Does ShopApper: Mobile App for WooCommerce have any unpatched vulnerabilities?

Yes — ShopApper: Mobile App for WooCommerce currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is ShopApper: Mobile App for WooCommerce compatible with WordPress 6.6.5?

According to WordPress.org data, ShopApper: Mobile App for WooCommerce 0.4.61 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is ShopApper: Mobile App for WooCommerce compatible with PHP 7.2+?

ShopApper: Mobile App for WooCommerce requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ShopApper: Mobile App for WooCommerce updated?

ShopApper: Mobile App for WooCommerce was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is ShopApper: Mobile App for WooCommerce's security score?

ShopApper: Mobile App for WooCommerce has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ShopApper: Mobile App for WooCommerce Security & Risk Analysis

wordpress.org/plugins/mobile-app-for-woocommerce

Native iOS & Android mobile app for your WooCommerce store customers. Build a fully functional, customizable native app within minutes.

50 active installs v0.4.61 PHP 7.2+ WP 5.0+ Updated Mar 10, 2026

appm-commercemobilereact-nativewoocommerce

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 14, 2025

Plugin page Download

Safety Verdict

Is ShopApper: Mobile App for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 78/100

ShopApper: Mobile App for WooCommerce is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 14, 2025Updated 27d ago

Risk Assessment

The "mobile-app-for-woocommerce" plugin v0.4.61 demonstrates a generally good security posture with several positive indicators. All SQL queries are prepared, and a high percentage of output is properly escaped, mitigating common injection and XSS risks. The plugin also implements nonce and capability checks, and its attack surface through AJAX, REST API, and shortcodes appears to be minimal or protected. However, there are two concerning taint analysis flows that were identified with unsanitized paths, though they are not categorized as critical or high severity. This suggests a potential for subtle vulnerabilities that could be exploited if user input is not handled with extreme care.

The plugin's vulnerability history is a significant concern, with one medium severity CVE that remains unpatched. The fact that the last vulnerability was reported very recently (2025-04-14) and is still unpatched indicates a potential for delayed or inadequate security maintenance. The common vulnerability type being Cross-site Scripting further reinforces the need for vigilance in output escaping and input sanitization, even with the current high escaping rate. While the plugin has strengths in its secure coding practices, the presence of unsanitized taint flows and a recent, unpatched vulnerability necessitates a cautious approach.

Key Concerns

Unpatched CVE detected
Taint analysis with unsanitized paths
Bundled library Guzzle detected

Vulnerabilities

ShopApper: Mobile App for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32638medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ShopApper <= 0.4.53 - Unauthenticated Stored Cross-Site Scripting

Apr 14, 2025Unpatched

Version History

ShopApper: Mobile App for WooCommerce Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

ShopApper: Mobile App for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

54 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared18 total queries

Output Escaping

87% escaped62 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

attribute_updated (Controllers\Visibility.php:192)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ShopApper: Mobile App for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 103

actionnetwork_plugin_loadedControllers\AuthController.php:26

actionrest_api_initControllers\AuthController.php:28

actionshow_user_profileControllers\AuthController.php:30

actionuser_new_formControllers\AuthController.php:32

actionedit_user_profileControllers\AuthController.php:34

actionpersonal_options_updateControllers\AuthController.php:36

actionedit_user_profile_updateControllers\AuthController.php:38

filterwoocommerce_rest_check_permissionsControllers\AuthController.php:40

actionrest_api_initControllers\CartController.php:20

filterwoocommerce_rest_is_request_to_rest_apiControllers\CartController.php:22

filterwoocommerce_get_cart_page_idControllers\CartController.php:24

actionwoocommerce_add_to_cartControllers\CartController.php:26

actionrest_api_initControllers\CheckoutController.php:18

actionwoocommerce_checkout_create_orderControllers\CheckoutController.php:20

actionwoocommerce_checkout_update_order_metaControllers\CheckoutController.php:22

actionwoocommerce_order_status_cancelledControllers\CheckoutController.php:24

actionrest_api_initControllers\MediaController.php:17

actionrest_api_initControllers\ProductController.php:22

filterwoocommerce_rest_product_object_queryControllers\ProductController.php:24

filterwoocommerce_rest_prepare_product_objectControllers\ProductController.php:25

actionrest_api_initControllers\StoreController.php:16

actionrest_api_initControllers\SubscriptionController.php:24

actionadmin_enqueue_scriptsControllers\Visibility.php:22

actionproduct_cat_edit_form_fieldsControllers\Visibility.php:24

actionproduct_cat_add_form_fieldsControllers\Visibility.php:25

actioncreated_product_catControllers\Visibility.php:27

actionedited_product_catControllers\Visibility.php:28

filterwoocommerce_product_data_tabsControllers\Visibility.php:31

actionwoocommerce_product_data_panelsControllers\Visibility.php:32

actionwoocommerce_process_product_metaControllers\Visibility.php:34

actionwoocommerce_after_add_attribute_fieldsControllers\Visibility.php:36

actionwoocommerce_after_edit_attribute_fieldsControllers\Visibility.php:37

actionwoocommerce_attribute_addedControllers\Visibility.php:39

actionwoocommerce_attribute_updatedControllers\Visibility.php:40

actionwoocommerce_product_after_variable_attributesControllers\Visibility.php:43

actionwoocommerce_save_product_variationControllers\Visibility.php:44

filterwoocommerce_rest_prepare_product_catControllers\Visibility.php:46

filterwoocommerce_rest_prepare_product_objectControllers\Visibility.php:48

filterwoocommerce_rest_prepare_product_variation_objectControllers\Visibility.php:49

filterwoocommerce_add_to_cart_validationControllers\Visibility.php:51

actionwoocommerce_after_checkout_validationControllers\Visibility.php:53

filterwc_lottery_generate_random_ticket_numbersControllers\Visibility.php:55

actionpre_get_postsControllers\Visibility.php:57

filterwoocommerce_rest_prepare_product_objectControllers\Wad.php:10

filterwoocommerce_rest_prepare_product_variation_objectControllers\Wad.php:11

actionrest_api_initControllers\Webhook.php:17

actioninitControllers\WebView.php:18

actionwp_enqueue_scriptsControllers\WebView.php:20

actiontemplate_redirectControllers\WebView.php:22

filterwoocommerce_add_successControllers\WebView.php:24

filterwoocommerce_add_errorControllers\WebView.php:26

actioncwg_instock_after_instock_mailincludes\BackInStockNotifier.php:9

actionrest_api_initincludes\Beans.php:14

actionrest_api_initincludes\CommerceGurus.php:8

actionrest_api_initincludes\Coupon.php:23

actionwoocommerce_coupon_data_tabsincludes\Coupon.php:25

actionwoocommerce_coupon_data_panelsincludes\Coupon.php:27

actionwoocommerce_coupon_options_saveincludes\Coupon.php:29

actionwp_loadedincludes\Coupon.php:31

filterwoocommerce_coupon_is_validincludes\Coupon.php:33

actionwoocommerce_new_orderincludes\Coupon.php:35

actionwoocommerce_order_status_cancelledincludes\Coupon.php:37

actionshopapper_hourlyincludes\Cron.php:26

actionrest_api_initincludes\CustomCssJs.php:15

actionwp_headincludes\CustomCssJs.php:17

actionwp_footerincludes\CustomCssJs.php:19

actionadmin_enqueue_scriptsincludes\Dashboard.php:23

actionadmin_menuincludes\Dashboard.php:25

actionin_admin_headerincludes\Dashboard.php:27

actionrest_api_initincludes\Dashboard.php:29

actionwoocommerce_order_status_changedincludes\Dashboard.php:31

actiontransition_post_statusincludes\Dashboard.php:33

actioncreated_product_catincludes\Dashboard.php:35

actionwoocommerce_product_before_set_stockincludes\Dashboard.php:37

actionwoocommerce_product_set_stockincludes\Dashboard.php:39

filterv_forcelogin_bypassincludes\ForceLogin.php:9

filterrest_authentication_errorsincludes\ForceLogin.php:11

filterfrm_after_create_entryincludes\Formidable.php:9

actionadd_meta_boxes_productincludes\MyCred.php:5

actionsave_post_productincludes\MyCred.php:141

actionwoocommerce_product_after_variable_attributesincludes\MyCred.php:175

actionwoocommerce_save_product_variationincludes\MyCred.php:274

actionwoocommerce_before_add_to_cart_formincludes\MyCred.php:484

actionwoocommerce_order_status_completedincludes\MyCred.php:486

actionwoocommerce_checkout_before_customer_detailsincludes\MyCred.php:488

actionwoocommerce_before_cart_tableincludes\MyCred.php:490

filterwoocommerce_get_item_dataincludes\MyCred.php:492

actionwp_headincludes\MyCred.php:494

actionwoocommerce_before_add_to_cart_quantityincludes\MyCred.php:496

filtermycred_exclude_userincludes\MyCred.php:838

filterupdated_ReminderEmailStatus_metaincludes\PHWoocommerceBookings.php:7

actionrest_api_initincludes\PointsAndRewards.php:20

filterwc_points_rewards_points_earned_for_purchaseincludes\PointsAndRewards.php:22

filterywpar_calculate_points_on_cartincludes\PointsAndRewards.php:24

filterywpar_conversion_points_rateincludes\PointsAndRewards.php:144

actionrest_api_initincludes\ProjectCastingLogin.php:11

filterrua/auth/content-accessincludes\RestrictUserAccess.php:11

actionwoocommerce_update_productincludes\Stock.php:19

actionrest_api_initincludes\Stock.php:21

actionupdate_user_metaincludes\Swings.php:13

actionupgrader_process_completeincludes\Updater.php:11

actionrest_api_initincludes\YITHQuestionAnswer.php:8

actionyobro_after_store_messageincludes\Yobro.php:9

Scheduled Events 1

shopapper_hourly

Maintenance & Trust

ShopApper: Mobile App for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedMar 10, 2026

PHP min version7.2

Downloads10K

Community Trust

Rating80/100

Number of ratings4

Active installs50

Alternatives

ShopApper: Mobile App for WooCommerce Alternatives

Mobile builder

mobile-builder

The most advanced drag & drop app builder. Create multi templates and app controls.

90 1 unpatched

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

appmysite

Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.

8K 2 CVEs

MStore API – Create Native Android & iOS Apps On The Cloud

mstore-api

Take your WordPress store mobile with MStore API! This plugin bridges the gap between your WordPress website and the powerful FluxBuilder app builder.

3K 28 CVEs

Taqnix

taqnix

100

Build AI-powered mobile apps for WordPress/WooCommerce. No code, 100+ templates, push alerts, payments. Launch in minutes.

50 No CVEs

TC Ecommerce – Create Android & iOS Apps for WooCommerce

tc-ecommerce

TC eCommerce Plugin is complete mobile app solution for android and iOS platform with WordPress WooCommerce as backend.

40 2 CVEs

Developer Profile

ShopApper: Mobile App for WooCommerce Developer Profile

weptile

3 plugins · 80 total installs

trust score

Avg Security Score

83/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ShopApper: Mobile App for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mobile-app-for-woocommerce/assets/css/visibility.css/wp-content/plugins/mobile-app-for-woocommerce/assets/js/app.js

Script Paths

/wp-content/plugins/mobile-app-for-woocommerce/assets/js/app.js

Version Parameters

mobile-app-for-woocommerce/assets/css/visibility.css?ver=mobile-app-for-woocommerce/assets/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

shopapper-visibilityshopapper_product_dataterm-shopapper_hide

HTML Comments

Hide product from app?Product appears on the web but it prevents users from adding it to cart.It entirely hides the product from the web.Hide attribute from app?

Data Attributes

shopapper_hideshopapper_only_appshopapper_hide_web

JS Globals

MAFW_PATHMAFW_URLMAFW_BASENAMEMAFW_WC_API_KEY_TABLEMAFW_CLIENT_ROUTE

REST Endpoints

shopapper/client/v1

FAQ