WP-Safety

Mobile App Canvas – Convert your Website Into an App for iOS and Android Security & Risk Analysis

wordpress.org/plugins/mobile-app

We convert your responsive mobile site into native mobile apps. Paid service.

300 active installs v3.8.7 PHP 7.4+ WP 3.6+ Updated Mar 5, 2026
app-for-wordpressmobile-appmobile-app-pluginnative-app-pluginnative-mobile-app
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is Mobile App Canvas – Convert your Website Into an App for iOS and Android Safe to Use in 2026?

Generally Safe

Score 99/100

Mobile App Canvas – Convert your Website Into an App for iOS and Android has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 1, 2025Updated 29d ago
Risk Assessment

The "mobile-app" plugin v3.8.7 exhibits a mixed security posture. While it demonstrates some good practices like using prepared statements for most SQL queries and incorporating nonce checks, significant concerns arise from its attack surface and handling of dangerous functions. A notable number of AJAX handlers (5 out of 8) lack authentication checks, presenting a considerable risk of unauthorized actions being performed. The presence of the `unserialize` function without clear sanitization context also raises a red flag, as it can lead to remote code execution vulnerabilities if fed with untrusted data.

The vulnerability history shows a past medium-severity CVE, and while there are no currently unpatched vulnerabilities, the commonality of "Missing Authorization" in past issues is a concerning pattern that aligns with the static analysis findings. The taint analysis reveals flows with unsanitized paths, though thankfully no critical or high severity issues were identified here, suggesting that while paths might be insecure, they don't immediately lead to exploitable severe consequences in this version.

Overall, the plugin has strengths in its database query practices and some security checks, but the substantial number of unprotected AJAX endpoints and the potential risks associated with `unserialize` require immediate attention. The historical trend of authorization issues further emphasizes the need for robust access control across all entry points.

Key Concerns

  • AJAX handlers without auth checks
  • Use of unserialize function
  • Unsanitized paths in taint flows
  • Medium severity CVE in history
  • Low percentage of properly escaped output
  • Limited capability checks
Vulnerabilities
1

Mobile App Canvas – Convert your Website Into an App for iOS and Android Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31816medium · 4.3Missing Authorization

Mobile App Canvas <= 3.8.2 - Missing Authorization

Apr 1, 2025 Patched in 3.8.3 (8d)
Code Analysis
Analyzed Mar 16, 2026

Mobile App Canvas – Convert your Website Into an App for iOS and Android Code Analysis

Dangerous Functions
2
Raw SQL Queries
2
13 prepared
Unescaped Output
87
127 escaped
Nonce Checks
6
Capability Checks
1
File Operations
5
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$push_notification_tags = unserialize(Canvas::get_option('push_notification_tags'));core\push\canvas-onesignal-api.class.php:68
unserialize$push_notification_tags = unserialize($serialized_data);views\settings-push.php:45

Bundled Libraries

jQuery

SQL Query Safety

87% prepared15 total queries

Output Escaping

59% escaped214 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
filter_orders_by_order_tag (core\canvas_woo.class.php:219)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Mobile App Canvas – Convert your Website Into an App for iOS and Android Attack Surface

Entry Points8
Unprotected5

AJAX Handlers 8

authwp_ajax_canvas_save_themecore\canvas-admin.class.php:33
authwp_ajax_canvas_clean_historycore\canvas-admin.class.php:34
authwp_ajax_canvas_clean_logcore\canvas-admin.class.php:35
authwp_ajax_canvas_get_posts_for_notificationcore\canvas-admin.class.php:36
authwp_ajax_canvas_attachment_contentcore\canvas-admin.class.php:50
authwp_ajax_canvas_notification_check_duplicatecore\canvas-admin.class.php:51
authwp_ajax_canvas_notification_manual_sendcore\canvas-admin.class.php:52
authwp_ajax_canvas_notification_historycore\canvas-admin.class.php:53
WordPress Hooks 76
actioninitapi\canvas_api.class.php:15
filterquery_varsapi\canvas_api.class.php:16
actionparse_requestapi\canvas_api.class.php:17
actioninitapi\canvas_api.class.php:20
actioninitcanvas.php:36
actionadmin_menucore\canvas-admin.class.php:29
actioncurrent_screencore\canvas-admin.class.php:30
actionadmin_initcore\canvas-admin.class.php:31
filterscript_loader_tagcore\canvas-admin.class.php:32
actionadmin_initcore\canvas-admin.class.php:37
actionadmin_initcore\canvas-admin.class.php:38
actionadmin_initcore\canvas-admin.class.php:39
actionadmin_initcore\canvas-admin.class.php:40
actionadmin_footercore\canvas-admin.class.php:42
actionplugins_loadedcore\canvas.class.php:32
actiontransition_post_statuscore\canvas.class.php:40
actioncanvas_send_delayed_push_notificationcore\canvas.class.php:41
filterauth_cookie_expirationcore\canvas.class.php:48
actionbbp_post_notify_subscriberscore\canvas_bb.class.php:13
actionbbp_initcore\canvas_bb.class.php:93
actionbetter_messages_message_sentcore\canvas_bm.class.php:9
actionplugins_loadedcore\canvas_bm.class.php:41
actionbp_notification_after_savecore\canvas_bp.class.php:11
actionmessages_message_after_savecore\canvas_bp.class.php:13
actionmessages_notice_after_savecore\canvas_bp.class.php:16
actionbp_initcore\canvas_bp.class.php:377
actionlearndash_assignment_approvedcore\canvas_ld.class.php:11
actionpre_comment_on_postcore\canvas_ld.class.php:12
actionwp_loadedcore\canvas_ld.class.php:153
actionpeepso_messages_new_messagecore\canvas_ps.class.php:25
actionpeepso_friends_requests_after_addcore\canvas_ps.class.php:28
actionpeepso_activity_after_add_commentcore\canvas_ps.class.php:31
actionpeepso_activity_after_add_postcore\canvas_ps.class.php:34
actionpeepso_action_react_addcore\canvas_ps.class.php:39
actionpeepso_action_like_addcore\canvas_ps.class.php:40
actionpeepso_action_create_notification_aftercore\canvas_ps.class.php:41
actionpeepso_action_create_notification_aftercore\canvas_ps.class.php:42
actionpeepso_action_create_notification_aftercore\canvas_ps.class.php:43
actionpeepso_initcore\canvas_ps.class.php:619
actionplugins_loadedcore\canvas_theme.class.php:21
actionwp_headcore\canvas_theme.class.php:24
filtershow_admin_barcore\canvas_theme.class.php:46
filteroption_templatecore\canvas_theme.class.php:52
filteroption_stylesheetcore\canvas_theme.class.php:53
filtertemplatecore\canvas_theme.class.php:54
filterwp_footercore\canvas_theme.class.php:57
actionadmin_initcore\canvas_theme_settings.class.php:21
actioncustomize_registercore\canvas_theme_settings.class.php:31
filtergettextcore\canvas_theme_settings.class.php:34
filterclean_urlcore\canvas_theme_settings.class.php:36
actionwoocommerce_email_sentcore\canvas_woo.class.php:12
filtermanage_woocommerce_page_wc-orders_columnscore\canvas_woo.class.php:15
actionmanage_woocommerce_page_wc-orders_custom_columncore\canvas_woo.class.php:16
actionwoocommerce_order_query_argscore\canvas_woo.class.php:19
actionwoocommerce_order_list_table_restrict_manage_orderscore\canvas_woo.class.php:20
actionmanage_edit-shop_order_columnscore\canvas_woo.class.php:22
actionmanage_shop_order_posts_custom_columncore\canvas_woo.class.php:23
filterrestrict_manage_postscore\canvas_woo.class.php:26
filterrequestcore\canvas_woo.class.php:27
actionexport_filterscore\canvas_woo.class.php:31
actionexport_wpcore\canvas_woo.class.php:32
actionwoocommerce_checkout_create_ordercore\canvas_woo.class.php:35
actionwoocommerce_loadedcore\canvas_woo.class.php:462
actioncanvas_login_register_stylecore\form\canvas-form.class.php:25
actioncanvas_login_register_scriptscore\form\canvas-form.class.php:26
actioncanvas_login_register_stylecore\form\canvas-registration.class.php:124
actioncanvas_login_register_scriptscore\form\canvas-registration.class.php:125
actionwp_print_stylestemplates\notifications\list.php:105
actionwp_headtemplates\notifications\list.php:107
actionwp_print_footer_scriptstemplates\notifications\list.php:108
actionwp_print_footer_scriptstemplates\notifications\list.php:109
actionwp_footertemplates\notifications\list.php:110
filterscript_loader_tagtemplates\notifications\list.php:124
actionwp_print_footer_scriptstemplates\notifications\list.php:199
actionwp_print_footer_scriptstemplates\notifications\list.php:200
actionwp_footertemplates\notifications\list.php:201

Scheduled Events 1

canvas_send_delayed_push_notification
Maintenance & Trust

Mobile App Canvas – Convert your Website Into an App for iOS and Android Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version7.4
Downloads43K

Community Trust

Rating84/100
Number of ratings5
Active installs300
Alternatives

Mobile App Canvas – Convert your Website Into an App for iOS and Android Alternatives

Androapp – Native Android mobile app for wordpress site

Androapp – Native Android mobile app for wordpress site

androapp

A
85

Native mobile app for android platform, create a beautiful mobile app for your wordpress blog in minutes, no programming knowledge required.

400 No CVEs
Appmaker WP – Convert WordPress to Native Android & iOS App

Appmaker WP – Convert WordPress to Native Android & iOS App

appmaker-wp-mobile-app-manager

A
85

Appmaker WP helps you convert your wordpress news website or wp magazine into native iOS and Android mobile apps in minutes.

200 No CVEs
WappPress – Convert Site to App Fast – WordPress to Mobile App Builder

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder

wapppress-builds-android-app-for-website

A
95

Short Description:Convert your website into Mobile App in just one click – no coding needed. Instantly generate an APK or AAB.

1K 3 CVEs
WpApper – Create native mobile apps(Android and iOS)

WpApper – Create native mobile apps(Android and iOS)

wpapper

A
85

Create native app(Android & iOS). The wordpress plugin for Wpapper. CREATE NATIVE MOBILE APPS FOR YOUR WORDPRESS WEBSITES(Android and iOS)

0 No CVEs
AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

appmysite

B
77

Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.

8K 1 unpatched
Developer Profile

Mobile App Canvas – Convert your Website Into an App for iOS and Android Developer Profile

pietro

2 plugins · 500 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Mobile App Canvas – Convert your Website Into an App for iOS and Android

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mobile-app/assets/css/canvas-admin.css/wp-content/plugins/mobile-app/assets/css/canvas-admin-editor.css/wp-content/plugins/mobile-app/assets/css/canvas-admin-push.css/wp-content/plugins/mobile-app/assets/css/canvas-admin-login-registration.css/wp-content/plugins/mobile-app/assets/js/canvas-admin.js/wp-content/plugins/mobile-app/assets/js/canvas-admin-editor.js/wp-content/plugins/mobile-app/assets/js/canvas-admin-push.js/wp-content/plugins/mobile-app/assets/js/canvas-admin-login-registration.js+3 more
Script Paths
/wp-content/plugins/mobile-app/core/canvas.class.php/wp-content/plugins/mobile-app/core/canvas_bp.class.php/wp-content/plugins/mobile-app/core/canvas_bb.class.php/wp-content/plugins/mobile-app/core/canvas_ld.class.php/wp-content/plugins/mobile-app/core/canvas_ps.class.php/wp-content/plugins/mobile-app/core/canvas_woo.class.php+5 more
Version Parameters
/wp-content/plugins/mobile-app/assets/css/canvas-admin.css?ver=/wp-content/plugins/mobile-app/assets/css/canvas-admin-editor.css?ver=/wp-content/plugins/mobile-app/assets/css/canvas-admin-push.css?ver=/wp-content/plugins/mobile-app/assets/css/canvas-admin-login-registration.css?ver=/wp-content/plugins/mobile-app/assets/js/canvas-admin.js?ver=/wp-content/plugins/mobile-app/assets/js/canvas-admin-editor.js?ver=/wp-content/plugins/mobile-app/assets/js/canvas-admin-push.js?ver=/wp-content/plugins/mobile-app/assets/js/canvas-admin-login-registration.js?ver=/wp-content/plugins/mobile-app/assets/js/canvas-admin-helper.js?ver=/wp-content/plugins/mobile-app/assets/js/canvas-admin-login-registration-helper.js?ver=/wp-content/plugins/mobile-app/assets/js/canvas-admin-push-helper.js?ver=

HTML / DOM Fingerprints

CSS Classes
canvas-admin-options-formcanvas-editor-maincanvas-push-formcanvas-login-registration-formcanvas_logomobiloud-canvas-admin-menu
HTML Comments
<!-- Begin MobiLoud Canvas Admin JS --><!-- End MobiLoud Canvas Admin JS --><!-- canvas_menu_icons -->
Data Attributes
data-canvas-options-formdata-canvas-editor-actiondata-canvas-push-actiondata-canvas-login-registration-actiondata-canvas-website-urldata-canvas-utm-source
JS Globals
CanvasAdminCanvas
REST Endpoints
/wp-json/canvas/v1/options/wp-json/canvas/v1/save_theme/wp-json/canvas/v1/clean_history/wp-json/canvas/v1/clean_log/wp-json/canvas/v1/posts_for_notification/wp-json/canvas/v1/generate_login_template/wp-json/canvas/v1/generate_registration_template/wp-json/canvas/v1/generate_css_template/wp-json/canvas/v1/redirect_after_deleting_templates/wp-json/canvas/v1/attachment_content/wp-json/canvas/v1/notification_check_duplicate/wp-json/canvas/v1/notification_manual_send/wp-json/canvas/v1/notification_history
FAQ

Frequently Asked Questions about Mobile App Canvas – Convert your Website Into an App for iOS and Android