WP-Safety

WpApper – Create native mobile apps(Android and iOS) Security & Risk Analysis

wordpress.org/plugins/wpapper

Create native app(Android & iOS). The wordpress plugin for Wpapper. CREATE NATIVE MOBILE APPS FOR YOUR WORDPRESS WEBSITES(Android and iOS)

0 active installs v1.2.1 PHP + WP 3.5+ Updated Jul 23, 2017
androidapp-for-wordpressiosmobile-appnative-app
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WpApper – Create native mobile apps(Android and iOS) Safe to Use in 2026?

Generally Safe

Score 85/100

WpApper – Create native mobile apps(Android and iOS) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "wpapper" v1.2.1 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, or cron events with exposed entry points is a significant strength, minimizing the plugin's attack surface. The code signals also indicate good practices, with a majority of SQL queries utilizing prepared statements and a reasonable percentage of output being properly escaped. The presence of nonce and capability checks, even if only one of each, demonstrates an awareness of core WordPress security mechanisms. However, the plugin does make external HTTP requests, which can be a potential vector for vulnerabilities if not handled with extreme care and proper sanitization of the data being sent or received. The lack of any recorded vulnerabilities, critical taint flows, or dangerous functions in the history further supports a positive security assessment. Despite the strong foundation, the limited analysis scope (zero taint flows analyzed) and the presence of external HTTP requests warrant a cautious approach.

Key Concerns

  • External HTTP requests present a potential risk
  • Not all SQL queries use prepared statements
  • Not all outputs are properly escaped
Vulnerabilities
None known

WpApper – Create native mobile apps(Android and iOS) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WpApper – Create native mobile apps(Android and iOS) Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
11 prepared
Unescaped Output
11
21 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

85% prepared13 total queries

Output Escaping

66% escaped32 total outputs
Attack Surface

WpApper – Create native mobile apps(Android and iOS) Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 50
filterjson_endpointsadmin\wpapper-admin.class.php:99
actionplugins_loadedfcm\options.php:261
actionadmin_initfcm\options.php:262
actiontransition_post_statusfcm\options.php:263
actiontransition_post_statusfcm\options.php:264
actionwp_before_admin_bar_renderfcm\options.php:265
actioncomment_flood_triggerwpapper.class.php:100
actioncomment_duplicate_triggerwpapper.class.php:102
filterjson_endpointswpapper.class.php:153
filterjson_prepare_taxonomywpapper.class.php:154
filterjson_endpointswpapper.class.php:158
filterjson_prepare_postwpapper.class.php:159
filterjson_prepare_commentwpapper.class.php:160
filterjson_endpointswpapper.class.php:164
filterjson_endpointswpapper.class.php:172
filterjson_prepare_postwpapper.class.php:173
filterjson_insert_postwpapper.class.php:174
filterjson_endpointswpapper.class.php:178
filterjson_prepare_postwpapper.class.php:179
filterjson_pre_insert_postwpapper.class.php:180
filterjson_insert_postwpapper.class.php:181
filterjson_post_type_datawpapper.class.php:182
filterjson_endpointswpapper.class.php:186
filterjson_post_type_datawpapper.class.php:187
filterjson_prepare_postwpapper.class.php:188
filterjson_endpointswpapper.class.php:192
actiondeprecated_function_runwpapper.class.php:195
filterdeprecated_function_trigger_errorwpapper.class.php:196
actiondeprecated_argument_runwpapper.class.php:197
filterdeprecated_argument_trigger_errorwpapper.class.php:198
filterjson_serve_requestwpapper.class.php:201
filterjson_pre_dispatchwpapper.class.php:202
filterjson_endpointswpapper.class.php:205
actioninitwpapper.php:59
actionwp_json_server_before_servewpapper.php:63
actiontemplate_redirectwpapper.php:66
filterplugin_row_metawpapper.php:68
actionlogin_redirectwpapper.php:76
actionregistration_redirectwpapper.php:77
actionregistered_post_typewpapper.php:80
filterjson_authentication_errorswpapper.php:82
actionauth_cookie_malformedwpapper.php:84
actionauth_cookie_expiredwpapper.php:85
actionauth_cookie_bad_usernamewpapper.php:86
actionauth_cookie_bad_hashwpapper.php:87
actionauth_cookie_validwpapper.php:88
filterget_avatarwpapper.php:90
actionadmin_menuwpapper.php:94
filterplugin_action_linkswpapper.php:95
actionplugins_loadedwpapper.php:99
Maintenance & Trust

WpApper – Create native mobile apps(Android and iOS) Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJul 23, 2017
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WpApper – Create native mobile apps(Android and iOS) Alternatives

WPMobile.App

WPMobile.App

wpappninja

A
89

Android and iOS mobile application. Easy setup, free test.

4K 9 CVEs
GoodBarber

GoodBarber

goodbarber

A
98

GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and/or Android

1K 2 CVEs
Androapp – Native Android mobile app for wordpress site

Androapp – Native Android mobile app for wordpress site

androapp

A
85

Native mobile app for android platform, create a beautiful mobile app for your wordpress blog in minutes, no programming knowledge required.

400 No CVEs
Mobile App Canvas – Convert your Website Into an App for iOS and Android

Mobile App Canvas – Convert your Website Into an App for iOS and Android

mobile-app

A
99

We convert your responsive mobile site into native mobile apps. Paid service.

300 1 CVE
Mobile Smart App Banner

Mobile Smart App Banner

mobile-smart-app-banner

A
100

Transform your mobile website visitors into app users with intelligent smart app banners that boost downloads across iOS and Android devices.

200 No CVEs
Developer Profile

WpApper – Create native mobile apps(Android and iOS) Developer Profile

oldcwj

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WpApper – Create native mobile apps(Android and iOS)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpapper/admin/css//wp-content/plugins/wpapper/admin/js//wp-content/plugins/wpapper/fcm/page//wp-content/plugins/wpapper/api//wp-content/plugins/wpapper/lib/common/
Script Paths
/wp-content/plugins/wpapper/admin/js/wpapper-app.js/wp-content/plugins/wpapper/admin/js/wpapper-app-setting.js/wp-content/plugins/wpapper/admin/js/wpapper-app-user.js/wp-content/plugins/wpapper/admin/js/wpapper-app-qr.js/wp-content/plugins/wpapper/admin/js/wpapper-app-download.js/wp-content/plugins/wpapper/admin/js/wpapper-app-update.js+4 more
Version Parameters
wpapper/style.css?ver=wpapper/script.js?ver=ver=1.2.1

HTML / DOM Fingerprints

CSS Classes
wpapper-app-notice
Data Attributes
data-wpapper-app-qrdata-wpapper-app-downloaddata-wpapper-app-updatedata-wpapper-app-api
JS Globals
wpapper_app_config
REST Endpoints
/wp-json/wpapper/v1/app/wp-json/wpapper/v1/user/wp-json/wpapper/v1/download/wp-json/wpapper/v1/update/wp-json/wpapper/v1/about/wp-json/wpapper/v1/notice/wp-json/wpapper/v1/tools/wp-json/wpapper/v1/api
FAQ

Frequently Asked Questions about WpApper – Create native mobile apps(Android and iOS)