WP-Safety

Mobile App Editor – WordPress to Android App Builder Security & Risk Analysis

wordpress.org/plugins/mobile-app-editor

Native Android App Builder for wordpress and woocommerce.

40 active installs v1.3.1 PHP 5.6+ WP 5.0+ Updated Dec 4, 2022
android-app-builderapp-creatorcreate-appmobile-appmobile-app-builder
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Mobile App Editor – WordPress to Android App Builder Safe to Use in 2026?

Generally Safe

Score 85/100

Mobile App Editor – WordPress to Android App Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The mobile-app-editor plugin v1.3.1 exhibits a generally good security posture, with no recorded vulnerabilities (CVEs) or reported taint analysis issues. The static analysis reveals excellent practices in its handling of SQL queries (100% prepared statements) and output escaping (100% properly escaped). The absence of dangerous functions, file operations, and bundled libraries further contributes to a reduced attack surface in those areas.

However, a significant concern arises from the presence of 16 REST API routes, with one route lacking permission callbacks. This unprotected entry point represents a direct risk, as it could potentially be accessed and exploited by unauthenticated users, leading to unintended consequences depending on the route's functionality. The lack of nonce checks, while not directly linked to any found vulnerabilities, is a standard security measure that is absent here, increasing the potential for replay attacks if the unprotected REST API route performs sensitive actions.

Overall, while the plugin demonstrates strong core security development habits, the single unprotected REST API route is a critical weakness that needs immediate attention. The absence of any past vulnerabilities is positive but should not be a cause for complacency, especially given the identified unprotected entry point.

Key Concerns

  • Unprotected REST API route
  • Missing nonce checks
Vulnerabilities
None known

Mobile App Editor – WordPress to Android App Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Mobile App Editor – WordPress to Android App Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
12 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped12 total outputs
Attack Surface
1 unprotected

Mobile App Editor – WordPress to Android App Builder Attack Surface

Entry Points16
Unprotected1

REST API Routes 16

GET/wp-json/wprne/v1/init/get_init_dataincludes\class-wprne-rest-api.php:34
GET/wp-json/wprne/v1/appsincludes\class-wprne-rest-api.php:41
POST/wp-json/wprne/v1/appsincludes\class-wprne-rest-api.php:47
PUT/wp-json/wprne/v1/apps/(?P<id>\S+)includes\class-wprne-rest-api.php:53
DELETE/wp-json/wprne/v1/apps/(?P<id>\S+)includes\class-wprne-rest-api.php:59
GET/wp-json/wprne/v1/pages/(?P<id>\S+)includes\class-wprne-rest-api.php:66
POST/wp-json/wprne/v1/pages/(?P<id>\S+)includes\class-wprne-rest-api.php:72
GET/wp-json/wprne/v1/templatesincludes\class-wprne-rest-api.php:79
POST/wp-json/wprne/v1/templatesincludes\class-wprne-rest-api.php:85
POST/wp-json/wprne/v1/notif/add_tokenincludes\class-wprne-rest-api.php:92
POST/wp-json/wprne/v1/media/insert_mediaincludes\class-wprne-rest-api.php:99
POST/wp-json/wprne/v1/media/insert_fontincludes\class-wprne-rest-api.php:104
GET/wp-json/wprne/v1/post/get_post_typesincludes\class-wprne-rest-api.php:111
POST/wp-json/wprne/v1/post/create_postincludes\class-wprne-rest-api.php:117
POST/wp-json/wprne/v1/acf/get_fieldsincludes\class-wprne-rest-api.php:124
POST/wp-json/wprne/v1/licenseincludes\class-wprne-rest-api.php:131
WordPress Hooks 13
filterpage_attributes_dropdown_pages_argsincludes\class-wprne-page-templater.php:51
filtertheme_page_templatesincludes\class-wprne-page-templater.php:59
filterwp_insert_post_dataincludes\class-wprne-page-templater.php:66
filtertemplate_includeincludes\class-wprne-page-templater.php:74
actionplugins_loadedincludes\class-wprne-page-templater.php:162
actionplugins_loadedincludes\class-wprne.php:136
actionrest_api_initincludes\class-wprne.php:150
actionwp_loadedincludes\class-wprne.php:164
actionwoocommerce_thankyouincludes\class-wprne.php:165
actionadmin_enqueue_scriptsincludes\class-wprne.php:180
actionadmin_enqueue_scriptsincludes\class-wprne.php:181
actionadmin_menuincludes\class-wprne.php:183
actionpublish_postincludes\class-wprne.php:184
Maintenance & Trust

Mobile App Editor – WordPress to Android App Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedDec 4, 2022
PHP min version5.6
Downloads11K

Community Trust

Rating100/100
Number of ratings2
Active installs40
Alternatives

Mobile App Editor – WordPress to Android App Builder Alternatives

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder

wapppress-builds-android-app-for-website

A
95

Short Description:Convert your website into Mobile App in just one click – no coding needed. Instantly generate an APK or AAB.

1K 3 CVEs
My FastAPP

My FastAPP

my-fastapp

A
92

Create your native Android/iOS app using a wordpress admin console.

40 No CVEs
AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

appmysite

B
77

Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.

8K 1 unpatched
MStore API – Create Native Android & iOS Apps On The Cloud

MStore API – Create Native Android & iOS Apps On The Cloud

mstore-api

B
81

Take your WordPress store mobile with MStore API! This plugin bridges the gap between your WordPress website and the powerful FluxBuilder app builder.

3K 28 CVEs
Stionic Core – Create Mobile app for WordPress news

Stionic Core – Create Mobile app for WordPress news

stionic-core

A
100

Create mobile app for WordPress

100 No CVEs
Developer Profile

Mobile App Editor – WordPress to Android App Builder Developer Profile

Syarif

1 plugin · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mobile App Editor – WordPress to Android App Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mobile-app-editor/assets/css/editor-style.css/wp-content/plugins/mobile-app-editor/assets/css/editor-main-style.css/wp-content/plugins/mobile-app-editor/assets/js/editor-script.js/wp-content/plugins/mobile-app-editor/assets/js/editor-main-script.js/wp-content/plugins/mobile-app-editor/assets/js/editor-runtime-script.js/wp-content/plugins/mobile-app-editor/assets/js/editor-display.js
Script Paths
https://payhip.com/payhip.js
Version Parameters
mobile-app-editor/assets/css/editor-style.css?ver=mobile-app-editor/assets/css/editor-main-style.css?ver=mobile-app-editor/assets/js/editor-script.js?ver=mobile-app-editor/assets/js/editor-main-script.js?ver=mobile-app-editor/assets/js/editor-runtime-script.js?ver=mobile-app-editor/assets/js/editor-display.js?ver=

HTML / DOM Fingerprints

CSS Classes
wprne-container
Data Attributes
id="wprne-container"id="root"
JS Globals
wprneLocalize
FAQ

Frequently Asked Questions about Mobile App Editor – WordPress to Android App Builder