WP-Safety

Device Detector Security & Risk Analysis

wordpress.org/plugins/device-detector

Full featured analytics reporting and management tool that detects all devices accessing your WordPress site.

600 active installs v4.5.0 PHP 8.2+ WP 6.4+ Updated Mar 20, 2026
botdetectiondetectordevicemobile
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 14, 2024
Plugin page Download
Safety Verdict

Is Device Detector Safe to Use in 2026?

Generally Safe

Score 99/100

Device Detector has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 14, 2024Updated 2mo ago
Risk Assessment

The "device-detector" v4.4.0 plugin exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of SQL queries using prepared statements and a reasonable number of nonce and capability checks, significant concerns remain. The presence of AJAX handlers without authentication checks presents a direct attack vector that could be exploited by unauthenticated users. Furthermore, the moderate rate of unescaped output suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's past vulnerability history which includes a medium severity XSS issue. The lack of any taint analysis findings is positive, but this does not negate the identified code-level risks. The plugin's history of a medium-severity vulnerability, though patched, highlights the importance of diligent code review and robust security controls.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 46% of outputs properly escaped
  • 1 medium severity vulnerability historically
Vulnerabilities
1 published

Device Detector Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-56010medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Device Detector <= 4.2.0 - Reflected Cross-Site Scripting via id

Dec 14, 2024 Patched in 4.2.1 (6d)
Version History

Device Detector Release Timeline

v4.5.0Current
v4.4.0
v4.3.0
v4.2.1
v4.2.01 CVE
CVE-2024-56010
v4.0.01 CVE
CVE-2024-56010
v3.8.01 CVE
CVE-2024-56010
v3.7.21 CVE
CVE-2024-56010
v3.7.11 CVE
CVE-2024-56010
v3.7.01 CVE
CVE-2024-56010
v3.6.01 CVE
CVE-2024-56010
v3.5.01 CVE
CVE-2024-56010
v3.4.11 CVE
CVE-2024-56010
v3.4.01 CVE
CVE-2024-56010
v3.3.01 CVE
CVE-2024-56010
v3.2.01 CVE
CVE-2024-56010
v3.1.11 CVE
CVE-2024-56010
v3.1.01 CVE
CVE-2024-56010
v3.0.21 CVE
CVE-2024-56010
v3.0.11 CVE
CVE-2024-56010
Code Analysis
Analyzed Mar 16, 2026

Device Detector Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
23 prepared
Unescaped Output
61
52 escaped
Nonce Checks
8
Capability Checks
2
File Operations
9
External Requests
5
Bundled Libraries
0

SQL Query Safety

85% prepared27 total queries

Output Escaping

46% escaped113 total outputs
Attack Surface
2 unprotected

Device Detector Attack Surface

Entry Points8
Unprotected2

AJAX Handlers 3

authwp_ajax_hide_podd_nagincludes\plugin\class-core.php:108
authwp_ajax_podd_get_statsincludes\plugin\class-core.php:109
authwp_ajax_poo_switch_autoupdateperfopsone\functions.php:32

Shortcodes 5

[podd-wpcli] includes\features\class-wpcli.php:535
[podd-changelog] includes\plugin\class-core.php:78
[podd-libraries] includes\plugin\class-core.php:79
[podd-statistics] includes\plugin\class-core.php:80
[podd-definition] includes\plugin\class-core.php:81
WordPress Hooks 34
filterinit_perfopsone_admin_menusadmin\class-device-detector-admin.php:163
filterwp_is_mobileincludes\features\class-coremodifier.php:43
filterbody_classincludes\features\class-cssmodifier.php:310
filteradmin_body_classincludes\features\class-cssmodifier.php:312
actionshutdownincludes\features\class-schema.php:59
filterperfopsone_plugin_infoincludes\plugin\class-core.php:74
actioninitincludes\plugin\class-core.php:75
actioninitincludes\plugin\class-core.php:76
actionwp_headincludes\plugin\class-core.php:77
actionrest_api_initincludes\plugin\class-core.php:86
actionadmin_enqueue_scriptsincludes\plugin\class-core.php:99
actionadmin_enqueue_scriptsincludes\plugin\class-core.php:100
actionadmin_menuincludes\plugin\class-core.php:101
actionadmin_menuincludes\plugin\class-core.php:102
actionadmin_menuincludes\plugin\class-core.php:103
actionadmin_initincludes\plugin\class-core.php:104
filterplugin_row_metaincludes\plugin\class-core.php:106
actionadmin_noticesincludes\plugin\class-core.php:107
filtermyblogs_blog_actionsincludes\plugin\class-core.php:110
filtermanage_sites_action_linksincludes\plugin\class-core.php:111
actionwp_enqueue_scriptsincludes\plugin\class-core.php:123
actionwp_enqueue_scriptsincludes\plugin\class-core.php:124
filterplugins_apiincludes\plugin\class-updater.php:65
filtersite_transient_update_pluginsincludes\plugin\class-updater.php:66
actionupgrader_process_completeincludes\plugin\class-updater.php:67
filterclean_urlincludes\plugin\class-updater.php:68
filterperfopsone_apcu_infoincludes\system\class-apcu.php:51
filtersite_status_testsincludes\system\class-sitehealth.php:77
filtersite_status_testsincludes\system\class-sitehealth.php:78
filtersite_status_testsincludes\system\class-sitehealth.php:79
filtersite_status_testsincludes\system\class-sitehealth.php:81
filterdebug_informationincludes\system\class-sitehealth.php:91
filterdebug_informationincludes\system\class-sitehealth.php:109
actionadmin_bar_menuperfopsone\class-adminbar.php:54
Maintenance & Trust

Device Detector Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 20, 2026
PHP min version8.2
Downloads22K

Community Trust

Rating80/100
Number of ratings2
Active installs600
Alternatives

Device Detector Alternatives

Mobile Detector

Mobile Detector

mobile-detector

A
85

Lightweight detector of mobile devices, OSs & browsers. Optionally a mobile theme switcher.

300 No CVEs
Device Detect

Device Detect

device-detect

A
100

Allows you to detect the device of the user, and to display some contents only for the phones, tablets or computers.

20 No CVEs
Frndzk Easy Mobile Theme Switcher with Theme pack

Frndzk Easy Mobile Theme Switcher with Theme pack

frndzk-easy-mobile-theme-switcher-with-theme-pack

A
85

Frndzk Mobile Theme Switcher and Theme Pack plugin automatically detects mobile device and shows mobile copatiable theme.

10 No CVEs
DeviceRedirect24

DeviceRedirect24

deviceredirect24

A
100

Create smart links that automatically redirect users to different URLs based on their device (iOS, Android, Desktop). Perfect for app marketing!

0 No CVEs
Any Mobile Theme Switcher

Any Mobile Theme Switcher

any-mobile-theme-switcher

A
92

This Plugin detects mobile browser and display the theme as the setting done from admin. Usefull for switch to Mobile Theme.

20K No CVEs
Developer Profile

Device Detector Developer Profile

Pierre Lannoy

12 plugins · 15K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
65 days
View full developer profile
Detection Fingerprints

How We Detect Device Detector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/device-detector/assets/css/device-detector.css/wp-content/plugins/device-detector/assets/js/device-detector.js/wp-content/plugins/device-detector/assets/css/device-detector.css.map/wp-content/plugins/device-detector/assets/js/device-detector.js.map
Version Parameters
device-detector/assets/css/device-detector.css?ver=device-detector/assets/js/device-detector.js?ver=

HTML / DOM Fingerprints

CSS Classes
podd-about-logo
Data Attributes
data-podd-id
JS Globals
PODD_ASSETS_IDPODD_PRODUCT_NAMEPODD_VERSIONPODD_SLUG
Shortcode Output
[podd-libraries][podd-changelog]
FAQ

Frequently Asked Questions about Device Detector