WP-Safety

NAPPS – Mobile app builder Security & Risk Analysis

wordpress.org/plugins/napps

Create your app with NAPPS. We are a mobile app builder for e-commerce, download our plugin and start your free trial.

10 active installs v1.0.27 PHP 7.4+ WP 4.7+ Updated Jul 19, 2024
androidiosmobilenative-appwoocoomerce-app-builder
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is NAPPS – Mobile app builder Safe to Use in 2026?

Generally Safe

Score 92/100

NAPPS – Mobile app builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "napps" plugin v1.0.27 exhibits a generally good security posture based on the provided static analysis. The plugin has a minimal attack surface, with only one REST API route, and critically, this route includes a permission callback, indicating proper access control for this entry point. The vast majority of outputs are properly escaped, and there are no critical or high-severity findings from taint analysis, nor any known vulnerabilities in its history. This suggests a developer who is mindful of common security practices.

However, a significant concern arises from the handling of SQL queries. Two SQL queries are present, and neither uses prepared statements. This lack of prepared statements makes the plugin susceptible to SQL injection vulnerabilities if user-supplied data is directly incorporated into these queries without proper sanitization, which is not explicitly demonstrated in the provided analysis. Additionally, the presence of a file operation and an external HTTP request, while not inherently problematic, warrants careful review to ensure they are handled securely and do not introduce unintended vulnerabilities.

While the plugin's vulnerability history is clean, the static analysis reveals areas for improvement. The absence of nonce checks and the presence of only one capability check across all entry points are minor weaknesses. The bundled Guzzle library, while a well-known HTTP client, should also be regularly updated to mitigate any potential vulnerabilities it might inherit. Overall, the plugin is in good shape, but the SQL query handling is a notable risk that needs immediate attention.

Key Concerns

  • SQL queries without prepared statements
  • Bundled library (Guzzle) potential for outdated version
  • No nonce checks found
Vulnerabilities
None known

NAPPS – Mobile app builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

NAPPS – Mobile app builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
1
24 escaped
Nonce Checks
0
Capability Checks
1
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared2 total queries

Output Escaping

96% escaped25 total outputs
Attack Surface

NAPPS – Mobile app builder Attack Surface

Entry Points1
Unprotected0

REST API Routes 1

POST/wp-json/wc-bannersrc\Controllers\SmartBannerController.php:17
WordPress Hooks 57
actionactivated_pluginsrc\ActivationService.php:17
actiondeactivated_pluginsrc\ActivationService.php:18
filtertemplate_includesrc\Controllers\ProxyController.php:16
actionplugins_loadedsrc\I18n.php:13
actionadmin_menusrc\Modules\Admin\Settings.php:12
actionmewz_wcas_trigger_product_stock_changesrc\Modules\AttributeStock\AttributeStockModule.php:26
filterdetermine_current_usersrc\Modules\Auth\AuthModule.php:21
filterwoocommerce_coupon_data_tabssrc\Modules\Coupons\ExclusiveCouponsModule.php:24
actionwoocommerce_coupon_data_panelssrc\Modules\Coupons\ExclusiveCouponsModule.php:25
actionwoocommerce_process_shop_coupon_metasrc\Modules\Coupons\ExclusiveCouponsModule.php:26
actioninitsrc\Modules\Coupons\ExclusiveCouponsModule.php:29
filterwoocommerce_coupon_is_validsrc\Modules\Coupons\ExclusiveCouponsModule.php:34
filterwoocommerce_coupon_errorsrc\Modules\Coupons\ExclusiveCouponsModule.php:35
actionrest_api_initsrc\Modules\LinkedVariation\LinkedVariation.php:24
actionwoocommerce_deliver_webhook_asyncsrc\Modules\LinkedVariation\LinkedVariation.php:28
filterwoocommerce_rest_prepare_product_objectsrc\Modules\LinkedVariation\LinkedVariation.php:56
actionrest_api_initsrc\Modules\QTranslate\QTranslateModule.php:25
actionwoocommerce_deliver_webhook_asyncsrc\Modules\QTranslate\QTranslateModule.php:28
filterwoocommerce_rest_prepare_product_objectsrc\Modules\QTranslate\QTranslateModule.php:142
filterwoocommerce_rest_prepare_shop_order_objectsrc\Modules\QTranslate\QTranslateModule.php:143
filterwoocommerce_rest_prepare_product_attributesrc\Modules\QTranslate\QTranslateModule.php:144
filterwoocommerce_rest_prepare_shop_coupon_objectsrc\Modules\QTranslate\QTranslateModule.php:145
actionwoocommerce_proceed_to_checkoutsrc\Modules\ShippingRateCart\shipping-rate-cart-frontend.php:3
actiontemplate_redirectsrc\Modules\ShippingRateCart\shipping-rate-cart-frontend.php:28
filterwoocommerce_shipping_rate_labelsrc\Modules\ShippingRateCart\shipping-rate-cart-frontend.php:48
actionwoocommerce_before_cartsrc\Modules\ShippingRateCart\shipping-rate-cart-frontend.php:116
actionadmin_footersrc\Modules\ShippingRateCart\shipping-rate-cart.php:57
actionwoocommerce_shipping_initsrc\Modules\ShippingRateCart\ShippingRateCartModule.php:15
filterwoocommerce_shipping_methodssrc\Modules\ShippingRateCart\ShippingRateCartModule.php:16
actiontemplate_redirectsrc\Modules\Smartbanner\SmartbannerModule.php:17
actionwp_enqueue_scriptssrc\Modules\Smartbanner\SmartbannerModule.php:36
actionwoocommerce_admin_order_data_after_order_detailssrc\Modules\Woocommerce\Admin.php:10
actionrest_api_initsrc\Modules\Woocommerce\Rest.php:10
actionwoocommerce_after_order_object_savesrc\Modules\Woocommerce\Rest.php:20
filterrest_post_dispatchsrc\Modules\Woocommerce\Rest.php:44
filterwoocommerce_webhook_topicssrc\Modules\Woocommerce\Webhooks.php:12
filterwoocommerce_valid_webhook_resourcessrc\Modules\Woocommerce\Webhooks.php:13
filterwoocommerce_webhook_topic_hookssrc\Modules\Woocommerce\Webhooks.php:14
filterwoocommerce_webhook_payloadsrc\Modules\Woocommerce\Webhooks.php:15
actionrest_api_initsrc\Modules\Woocommerce\Webhooks.php:17
actioncreated_termsrc\Modules\Woocommerce\Webhooks.php:23
actiondelete_termsrc\Modules\Woocommerce\Webhooks.php:24
actionedited_termssrc\Modules\Woocommerce\Webhooks.php:25
actionadded_term_metasrc\Modules\Woocommerce\Webhooks.php:28
actiondeleted_term_metasrc\Modules\Woocommerce\Webhooks.php:29
actioncreated_product_catsrc\Modules\Woocommerce\Webhooks.php:32
actionedited_product_catsrc\Modules\Woocommerce\Webhooks.php:33
actiondelete_product_catsrc\Modules\Woocommerce\Webhooks.php:34
actiondelete_product_shipping_classsrc\Modules\Woocommerce\Webhooks.php:36
actionwoocommerce_initsrc\Modules\Woocommerce\Webhooks.php:38
filterwoocommerce_rest_prepare_product_variation_objectsrc\Modules\Woocommerce\Webhooks.php:44
actionset_transient_shipping-transient-versionsrc\Modules\Woocommerce\Webhooks.php:175
actionwoocommerce_rest_insert_shop_order_objectsrc\Modules\Woocommerce\WoocommerceModule.php:22
actionwoocommerce_checkout_order_createdsrc\Modules\Woocommerce\WoocommerceModule.php:23
actionwoocommerce_checkout_create_ordersrc\Modules\Woocommerce\WoocommerceModule.php:24
actioninitsrc\Router.php:23
actionrest_api_initsrc\Router.php:24
Maintenance & Trust

NAPPS – Mobile app builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJul 19, 2024
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

NAPPS – Mobile app builder Alternatives

WpApper – Create native mobile apps(Android and iOS)

WpApper – Create native mobile apps(Android and iOS)

wpapper

A
85

Create native app(Android & iOS). The wordpress plugin for Wpapper. CREATE NATIVE MOBILE APPS FOR YOUR WORDPRESS WEBSITES(Android and iOS)

0 No CVEs
WPMobile.App

WPMobile.App

wpappninja

A
89

Android and iOS mobile application. Easy setup, free test.

4K 9 CVEs
GoodBarber

GoodBarber

goodbarber

A
98

GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and/or Android

1K 2 CVEs
Device-Based Redirect

Device-Based Redirect

device-based-redirect

A
100

Redirect users to your app pages in app store or play store based on their device type with custom URLs and page-specific redirects.

300 No CVEs
Mobile Smart App Banner

Mobile Smart App Banner

mobile-smart-app-banner

A
100

Transform your mobile website visitors into app users with intelligent smart app banners that boost downloads across iOS and Android devices.

200 No CVEs
Developer Profile

NAPPS – Mobile app builder Developer Profile

nappssolutions

2 plugins · 10 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NAPPS – Mobile app builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/napps/public/css/napps.css/wp-content/plugins/napps/vendor/js/napps-frontend.js
Script Paths
/wp-content/plugins/napps/vendor/js/napps-frontend.js
Version Parameters
napps/style.css?ver=napps-banner?ver=

HTML / DOM Fingerprints

CSS Classes
napps-getting-started-wrapper
Data Attributes
data-napps-site-url
JS Globals
napps_mobile_sdk_installed
REST Endpoints
/wp-json/napps/v1/reset-password/wp-json/napps/v1/token
FAQ

Frequently Asked Questions about NAPPS – Mobile app builder