Does Mobile CSS have any unpatched vulnerabilities?

No. All known vulnerabilities in Mobile CSS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mobile CSS compatible with WordPress 3.6.1?

According to WordPress.org data, Mobile CSS 1.2 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Mobile CSS updated?

Mobile CSS was last updated on Sep 5, 2013. Frequent updates are generally a positive security signal.

What is Mobile CSS's security score?

Mobile CSS has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mobile CSS Security & Risk Analysis

wordpress.org/plugins/mobile-css

Allows you to define different CSS styles that get loaded for specific mobile devices.

500 active installs v1.2 PHP + WP 3.0+ Updated Sep 5, 2013

cssmobilephonestyletablet

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Mobile CSS Safe to Use in 2026?

Generally Safe

Score 85/100

Mobile CSS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The 'mobile-css' plugin v1.2 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL injection prevention, with 100% of queries using prepared statements and no recorded vulnerabilities or CVEs. The absence of a large attack surface, particularly unprotected entry points like AJAX handlers, REST API routes, and shortcodes, is also a strong indicator of good security awareness. However, significant concerns arise from the static analysis. The presence of two 'unserialize' calls without clear sanitization context is a major red flag, as unserialization of untrusted data can lead to Remote Code Execution (RCE). Furthermore, the analysis indicates that 0% of outputs are properly escaped, meaning stored or reflected data could be vulnerable to Cross-Site Scripting (XSS) attacks. The single nonce check and capability check suggest some attempt at security, but the lack of widespread output escaping and the critical nature of unsanitized unserialization present substantial risks. The complete absence of recorded vulnerabilities is positive, but it does not negate the inherent risks identified in the code itself.

Key Concerns

Unescaped output (XSS risk)
Dangerous function: unserialize (RCE risk)

Vulnerabilities

None known

Mobile CSS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Mobile CSS Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$current_values = unserialize( $current_values[0] );mc-includes\mc.functions.php:32

unserialize$current_values = unserialize( $current_values[0] );mc-includes\mc.meta_box.php:43

Output Escaping

0% escaped11 total outputs

Attack Surface

Mobile CSS Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionwp_headmc-includes\mc.functions.php:111

filterenter_title_heremc-includes\mc.functions.php:132

filteruser_can_richeditmc-includes\mc.functions.php:149

actionadmin_headmc-includes\mc.functions.php:229

actionmedia_buttonsmc-includes\mc.functions.php:247

actionadd_meta_boxesmc-includes\mc.meta_box.php:19

actionsave_postmc-includes\mc.meta_box.php:92

actioninitmc-includes\mc.post_types.php:50

Maintenance & Trust

Mobile CSS Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedSep 5, 2013

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings6

Active installs500

Alternatives

Mobile CSS Alternatives

WP Mobile Redirect

mobile-redirect-plus-lite

Detect mobile device and redirect to mobile optimize website. You can also choose whether or not to redirect tablets by enabling or disabling the chec …

500 No CVEs

Nginx Mobile Theme

nginx-mobile-theme

This plugin allows you to switch theme according to the User Agent on the Nginx reverse proxy.

200 No CVEs

isMobile() Shortcode for WordPress

ismobile

This plugin works with the open source Mobile Detect Library. You can get further information on its website.

100 1 CVE

Add Device Type to Body Class

add-device-type-to-body-class

This plugin is used to add type of device (mobile, tablet, desktop) in body class of wordpress website. This class is used to add device specific CSS.

70 No CVEs

Mobile Banner

mobile-banner

100

Create a banner with a link at the bottom of the screen, when viewed on mobile only.

70 1 CVE

Developer Profile

Mobile CSS Developer Profile

Maxaud

4 plugins · 720 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Mobile CSS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mobile-css/mc-includes/css/mobile-css.css

HTML / DOM Fingerprints

CSS Classes

mc_form_fieldmc_input_containermc_desc

HTML Comments

<!-- Mobile CSS styles - /* START: /* END:

Data Attributes

mc_rulesmc_device_typemc_phone_typemc_tablet_type

FAQ