_mpexo.php:137

actiondelete_postplugins\wpmp_mpexo\wpmp_mpexo.php:139

filterget_pagenum_linkplugins\wpmp_switcher\pages\mobile_admin.php:181

actioninitplugins\wpmp_switcher\wpmp_switcher.php:51

actionadmin_menuplugins\wpmp_switcher\wpmp_switcher.php:52

actionwp_footerplugins\wpmp_switcher\wpmp_switcher.php:53

filterstylesheetplugins\wpmp_switcher\wpmp_switcher.php:54

filtertemplateplugins\wpmp_switcher\wpmp_switcher.php:55

filteroption_homeplugins\wpmp_switcher\wpmp_switcher.php:56

filteroption_siteurlplugins\wpmp_switcher\wpmp_switcher.php:57

actiontemplate_redirectplugins\wpmp_switcher\wpmp_switcher.php:512

actiontemplate_redirectplugins\wpmp_switcher\wpmp_switcher.php:519

actioninitthemes\mobile_pack_base\functions.php:30

filterdynamic_sidebar_paramsthemes\mobile_pack_base\functions.php:31

actionpre_get_poststhemes\mobile_pack_base\functions.php:32

actionthe_contentthemes\mobile_pack_base\functions.php:33

actioninitthemes\mobile_pack_base\functions_persist.php:28

actionadmin_menuthemes\mobile_pack_base\functions_persist.php:53

Maintenance & Trust

BAAP Mobile Version Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedApr 6, 2011

PHP min version

Downloads34K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

BAAP Mobile Version Alternatives

IamMobiled Mobile

iammobiled-mobile

IamMobiled Mobile Plugin enables your mobile users to see a mobile theme of your website. Comes with a mobile specific theme "Blue Heart"

Progressive Web Apps

progressive-web-apps

Use a Progressive Web App implemented with React JS to enhance the experience of your mobile users.

Web Manifest

web-manifest

Allows to create and configure a web-app manifest file (manifest.json).

MobStac WordPress Mobile

mobstac-blogger

Renders for mobile visitors a mobile version of your WordPress site, with blazing-fast page loads, multiple themes, support for over 5000 mobile devi …

Wireless-WordPress

wireless-wordpress

Wireless WordPress插件可以为你的博客增加友好的手机版页面

Developer Profile

BAAP Mobile Version Developer Profile

1 plugin · 40 total installs

84

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BAAP Mobile Version

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/baap-mobile-version/themes/wpmp-iphone/style.css/wp-content/plugins/baap-mobile-version/themes/wpmp-iphone/script.js/wp-content/plugins/baap-mobile-version/themes/wpmp-android/style.css/wp-content/plugins/baap-mobile-version/themes/wpmp-android/script.js/wp-content/plugins/baap-mobile-version/themes/wpmp-nokia/style.css/wp-content/plugins/baap-mobile-version/themes/wpmp-nokia/script.js

Generator Patterns

WordPress %s, fitted with the BAAP Mobile Version %s

Script Paths

/wp-content/plugins/baap-mobile-version/themes/wpmp-iphone/script.js/wp-content/plugins/baap-mobile-version/themes/wpmp-android/script.js/wp-content/plugins/baap-mobile-version/themes/wpmp-nokia/script.js

Version Parameters

baap-mobile-version/style.css?ver=baap-mobile-version/script.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-baap-mobile-version

JS Globals

window.WPMP_VERSION

FAQ

Frequently Asked Questions about BAAP Mobile Version