Knowband Mobile App Builder Security & Risk Analysis
wordpress.org/plugins/knowband-mobile-app-builder-for-woocommerceThe Knowband Mobile App Builder converts your online store into a pair of native Android & iOS apps without any coding.
10 active installs v3.0.0 PHP 5.6+ WP 4.0.1+ Updated Dec 9, 2025
android-appios-appmobile-app-makerwoocommerce-mobile-app
Safety Verdict
Is Knowband Mobile App Builder Safe to Use in 2026?
Generally Safe
Score 99/100Knowband Mobile App Builder has a strong security track record. Known vulnerabilities have been patched promptly.
1 known CVELast CVE: Dec 10, 2025Updated 3mo ago
Risk Assessment
The "knowband-mobile-app-builder-for-woocommerce" v3.0.0 plugin exhibits a concerning security posture, primarily due to a vast attack surface lacking adequate authorization. With 109 out of 118 entry points (AJAX and REST API) lacking permission checks, there's a significant risk of unauthorized actions and data exposure. Furthermore, the presence of 34 high-severity taint flows with unsanitized paths indicates potential for serious vulnerabilities like arbitrary code execution or data manipulation, despite the absence of critical severity issues in the analysis. The plugin also shows a history of vulnerabilities, with a past medium-severity issue reported, and a concerning pattern of "Missing Authorization" as a common vulnerability type. This suggests a recurring weakness in their access control implementation. While the plugin demonstrates good practices like predominantly using prepared statements for SQL queries and a high percentage of output escaping, these strengths are overshadowed by the critical shortcomings in authentication and authorization, making it a high-risk component.
Key Concerns
- Large attack surface without authorization
- High severity unsanitized taint flows
- AJAX handlers without auth checks
- REST API routes without permission callbacks
- Known medium severity vulnerability history
- Dangerous function usage (unserialize)
- Low percentage of capability checks
Vulnerabilities
1Knowband Mobile App Builder Security Vulnerabilities
CVEs by Year
1 CVE in 2025
Patched Has unpatched
Severity Breakdown
Medium
1
1 total CVE
Knowband Mobile App Builder <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary User Deletion
Dec 10, 2025 Patched in 3.0.0 (28d)
Code Analysis
Analyzed Mar 17, 2026Knowband Mobile App Builder Code Analysis
Dangerous Functions
66
Raw SQL Queries
28
490 prepared
Unescaped Output
478
1253 escaped
Nonce Checks
69
Capability Checks
0
File Operations
8
External Requests
4
Bundled Libraries
0
Dangerous Functions Found
unserialize$this->wmab_plugin_settings = unserialize($wmab_settings);api\2.0\wmab-category.php:102
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-category.php:642
unserialize$attributes = unserialize($product->meta_value);api\2.0\wmab-category.php:1007
unserialize$attributes = unserialize($product->meta_value);api\2.0\wmab-category.php:1069
unserialize$this->wmab_plugin_settings = unserialize($wmab_settings);api\2.0\wmab-checkout.php:103
unserialize$this->wmab_plugin_settings = unserialize($wmab_settings);api\2.0\wmab-customer.php:104
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-customer.php:438
unserialize$cart_content = unserialize($cart_value['cart']);api\2.0\wmab-customer.php:439
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-customer.php:807
unserialize$cart_content3 = unserialize($cart_value['cart']);api\2.0\wmab-customer.php:808
unserialize$this->wmab_plugin_settings = unserialize($wmab_settings);api\2.0\wmab-home.php:102
unserialize$temp_session_data[$key] = unserialize($value);api\2.0\wmab-home.php:391
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-home.php:416
unserialize$cart_content3 = unserialize($cart_value['cart']);api\2.0\wmab-home.php:417
unserialize$wmab_spin_win_settings = unserialize($wmab_spin_win_options);api\2.0\wmab-home.php:454
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-home.php:543
unserialize$cart_content_total = unserialize($cart_value['cart']);api\2.0\wmab-home.php:544
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-home.php:1559
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-home.php:1725
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-home.php:1891
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-home.php:2059
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-home.php:3035
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-home.php:3061
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-home.php:3062
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-home.php:3209
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-home.php:3236
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-home.php:3237
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-home.php:3385
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-home.php:3412
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-home.php:3413
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-home.php:3578
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-home.php:3579
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-home.php:3720
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-home.php:3748
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-home.php:3749
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-layout.php:747
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-layout.php:773
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-layout.php:774
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-layout.php:922
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-layout.php:949
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-layout.php:950
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-layout.php:1099
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-layout.php:1126
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-layout.php:1127
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-layout.php:1293
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-layout.php:1294
unserialize$settings_data = unserialize($wmab_settings);api\2.0\wmab-layout.php:1436
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-layout.php:1464
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-layout.php:1465
unserialize$this->wmab_plugin_settings = unserialize($wmab_settings);api\2.0\wmab-product.php:100
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-product.php:507
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-product.php:508
unserialize$cart_value = unserialize($session_value);api\2.0\wmab-product.php:703
unserialize$cart_contents = unserialize($cart_value['cart']);api\2.0\wmab-product.php:704
unserialize$wmab_plugin_settings = unserialize($wmab_settings);api\2.0\wmab-product.php:721
unserialize$this->wmab_plugin_settings = unserialize($wmab_settings);api\2.0\wmab-spin-win.php:61
unserialize$this->wmab_spin_win_settings = unserialize($wmab_spin_win_options);api\2.0\wmab-spin-win.php:68
unserialize$settings = unserialize($settings);views\home-page-layout.php:11
unserialize$settings = unserialize($settings);views\settings.php:26
unserialize$settings = unserialize($settings);woocommerce-mobile-app-builder.php:56
unserialize$wmab_spin_win_settings = unserialize($wmab_spin_win_options);woocommerce-mobile-app-builder.php:985
unserialize$settings = unserialize($settings);woocommerce-mobile-app-builder.php:2422
unserialize$settings = unserialize($settings);woocommerce-mobile-app-builder.php:2522
unserialize$settings = unserialize($settings);woocommerce-mobile-app-builder.php:4754
unserialize$wmab_plugin_settings = unserialize($wmab_settings);woocommerce-mobile-app-builder.php:4919
unserialize$settings = unserialize($settings);woocommerce-mobile-app-builder.php:5100
SQL Query Safety
95% prepared518 total queries
Output Escaping
72% escaped1731 total outputs
Data Flows
36 unsanitizedData Flow Analysis
25 flows36 with unsanitized paths
wmab_app_apply_voucher (woocommerce-mobile-app-builder.php:3964)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
109 unprotected Knowband Mobile App Builder Attack Surface
Entry Points118
Unprotected109
AJAX Handlers 15
REST API Routes 103
WordPress Hooks 83
Maintenance & Trust
Knowband Mobile App Builder Maintenance & Trust
Maintenance Signals
WordPress version tested6.8.5
Last updatedDec 9, 2025
PHP min version5.6
Downloads8K
Community Trust
Rating86/100
Number of ratings3
Active installs10
Alternatives
Knowband Mobile App Builder Alternatives
AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)
appmysite
B
77
Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.
8K 1 unpatched
WPMobile.App
wpappninja
A
89
Android and iOS mobile application. Easy setup, free test.
4K 9 CVEs
Mobile Smart App Banner
mobile-smart-app-banner
A
100
Transform your mobile website visitors into app users with intelligent smart app banners that boost downloads across iOS and Android devices.
200 No CVEs
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps
appexperts
C
54
APPExperts is a freemium mobile app builder that gives you the power to turn your WordPress-powered website into a mobile application for iOS and Andr …
40 2 unpatched
B2App – Android & iOS native apps builder without using code
b2app-no-code-mobile-app-builder
A
85
This Plugin is used for convert WooCommerce store to Android & iOS mobile app without using code.
10 No CVEs
Developer Profile
Knowband Mobile App Builder Developer Profile
Knowband
1 plugin · 10 total installs
93
trust score
Avg Security Score
99/100
Avg Patch Time
28 days
Detection Fingerprints
How We Detect Knowband Mobile App Builder
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
Asset Paths
/wp-content/plugins/knowband-mobile-app-builder-for-woocommerce/assets/css/admin.css/wp-content/plugins/knowband-mobile-app-builder-for-woocommerce/assets/css/bootstrap.min.css/wp-content/plugins/knowband-mobile-app-builder-for-woocommerce/assets/css/kb-custom-style.css/wp-content/plugins/knowband-mobile-app-builder-for-woocommerce/assets/css/wptoast.css/wp-content/plugins/knowband-mobile-app-builder-for-woocommerce/assets/js/admin-script.js/wp-content/plugins/knowband-mobile-app-builder-for-woocommerce/assets/js/bootstrap.min.js/wp-content/plugins/knowband-mobile-app-builder-for-woocommerce/assets/js/custom.js/wp-content/plugins/knowband-mobile-app-builder-for-woocommerce/assets/js/jscolor.js+5 moreVersion Parameters
knowband-mobile-app-builder-for-woocommerce/assets/css/admin.css?ver=knowband-mobile-app-builder-for-woocommerce/assets/css/bootstrap.min.css?ver=knowband-mobile-app-builder-for-woocommerce/assets/css/kb-custom-style.css?ver=knowband-mobile-app-builder-for-woocommerce/assets/css/wptoast.css?ver=knowband-mobile-app-builder-for-woocommerce/assets/js/admin-script.js?ver=knowband-mobile-app-builder-for-woocommerce/assets/js/bootstrap.min.js?ver=knowband-mobile-app-builder-for-woocommerce/assets/js/custom.js?ver=knowband-mobile-app-builder-for-woocommerce/assets/js/jscolor.js?ver=knowband-mobile-app-builder-for-woocommerce/assets/js/jquery-ui.js?ver=knowband-mobile-app-builder-for-woocommerce/assets/js/modernizr.js?ver=knowband-mobile-app-builder-for-woocommerce/assets/js/wptoast.js?ver=knowband-mobile-app-builder-for-woocommerce/views/css/style.css?ver=knowband-mobile-app-builder-for-woocommerce/views/css/style-responsive.css?ver=HTML / DOM Fingerprints
CSS Classes
kb_mobile_app_builderHTML Comments
<!-- BOC neeraj.kumar@velsof.com 21-Dec-2019 Module Upgrade V2 --><!-- EOC Module Upgrade V2 --><!-- BOC neeraj.kumar@velsof.com 29-Jan-2020 : Existing plugin : alter table column --><!-- EOC neeraj.kumar@velsof.com 29-Jan-2020 : Existing plugin : alter table column -->+2 moreData Attributes
data-kb-app-iddata-kb-app-pageJS Globals
window.kb_mobile_app_builder FAQ