Does WP Mobile X have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Mobile X have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Mobile X compatible with WordPress 6.8.5?

According to WordPress.org data, WP Mobile X 1.4.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Mobile X compatible with PHP 7.0+?

WP Mobile X requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Mobile X updated?

WP Mobile X was last updated on Oct 28, 2025. Frequent updates are generally a positive security signal.

What is WP Mobile X's security score?

WP Mobile X has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Mobile X Security & Risk Analysis

wordpress.org/plugins/wp-mobile-x

WP Mobile X - Mobile theme for WordPress

100 active installs v1.4.1 PHP 7.0+ WP 6.2+ Updated Oct 28, 2025

%e7%a7%bb%e5%8a%a8%e7%ab%af%e4%b8%bb%e9%a2%98mobile-themewp-mobile-x%e6%89%8b%e6%9c%ba%e4%b8%bb%e9%a2%98

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Mobile X Safe to Use in 2026?

Generally Safe

Score 100/100

WP Mobile X has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The wp-mobile-x v1.4.1 plugin exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests, and utilizes prepared statements for most SQL queries, there are significant concerns regarding its attack surface. The presence of two AJAX handlers without authentication checks represents a notable risk, as these endpoints could potentially be exploited by unauthenticated users to perform unintended actions.

The static analysis also reveals that only two-thirds of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if sensitive data is not adequately sanitized before being displayed. The lack of any recorded vulnerabilities in its history is a positive indicator, suggesting a generally stable codebase. However, this does not negate the risks identified in the current code analysis, particularly the unprotected AJAX endpoints.

In conclusion, the plugin has strengths in its avoidance of certain risky coding patterns. Nevertheless, the unprotected AJAX endpoints and the percentage of unescaped output present clear security vulnerabilities that require attention. These issues, if left unaddressed, could expose the WordPress site to significant security risks.

Key Concerns

Unprotected AJAX handlers
Unescaped output detected

Vulnerabilities

None known

WP Mobile X Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Mobile X Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

70 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared9 total queries

Output Escaping

67% escaped104 total outputs

Attack Surface

2 unprotected

WP Mobile X Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_mobx_load_morethemes\mobx-default\functions.php:16

noprivwp_ajax_mobx_load_morethemes\mobx-default\functions.php:17

WordPress Hooks 41

actionadmin_menuadmin\includes\class-plugin-panel.php:23

actionafter_setup_themeadmin\includes\class-plugin-panel.php:26

actionadmin_enqueue_scriptsadmin\includes\class-plugin-panel.php:43

filterget_post_metadataadmin\includes\class-plugin-panel.php:50

filteradd_post_metadataadmin\includes\class-plugin-panel.php:51

filterupdate_post_metadataadmin\includes\class-plugin-panel.php:52

filterget_term_metadataadmin\includes\class-plugin-panel.php:54

filteradd_term_metadataadmin\includes\class-plugin-panel.php:55

filterupdate_term_metadataadmin\includes\class-plugin-panel.php:56

filterget_user_metadataadmin\includes\class-plugin-panel.php:58

filteradd_user_metadataadmin\includes\class-plugin-panel.php:59

filterupdate_user_metadataadmin\includes\class-plugin-panel.php:60

actionplugins_loadedincludes\class-mobile-x.php:8

actionsetup_themeincludes\class-mobile-x.php:33

filterstylesheetincludes\class-mobile-x.php:34

filtertemplateincludes\class-mobile-x.php:35

actionload-post.phpincludes\class-post-meta.php:36

actionload-post-new.phpincludes\class-post-meta.php:37

actionadd_meta_boxesincludes\class-post-meta.php:38

actionsave_postincludes\class-post-meta.php:39

actionafter_setup_themeincludes\functions-admin.php:6

filterwp_prepare_themes_for_jsincludes\functions-admin.php:19

filterpre_update_option_sticky_postsincludes\functions-admin.php:35

actionadmin_footerincludes\functions-admin.php:59

actionadmin_initincludes\functions-admin.php:72

filtermobx_tax_metasincludes\functions-admin.php:110

filterwpcom_post_metasincludes\functions-admin.php:138

filterwp-mobile-x_form_optionsincludes\functions-admin.php:158

actionafter_setup_themeincludes\functions-theme.php:3

filtershow_admin_barincludes\functions-theme.php:7

filterpre_option_show_on_frontincludes\functions-theme.php:14

actionwp_enqueue_scriptsincludes\functions-theme.php:32

filterwp_title_partsincludes\functions-theme.php:37

filterwp_titleincludes\functions-theme.php:63

actionmobx_copyrightincludes\functions-theme.php:96

actionpre_get_postsincludes\functions-theme.php:106

actionpre_get_postsincludes\functions-theme.php:126

filterwp-mobile-x_form_optionsthemes\mobx-default\functions-admin.php:10

actionafter_setup_themethemes\mobx-default\functions.php:8

filtermobx_localize_scriptthemes\mobx-default\functions.php:65

actionwp_headthemes\mobx-default\functions.php:71

Maintenance & Trust

WP Mobile X Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 28, 2025

PHP min version7.0

Downloads16K

Community Trust

Rating96/100

Number of ratings4

Active installs100

Alternatives

WP Mobile X Alternatives

Any Mobile Theme Switcher

any-mobile-theme-switcher

This Plugin detects mobile browser and display the theme as the setting done from admin. Usefull for switch to Mobile Theme.

20K No CVEs

AMP WP – Google AMP For WP

amp-wp

100

Automagically add Google AMP functionality to your site. Tons of Premium Features for FREE. Show/Hide Post Types, Categories, and Tags.

800 1 CVE

WP-Mobilizer

wp-mobilizer

WP-Mobilizer detects over 5,000 mobile devices and displays. You choose the theme you want for devices. Usefull for switch to Mobile Theme.

90 No CVEs

WPapptouch

wpapptouch

WPapptouch is a WordPress plugin & theme to transform your WordPress website to a Native like application for mobile.

50 No CVEs

TW Switch Mobile Domain

tw-switch-mobile-domain

Redirect to Mobile domain and switch mobile theme

30 No CVEs

Developer Profile

WP Mobile X Developer Profile

Lomu

2 plugins · 1K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect WP Mobile X

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-mobile-x/css/meta.css/wp-content/plugins/wp-mobile-x/js/bootstrap.js/wp-content/plugins/wp-mobile-x/js/meta.js

Script Paths

/wp-content/plugins/wp-mobile-x/js/bootstrap.js/wp-content/plugins/wp-mobile-x/js/meta.js

Version Parameters

wp-mobile-x/css/meta.css?ver=wp-mobile-x/js/bootstrap.js?ver=wp-mobile-x/js/meta.js?ver=

HTML / DOM Fingerprints

CSS Classes

mobx-metamobx-bootstrap-3

Data Attributes

data-mobx-meta

JS Globals

MobX_VERSION

FAQ