Does WP App Store API have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP App Store API compatible with WordPress 4.5.33?

According to WordPress.org data, WP App Store API 1.0.3 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is WP App Store API updated?

WP App Store API was last updated on Apr 24, 2016. Frequent updates are generally a positive security signal.

What is WP App Store API's security score?

WP App Store API has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP App Store API Security & Risk Analysis

wordpress.org/plugins/wp-app-store-landing-page

The WP App Store API allows you to search the App Store for any app information and use them to display on your site via shortcodes.

10 active installs v1.0.3 PHP + WP 3.0.1+ Updated Apr 24, 2016

app-storeapple-app-storeiositunes-app-storeitunes-store

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP App Store API Safe to Use in 2026?

Generally Safe

Score 85/100

WP App Store API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "wp-app-store-landing-page" plugin v1.0.3 exhibits a generally strong security posture based on the provided static analysis. The plugin avoids dangerous functions, uses prepared statements for all SQL queries, and has no recorded vulnerabilities. The absence of external HTTP requests and file operations, along with the limited attack surface (one shortcode with no explicitly mentioned authentication checks), are positive indicators. However, a significant concern is the low percentage (56%) of properly escaped output. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, as unsanitized output can be rendered in the browser and exploited by attackers. The lack of documented vulnerability history is a good sign, implying responsible development, but it does not negate the risks identified in the code analysis.

Key Concerns

Low output escaping percentage
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

WP App Store API Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP App Store API Release Timeline

v1.0.3Current

v1.0.2

v1.0.1

Code Analysis

Analyzed Apr 16, 2026

WP App Store API Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

35 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

56% escaped63 total outputs

Attack Surface

WP App Store API Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[appstore] wp-appstore-api.php:485

WordPress Hooks 4

actionadmin_enqueue_scriptswp-appstore-api.php:13

actionadmin_enqueue_scriptswp-appstore-api.php:24

actionadmin_menuwp-appstore-api.php:33

actionadmin_initwp-appstore-api.php:34

Maintenance & Trust

WP App Store API Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedApr 24, 2016

PHP min version

Downloads3K

Community Trust

Rating46/100

Number of ratings3

Active installs10

Alternatives

WP App Store API Alternatives

AppStore Reviews Viewer

appstore-reviews-viewer

Adds a shortcode that displays reviews and ratings of an app from the iOS AppStore’s country you chose.

40 No CVEs

App Store Assistant

app-store-assistant

Lets you display the detail of an item or an RSS feed from Apple's App Store, iTunes Stores or Amazon.com. Affiliate ready.

30 No CVEs

App banner

app-banner

Requires at least: 4.0 Tested up to: 4.8 Requires PHP: 5.6 Stable tag: 1.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.

10 No CVEs

App Display Page

app-display-page

Adds a shortcode to display information about iOS apps from Apple's App Store.

10 No CVEs

Application download banner

application-download-banner

Plugin Description

0 No CVEs

Developer Profile

WP App Store API Developer Profile

sherizan

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP App Store API

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-appstore-api/wp-appstore-api.css/wp-content/plugins/wp-appstore-api/wp-appstore-api.js

Script Paths

wp-appstore-api.js

Version Parameters

wp-appstore-api/wp-appstore-api.css?ver=wp-appstore-api/wp-appstore-api.js?ver=

HTML / DOM Fingerprints

CSS Classes

admin-block

Data Attributes

data-tab

JS Globals

wp_appstore_api_params

Shortcode Output

[appstore type="id"][appstore type="icon"][appstore type="url"][appstore type="android"]

FAQ