Does Device Detector have any unpatched vulnerabilities?

No. All known vulnerabilities in Device Detector have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Device Detector compatible with WordPress 6.9.4?

According to WordPress.org data, Device Detector 4.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Device Detector compatible with PHP 8.1+?

Device Detector requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Device Detector updated?

Device Detector was last updated on Nov 22, 2025. Frequent updates are generally a positive security signal.

What is Device Detector's security score?

Device Detector has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Device Detector Security & Risk Analysis

wordpress.org/plugins/device-detector

Full featured analytics reporting and management tool that detects all devices accessing your WordPress site.

600 active installs v4.4.0 PHP 8.1+ WP 6.2+ Updated Nov 22, 2025

botdetectiondetectordevicemobile

A · Safe

CVEs total1

Unpatched0

Last CVEDec 14, 2024

Plugin page Download

Safety Verdict

Is Device Detector Safe to Use in 2026?

Generally Safe

Score 99/100

Device Detector has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 14, 2024Updated 4mo ago

Risk Assessment

The "device-detector" v4.4.0 plugin exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of SQL queries using prepared statements and a reasonable number of nonce and capability checks, significant concerns remain. The presence of AJAX handlers without authentication checks presents a direct attack vector that could be exploited by unauthenticated users. Furthermore, the moderate rate of unescaped output suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's past vulnerability history which includes a medium severity XSS issue. The lack of any taint analysis findings is positive, but this does not negate the identified code-level risks. The plugin's history of a medium-severity vulnerability, though patched, highlights the importance of diligent code review and robust security controls.

Key Concerns

2 AJAX handlers without auth checks
46% of outputs properly escaped
1 medium severity vulnerability historically

Vulnerabilities

Device Detector Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-56010medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Device Detector <= 4.2.0 - Reflected Cross-Site Scripting via id

Dec 14, 2024 Patched in 4.2.1 (6d)

Code Analysis

Analyzed Mar 16, 2026

Device Detector Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

85% prepared27 total queries

Output Escaping

46% escaped113 total outputs

Attack Surface

2 unprotected

Device Detector Attack Surface

Entry Points8

Unprotected2

AJAX Handlers 3

authwp_ajax_hide_podd_nagincludes\plugin\class-core.php:108

authwp_ajax_podd_get_statsincludes\plugin\class-core.php:109

authwp_ajax_poo_switch_autoupdateperfopsone\functions.php:32

Shortcodes 5

[podd-wpcli] includes\features\class-wpcli.php:535

[podd-changelog] includes\plugin\class-core.php:78

[podd-libraries] includes\plugin\class-core.php:79

[podd-statistics] includes\plugin\class-core.php:80

[podd-definition] includes\plugin\class-core.php:81

WordPress Hooks 34

filterinit_perfopsone_admin_menusadmin\class-device-detector-admin.php:163

filterwp_is_mobileincludes\features\class-coremodifier.php:43

filterbody_classincludes\features\class-cssmodifier.php:310

filteradmin_body_classincludes\features\class-cssmodifier.php:312

actionshutdownincludes\features\class-schema.php:59

filterperfopsone_plugin_infoincludes\plugin\class-core.php:74

actioninitincludes\plugin\class-core.php:75

actioninitincludes\plugin\class-core.php:76

actionwp_headincludes\plugin\class-core.php:77

actionrest_api_initincludes\plugin\class-core.php:86

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:99

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:100

actionadmin_menuincludes\plugin\class-core.php:101

actionadmin_menuincludes\plugin\class-core.php:102

actionadmin_menuincludes\plugin\class-core.php:103

actionadmin_initincludes\plugin\class-core.php:104

filterplugin_row_metaincludes\plugin\class-core.php:106

actionadmin_noticesincludes\plugin\class-core.php:107

filtermyblogs_blog_actionsincludes\plugin\class-core.php:110

filtermanage_sites_action_linksincludes\plugin\class-core.php:111

actionwp_enqueue_scriptsincludes\plugin\class-core.php:123

actionwp_enqueue_scriptsincludes\plugin\class-core.php:124

filterplugins_apiincludes\plugin\class-updater.php:65

filtersite_transient_update_pluginsincludes\plugin\class-updater.php:66

actionupgrader_process_completeincludes\plugin\class-updater.php:67

filterclean_urlincludes\plugin\class-updater.php:68

filterperfopsone_apcu_infoincludes\system\class-apcu.php:51

filtersite_status_testsincludes\system\class-sitehealth.php:77

filtersite_status_testsincludes\system\class-sitehealth.php:78

filtersite_status_testsincludes\system\class-sitehealth.php:79

filtersite_status_testsincludes\system\class-sitehealth.php:81

filterdebug_informationincludes\system\class-sitehealth.php:91

filterdebug_informationincludes\system\class-sitehealth.php:109

actionadmin_bar_menuperfopsone\class-adminbar.php:54

Maintenance & Trust

Device Detector Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 22, 2025

PHP min version8.1

Downloads22K

Community Trust

Rating80/100

Number of ratings2

Active installs600

Alternatives

Device Detector Alternatives

Mobile Detector

mobile-detector

Lightweight detector of mobile devices, OSs & browsers. Optionally a mobile theme switcher.

300 No CVEs

Device Detect

device-detect

100

Allows you to detect the device of the user, and to display some contents only for the phones, tablets or computers.

20 No CVEs

Any Mobile Theme Switcher

any-mobile-theme-switcher

This Plugin detects mobile browser and display the theme as the setting done from admin. Usefull for switch to Mobile Theme.

20K No CVEs

WP Bottom Menu

wp-bottom-menu

100

WP Bottom Menu allows you to add a woocommerce supported bottom menu to your site.

20K No CVEs

WP Mobile Bottom Menu

mobile-bottom-menu-for-wp

Smooth Navigation for Mobile. Create an Eye-Catching Sticky Bottom Menu with Limitless Customization Options.

10K 1 CVE

Developer Profile

Device Detector Developer Profile

Pierre Lannoy

12 plugins · 15K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect Device Detector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/device-detector/assets/css/device-detector.css/wp-content/plugins/device-detector/assets/js/device-detector.js/wp-content/plugins/device-detector/assets/css/device-detector.css.map/wp-content/plugins/device-detector/assets/js/device-detector.js.map

Version Parameters

device-detector/assets/css/device-detector.css?ver=device-detector/assets/js/device-detector.js?ver=

HTML / DOM Fingerprints

CSS Classes

podd-about-logo

Data Attributes

data-podd-id

JS Globals

PODD_ASSETS_IDPODD_PRODUCT_NAMEPODD_VERSIONPODD_SLUG

Shortcode Output

[podd-libraries][podd-changelog]

FAQ