Uptodown APK Download Widget Security & Risk Analysis
wordpress.org/plugins/uptodown-apk-download-widgetAdd information about any Android app (+3M Apps) right onto your blog and mobile site along with info on APK downloads
Is Uptodown APK Download Widget Safe to Use in 2026?
Generally Safe
Score 99/100Uptodown APK Download Widget has a strong security track record. Known vulnerabilities have been patched promptly.
The uptodown-apk-download-widget plugin exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, SQL injection vulnerabilities, improper output escaping, and file operations are positive indicators. Furthermore, the code employs prepared statements for its SQL queries and includes nonce checks, which are important security practices. The lack of external HTTP requests also reduces potential attack vectors.
However, the plugin's vulnerability history reveals a past medium-severity Cross-Site Scripting (XSS) vulnerability. While this vulnerability is currently patched, its existence suggests that the plugin's developers may have had past challenges in fully sanitizing user input. The static analysis did not reveal any unsanitized taint flows, which is reassuring, but the historical context warrants continued vigilance.
In conclusion, while the current version of the plugin demonstrates strong adherence to secure coding principles in its static analysis, the past XSS vulnerability is a point of concern. The absence of capability checks for its single shortcode entry point could also be a potential oversight, depending on the functionality it exposes. Overall, the plugin is in a decent state, but the historical vulnerability should not be entirely dismissed.
Key Concerns
- Missing capability checks on entry points
- Past medium-severity XSS vulnerability history
Uptodown APK Download Widget Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Uptodown APK Download Widget <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Uptodown APK Download Widget Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Uptodown APK Download Widget Attack Surface
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Uptodown APK Download Widget Maintenance & Trust
Maintenance Signals
Community Trust
Uptodown APK Download Widget Alternatives
Arewa APK Apps Manager
arewa-apk-apps-manager
A professional WordPress plugin to display and manage APK apps on your WordPress site with ratings, comments, carousel display, and Elementor support.
Super Progressive Web Apps
super-progressive-web-apps
SuperPWA helps you convert your WordPress website into a Progressive Web App instantly.
GoodBarber
goodbarber
GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and/or Android
Web Manifest
web-manifest
Allows to create and configure a web-app manifest file (manifest.json).
IdeaPress – Turn WordPress into Mobile Apps (Android, iPhone, WinPhone)
ideapress-json-api
Don't write a single line of code. Turn your wordpress into mobile app in 5 mins. (Android, iOS, winPhone)
Uptodown APK Download Widget Developer Profile
1 plugin · 100 total installs
How We Detect Uptodown APK Download Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/uptodown-apk-download-widget/simplehtmldom/simple_html_dom.php//api.uptodown.com/HTML / DOM Fingerprints
utd_widgetdata-packagename<div class="utd_widget" data-packagename="