WP-Safety

Mobile Blocks Security & Risk Analysis

wordpress.org/plugins/mobile-pages

The Mobile Blocks plugin makes it easy to create awesome mobile pages for WordPress using the Gutenberg Block Editor.

40 active installs v1.0.2 PHP 5.6.0+ WP 4.9.0+ Updated Mar 22, 2022
gutenberggutenberg-mobilemobile-contentmobile-layoutsmobile-only
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 11, 2025
Plugin page Download
Safety Verdict

Is Mobile Blocks Safe to Use in 2026?

Use With Caution

Score 63/100

Mobile Blocks has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 11, 2025Updated 4yr ago
Risk Assessment

The "mobile-pages" plugin v1.0.2 presents a mixed security posture. While it utilizes nonces and capability checks to a moderate degree, and the majority of its output is properly escaped, several significant concerns are evident. The presence of an unprotected AJAX handler creates a direct attack vector. Furthermore, the taint analysis revealing flows with unsanitized paths, though not categorized as critical or high, suggests potential for vulnerabilities if these paths are exploited. The plugin's vulnerability history is a major red flag, with one unpatched medium severity CVE related to Cross-Site Scripting, and the last vulnerability being quite recent. This indicates a pattern of past security weaknesses and a current, unresolved risk. The plugin's strengths lie in its relatively small attack surface for entry points and its attempt at securing some operations with nonces and capability checks. However, the unprotected AJAX handler and the history of unpatched vulnerabilities significantly elevate the risk profile, demanding immediate attention.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • Unpatched medium CVE
  • SQL queries not always prepared
  • Output not always escaped
  • Bundled Freemius library v1.0
Vulnerabilities
1

Mobile Blocks Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-32625medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mobile Pages <= 1.0.2 - Reflected Cross-Site Scripting

Apr 11, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Mobile Blocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
474
358 escaped
Nonce Checks
4
Capability Checks
3
File Operations
1
External Requests
3
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

50% prepared4 total queries

Output Escaping

43% escaped832 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
install_plugin_information (src\wp-sdk\includes\fs-plugin-info-dialog.php:928)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Mobile Blocks Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_mobile_pages_previewsrc\init.php:79
WordPress Hooks 28
actioninitsrc\init.php:78
actionadmin_menusrc\init.php:80
filtershow_admin_barsrc\init.php:254
actionadmin_footersrc\wp-sdk\includes\class-fs-logger.php:107
actionwp_footersrc\wp-sdk\includes\class-fs-logger.php:109
filterplugins_apisrc\wp-sdk\includes\class-fs-plugin-updater.php:83
actionadmin_headsrc\wp-sdk\includes\class-fs-plugin-updater.php:106
filterhttp_request_host_is_externalsrc\wp-sdk\includes\class-fs-plugin-updater.php:110
filterupgrader_post_installsrc\wp-sdk\includes\class-fs-plugin-updater.php:118
filterupgrader_pre_installsrc\wp-sdk\includes\class-fs-plugin-updater.php:121
filterupgrader_source_selectionsrc\wp-sdk\includes\class-fs-plugin-updater.php:122
filterwp_prepare_themes_for_jssrc\wp-sdk\includes\class-fs-plugin-updater.php:125
actionadmin_footersrc\wp-sdk\includes\class-fs-plugin-updater.php:142
filterpre_set_site_transient_update_pluginssrc\wp-sdk\includes\class-fs-plugin-updater.php:253
filterpre_set_site_transient_update_themessrc\wp-sdk\includes\class-fs-plugin-updater.php:258
filterupgrader_source_selectionsrc\wp-sdk\includes\class-fs-plugin-updater.php:1344
filterdebug_bar_panelssrc\wp-sdk\includes\debug\debug-bar-start.php:51
filterdebug_bar_statusessrc\wp-sdk\includes\debug\debug-bar-start.php:52
actioninstall_plugins_pre_plugin-informationsrc\wp-sdk\includes\fs-plugin-info-dialog.php:66
filterfs_plugins_apisrc\wp-sdk\includes\fs-plugin-info-dialog.php:69
actionadmin_footersrc\wp-sdk\includes\managers\class-fs-admin-notice-manager.php:211
actionnetwork_admin_noticessrc\wp-sdk\includes\managers\class-fs-admin-notice-manager.php:390
actionadmin_noticessrc\wp-sdk\includes\managers\class-fs-admin-notice-manager.php:391
actionadmin_enqueue_scriptssrc\wp-sdk\includes\managers\class-fs-admin-notice-manager.php:394
actionadmin_post_fs_clone_resolutionsrc\wp-sdk\includes\managers\class-fs-clone-manager.php:155
actionadmin_footersrc\wp-sdk\includes\managers\class-fs-clone-manager.php:172
actionhttp_api_curlsrc\wp-sdk\includes\sdk\FreemiusWordPress.php:445
actionadmin_footersrc\wp-sdk\templates\account.php:88
Maintenance & Trust

Mobile Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.0
Last updatedMar 22, 2022
PHP min version5.6.0
Downloads2K

Community Trust

Rating74/100
Number of ratings3
Active installs40
Alternatives

Mobile Blocks Alternatives

Classic Editor

Classic Editor

classic-editor

A
100

Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.

9.0M No CVEs
Starter Templates – AI-Powered Templates for Elementor & Gutenberg

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

A
89

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs
Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
Advanced Editor Tools

Advanced Editor Tools

tinymce-advanced

A
100

Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).

2.0M 1 CVE
Spectra Gutenberg Blocks – Website Builder for the Block Editor

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

A
92

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs
Developer Profile

Mobile Blocks Developer Profile

pootlepress

9 plugins · 1K total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mobile Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mobile-pages/src/css/admin-page.css/wp-content/plugins/mobile-pages/src/css/mobile-pages.css/wp-content/plugins/mobile-pages/src/js/admin-page.js/wp-content/plugins/mobile-pages/src/js/mobile-pages.js
Script Paths
/wp-content/plugins/mobile-pages/src/js/admin-page.js/wp-content/plugins/mobile-pages/src/js/mobile-pages.js
Version Parameters
mobile-pages/src/css/admin-page.css?ver=mobile-pages/src/css/mobile-pages.css?ver=mobile-pages/src/js/admin-page.js?ver=mobile-pages/src/js/mobile-pages.js?ver=

HTML / DOM Fingerprints

CSS Classes
gbmp-text
Data Attributes
gbmp-mobile-firstgbmp-mob1-regexgbmp-mob2-regexgbmp-mob-ex-regexgbmp_nonce
FAQ

Frequently Asked Questions about Mobile Blocks