WP-Safety

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder Security & Risk Analysis

wordpress.org/plugins/wapppress-builds-android-app-for-website

Short Description:Convert your website into Mobile App in just one click – no coding needed. Instantly generate an APK or AAB.

1K active installs v7.0.9 PHP + WP 4.5+ Updated Mar 7, 2026
app-creatorcreate-appmobile-app-buildernative-mobile-appwordpress-to-app
95
A · Safe
CVEs total3
Unpatched0
Last CVEAug 7, 2024
Plugin page Download
Safety Verdict

Is WappPress – Convert Site to App Fast – WordPress to Mobile App Builder Safe to Use in 2026?

Generally Safe

Score 95/100

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 7, 2024Updated 27d ago
Risk Assessment

The "wapppress-builds-android-app-for-website" plugin v7.0.9 presents a mixed security posture. While it demonstrates good practices in several areas, including 100% prepared SQL statements and a very high percentage of properly escaped output, there are significant areas of concern. The presence of an unprotected AJAX handler represents a direct entry point that could be exploited without proper authentication, posing a notable risk.

The static analysis did not reveal any critical or high-severity taint flows, which is a positive sign. However, the plugin's vulnerability history is a major red flag. With three known CVEs, including a past critical vulnerability, and a recent one on August 7, 2024, it indicates a recurring pattern of security weaknesses. The types of past vulnerabilities – XSS, SSRF, and unrestricted file uploads – are serious and can lead to complete site compromise.

In conclusion, while the current code analysis shows some strengths, the plugin's historical vulnerability record, coupled with the unprotected AJAX handler, necessitates caution. The past critical vulnerability and the recent patching requirement suggest that this plugin has had significant security flaws, and ongoing vigilance is crucial. Users should ensure they are using the latest patched version and monitor for future updates.

Key Concerns

  • Unprotected AJAX handler identified
  • Recent critical vulnerability history
  • Previous SSRF vulnerability
  • Previous Unrestricted Upload vulnerability
  • Previous XSS vulnerability
Vulnerabilities
3

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
2

3 total CVEs

CVE-2024-43137medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WappPress <= 6.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 7, 2024 Patched in 6.0.5 (8d)
CVE-2024-38758medium · 6.4Server-Side Request Forgery (SSRF)

WappPress <= 6.0.4 - Authenticated (Subscriber+) Server-Side Request Forgery

Jul 11, 2024 Patched in 6.0.5 (21d)
CVE-2023-49815critical · 9.8Unrestricted Upload of File with Dangerous Type

WappPress <= 5.0.3 - Unauthenticated Arbitrary File Upload

Dec 5, 2023 Patched in 6.0.0 (49d)
Code Analysis
Analyzed Mar 16, 2026

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
4
255 escaped
Nonce Checks
12
Capability Checks
6
File Operations
2
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

98% escaped259 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
wapppress_pro_settings (includes\wappPress_admin_setting.php:1631)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 5

authwp_ajax_create_appincludes\wappPress_admin_setting.php:13
authwp_ajax_create_push_appincludes\wappPress_admin_setting.php:15
authwp_ajax_get_appincludes\wappPress_admin_setting.php:17
authwp_ajax_search_post_handlerincludes\wappPress_admin_setting.php:20
authwp_ajax_wapppress_check_trialincludes\wappPress_admin_setting.php:24
WordPress Hooks 48
actionadmin_menuincludes\wappPress_admin_setting.php:9
actionadmin_initincludes\wappPress_admin_setting.php:11
filterplugin_row_metaincludes\wappPress_admin_setting.php:22
actionadmin_noticesincludes\wappPress_admin_setting.php:23
actionadmin_enqueue_scriptsincludes\wappPress_admin_setting.php:26
actioninitincludes\wappPress_admin_setting.php:28
actionpublish_postincludes\wappPress_admin_setting.php:40
actionpublish_postincludes\wappPress_admin_setting.php:43
actiontransition_post_statusincludes\wappPress_admin_setting.php:46
actiontransition_post_statusincludes\wappPress_admin_setting.php:49
actionadmin_headincludes\wappPress_admin_setting.php:187
actionadmin_headincludes\wappPress_admin_setting.php:194
actionadmin_headincludes\wappPress_admin_setting.php:201
actionadmin_menuincludes\wappPress_admin_setting.php:231
actioninitincludes\wappPress_customize.php:6
actionadmin_initincludes\wappPress_customize.php:9
filterclean_urlincludes\wappPress_customize.php:12
actionplugins_loadedincludes\wappPress_theme_switcher.php:16
filterpre_option_show_on_frontincludes\wappPress_theme_switcher.php:17
filterpre_option_page_on_frontincludes\wappPress_theme_switcher.php:18
filteroption_templateincludes\wappPress_theme_switcher.php:72
filteroption_stylesheetincludes\wappPress_theme_switcher.php:73
filtertemplateincludes\wappPress_theme_switcher.php:74
actionadmin_noticesinstantappy-pwa\includes\instantappy-config-and-functions.php:71
actionnetwork_admin_noticesinstantappy-pwa\includes\instantappy-config-and-functions.php:110
actionadd_option_INSTANTAPPY_settingsinstantappy-pwa\includes\instantappy-config-and-functions.php:209
actionupdate_option_INSTANTAPPY_settingsinstantappy-pwa\includes\instantappy-config-and-functions.php:210
filteradmin_footer_textinstantappy-pwa\includes\instantappy-config-and-functions.php:227
actionadmin_initinstantappy-pwa\includes\instantappy-pwa-admin-setting.php:9
actionadmin_initinstantappy-pwa\includes\instantappy-pwa-admin-setting.php:10
actionwp_headinstantappy-pwa\public\public-manifest-sw-functions.php:120
actionwp_footerinstantappy-pwa\public\public-manifest-sw-functions.php:417
actionwp_headinstantappy-pwa\public\public-manifest-sw-functions.php:426
actionwp_footerinstantappy-pwa\public\public-manifest-sw-functions.php:454
actionwp_enqueue_scriptsinstantappy-pwa\public\public-manifest-sw-functions.php:502
filterINSTANTAPPY_pwa_sw_files_to_cacheinstantappy-pwa\public\public-manifest-sw-functions.php:535
actionplugins_loadedwappPress.php:42
actionplugins_loadedwappPress.php:46
actionadmin_enqueue_scriptswappPress.php:47
filterbloginfowappPress.php:60
actionloop_startwappPress.php:65
actionloop_startwappPress.php:70
filtercomment_authorwappPress.php:198
filterget_comments_numberwappPress.php:212
actionadmin_initwappPress.php:213
filtercomments_openwappPress.php:214
filterpings_openwappPress.php:215
filtercomments_arraywappPress.php:216
Maintenance & Trust

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version
Downloads85K

Community Trust

Rating72/100
Number of ratings41
Active installs1K
Alternatives

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder Alternatives

Mobile App Editor – WordPress to Android App Builder

Mobile App Editor – WordPress to Android App Builder

mobile-app-editor

A
85

Native Android App Builder for wordpress and woocommerce.

40 No CVEs
My FastAPP

My FastAPP

my-fastapp

A
92

Create your native Android/iOS app using a wordpress admin console.

40 No CVEs
MStore API – Create Native Android & iOS Apps On The Cloud

MStore API – Create Native Android & iOS Apps On The Cloud

mstore-api

B
81

Take your WordPress store mobile with MStore API! This plugin bridges the gap between your WordPress website and the powerful FluxBuilder app builder.

3K 28 CVEs
Create my Apps

Create my Apps

create-my-apps

A
85

WP to App and WooCommerce to App is absolutely easy with the App Builder software from https://create-my-apps.com without programming knowledge.

10 No CVEs
AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

appmysite

B
77

Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.

8K 1 unpatched
Developer Profile

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder Developer Profile

WappPress

1 plugin · 1K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
26 days
View full developer profile
Detection Fingerprints

How We Detect WappPress – Convert Site to App Fast – WordPress to Mobile App Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wapppress-builds-android-app-for-website/css/bootstrap.min.css/wp-content/plugins/wapppress-builds-android-app-for-website/css/styles-admin.css/wp-content/plugins/wapppress-builds-android-app-for-website/css/wp-admin-wapp-style.css/wp-content/plugins/wapppress-builds-android-app-for-website/css/media-queries.css/wp-content/plugins/wapppress-builds-android-app-for-website/js/bootstrap.bundle.min.js/wp-content/plugins/wapppress-builds-android-app-for-website/js/jquery.validate.js/wp-content/plugins/wapppress-builds-android-app-for-website/js/additional-methods.min.js/wp-content/plugins/wapppress-builds-android-app-for-website/js/jquery.loader.min.js+6 more
Script Paths
wp-content/plugins/wapppress-builds-android-app-for-website/js/admin-script.min.js
Version Parameters
wapppress-builds-android-app-for-website/css/bootstrap.min.css?ver=wapppress-builds-android-app-for-website/css/styles-admin.css?ver=wapppress-builds-android-app-for-website/css/wp-admin-wapp-style.css?ver=wapppress-builds-android-app-for-website/css/media-queries.css?ver=wapppress-builds-android-app-for-website/js/bootstrap.bundle.min.js?ver=wapppress-builds-android-app-for-website/js/jquery.validate.js?ver=wapppress-builds-android-app-for-website/js/additional-methods.min.js?ver=wapppress-builds-android-app-for-website/js/jquery.loader.min.js?ver=wapppress-builds-android-app-for-website/js/admin-script.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
wappress-bootstrapwapppress-admin-stylewapppress-wp-adminwapppress-media
JS Globals
wapppressPluginData
FAQ

Frequently Asked Questions about WappPress – Convert Site to App Fast – WordPress to Mobile App Builder