Does wp2phone have any unpatched vulnerabilities?

No. All known vulnerabilities in wp2phone have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is wp2phone compatible with WordPress 3.4.2?

According to WordPress.org data, wp2phone 0.1.6 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is wp2phone updated?

wp2phone was last updated on Oct 13, 2012. Frequent updates are generally a positive security signal.

What is wp2phone's security score?

wp2phone has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

wp2phone Security & Risk Analysis

wordpress.org/plugins/wp2phone

wp2phone plugin allows you to create, design and manage the content of a native iPhone & iPad app, directly in WordPress dashboard.

10 active installs v0.1.6 PHP + WP 2.9+ Updated Oct 13, 2012

iosios4ipadiphoneipod

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is wp2phone Safe to Use in 2026?

Generally Safe

Score 85/100

wp2phone has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The wp2phone plugin v0.1.6 exhibits a concerning security posture due to several critical code-level vulnerabilities. The most significant issue is the presence of an unprotected AJAX handler, which represents a direct attack vector. Furthermore, the plugin extensively uses SQL queries without prepared statements, increasing the risk of SQL injection vulnerabilities. The lack of output escaping for a substantial number of outputs is another major red flag, potentially leading to cross-site scripting (XSS) attacks. While the plugin has no recorded vulnerability history (CVEs), this lack of historical issues does not negate the immediate risks identified in the static analysis. The high number of unsanitized taint flows with critical and high severity ratings further amplifies these concerns, suggesting that untrusted data is not being properly validated or sanitized before being used in sensitive operations.

Despite the identified issues, the plugin does have some positive aspects, such as a relatively small attack surface and the absence of bundled libraries that might be outdated. However, these strengths are heavily outweighed by the critical vulnerabilities found in the code analysis. The unprotected AJAX endpoint, raw SQL queries, and unescaped output present immediate and severe security risks that require urgent attention. The absence of known CVEs is not a reliable indicator of current security given the significant findings in the static analysis. Overall, this plugin should be considered high-risk until these identified vulnerabilities are addressed.

Key Concerns

Unprotected AJAX handler
All SQL queries use raw execution
No output escaping for 219 outputs
2 High severity taint flows
4 Flows with unsanitized paths
No nonce checks on AJAX handlers

Vulnerabilities

None known

wp2phone Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

wp2phone Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

218

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared9 total queries

Output Escaping

0% escaped219 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths

wp2p_add_edit_tab (includes\content_page.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

wp2phone Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_wp2p_actionplugin.php:48

WordPress Hooks 5

actionadmin_menuplugin.php:46

actionadmin_initplugin.php:47

actionwp_json_wp2p_jsonplugin.php:49

actionpublish_postplugin.php:50

actionwp_headplugin.php:51

Maintenance & Trust

wp2phone Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedOct 13, 2012

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

wp2phone Alternatives

iPad Rubberneck Disrupter

ipad-rubberneck-disrupter

100

Hides the WordPress login password as it is typed on your iPad or other IOS device.

10 No CVEs

Push Notification iOS

push-notifications-ios

This plugin allows you to send Push Notifications directly from your WordPress site to your iOS app.

10 No CVEs

Retina @2x

retina-2x

A plugin that looks for retina images automatically based on the @2x naming convention.

800 No CVEs

Smart App Banner

smart-app-banner

This is a WordPress plugin that allows you to use Smart App Banners, introduced in iOS 6, with your WordPress blog.

600 2 CVEs

iOS Smart App Banner For Safari

ios-smart-app-banner-for-safari

iOS Smart App Banner For Safari plugin quickly and easily displays app banners for your web users who are using mobile Safari on iOS.

20 No CVEs

Developer Profile

wp2phone Developer Profile

wp2phone

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect wp2phone

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp2phone/images/icon16.png

Script Paths

/wp-content/plugins/wp2phone/js/script.js

Version Parameters

wp2phone/style.css?ver=wp2phone/js/script.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

app-id=

JS Globals

MyAjax

FAQ