WP-Safety

WPMobile.App Security & Risk Analysis

wordpress.org/plugins/wpappninja

Android and iOS mobile application. Easy setup, free test.

4K active installs v11.75 PHP 5.6+ WP 3.7.0+ Updated Dec 2, 2025
androidandroid-appiosios-appmobile-app
89
A · Safe
CVEs total9
Unpatched0
Last CVEOct 26, 2025
Plugin page Download
Safety Verdict

Is WPMobile.App Safe to Use in 2026?

Generally Safe

Score 89/100

WPMobile.App has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Oct 26, 2025Updated 4mo ago
Risk Assessment

The wpappninja plugin v11.75 presents a mixed security posture. While it demonstrates some good practices, such as a high percentage of SQL queries using prepared statements and a reasonable number of nonce and capability checks, significant concerns exist. The plugin has a considerable attack surface, with 36 total entry points, and notably, 3 of these (AJAX handlers) lack authentication checks, creating potential avenues for unauthorized actions. The taint analysis is particularly concerning, revealing 25 high-severity flows with unsanitized paths, indicating a strong possibility of sensitive data being mishandled or manipulated. Furthermore, only 12% of output is properly escaped, raising the risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history, with 9 known CVEs including high and medium severity issues like Open Redirect, Code Injection, and XSS, reinforces these concerns. The recency of the last vulnerability (2025) suggests ongoing security challenges, despite no currently unpatched CVEs.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flows with unsanitized paths
  • Low percentage of properly escaped output
  • Multiple known vulnerabilities (High/Medium)
  • Bundled libraries (potential for outdated versions)
Vulnerabilities
9

WPMobile.App Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
4 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
7

9 total CVEs

CVE-2025-62074high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPMobile.App <= 11.71 - Unauthenticated Stored Cross-Site Scripting

Oct 26, 2025 Patched in 11.72 (4d)
CVE-2024-13888high · 7.2URL Redirection to Untrusted Site ('Open Redirect')

WPMobile.App <= 11.56 - Open Redirect via 'redirect' Parameter

Feb 19, 2025 Patched in 11.57 (1d)
CVE-2024-12420medium · 6.5Improper Control of Generation of Code ('Code Injection')

WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution

Dec 12, 2024 Patched in 11.53 (1d)
CVE-2024-47349medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPMobile.App <= 11.50 - Reflected Cross-Site Scripting

Sep 30, 2024 Patched in 11.51 (11d)
CVE-2024-43933medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPMobile.App <= 11.48 - Reflected Cross-Site Scripting

Aug 26, 2024 Patched in 11.49 (11d)
CVE-2024-35694medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPMobile.App — Android and iOS Mobile Application <= 11.41 - Reflected Cross-Site Scripting

Jun 6, 2024 Patched in 11.42 (8d)
CVE-2023-28932medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPMobile.App <= 11.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 30, 2023 Patched in 11.21 (299d)
CVE-2023-26010medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 23, 2023 Patched in 11.19 (334d)
CVE-2023-22702medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPMobile.App — Android and iOS Mobile Application <= 11.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

Jan 20, 2023 Patched in 11.14 (368d)
Code Analysis
Analyzed Mar 16, 2026

WPMobile.App Code Analysis

Dangerous Functions
0
Raw SQL Queries
61
176 prepared
Unescaped Output
1067
145 escaped
Nonce Checks
25
Capability Checks
12
File Operations
11
External Requests
16
Bundled Libraries
2

Bundled Libraries

TinyMCESelect2

SQL Query Safety

74% prepared237 total queries

Output Escaping

12% escaped1212 total outputs
Data Flows
46 unsanitized

Data Flow Analysis

25 flows46 with unsanitized paths
_wpappninja_display_newhome_page (inc\admin\ui\home.php:9)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

WPMobile.App Attack Surface

Entry Points36
Unprotected3

AJAX Handlers 3

authwp_ajax_wpmobileapp_rateme_dismiss_noticeinc\common\admin-bar.php:194
authwp_ajax_wpmobile_get_pushinc\functions\sdk2019.php:218
noprivwp_ajax_wpmobile_get_pushinc\functions\sdk2019.php:219

Shortcodes 33

[wpappninja_push_config] inc\api\read_enhanced.php:145
[wpapp_date] inc\functions\shortcodes.php:5
[wpapp_login] inc\functions\shortcodes.php:324
[wpapp_lang_selector] inc\functions\shortcodes.php:522
[wpapp_category] inc\functions\shortcodes.php:568
[wpapp_tags] inc\functions\shortcodes.php:589
[wpapp_ads] inc\functions\shortcodes.php:610
[wpapp_push] inc\functions\shortcodes.php:616
[wpapp_config] inc\functions\shortcodes.php:624
[wpapp_search] inc\functions\shortcodes.php:722
[wpapp_image] inc\functions\shortcodes.php:742
[wpapp_image_small] inc\functions\shortcodes.php:758
[wpapp_author] inc\functions\shortcodes.php:778
[wpapp_comment_number] inc\functions\shortcodes.php:801
[wpapp_title] inc\functions\shortcodes.php:810
[wpapp_title_main] inc\functions\shortcodes.php:829
[wpapp_comment] inc\functions\shortcodes.php:836
[wpapp_excerpt] inc\functions\shortcodes.php:844
[wpapp_similar] inc\functions\shortcodes.php:853
[wpapp_social] inc\functions\shortcodes.php:895
[wpapp_share] inc\functions\shortcodes.php:901
[wpapp_history] inc\functions\shortcodes.php:996
[wpmobile_qrcode_2] inc\functions\shortcodes.php:1102
[wpmobile_qrcode] inc\functions\shortcodes.php:1136
[wpapp_qrcode] inc\functions\shortcodes.php:1192
[wpmobileapp_author] inc\functions\shortcodes.php:1203
[wpmobileapp_date] inc\functions\shortcodes.php:1210
[wpmobileapp_category] inc\functions\shortcodes.php:1217
[wpapp_home_configure] inc\functions\shortcodes.php:1225
[wpapp_home] inc\functions\shortcodes.php:1345
[wpapp_recent] inc\functions\shortcodes.php:1555
[wpapp_welcome] inc\functions\shortcodes.php:1658
[wpmobile_notification_badge] inc\functions\shortcodes.php:1663
WordPress Hooks 136
actionwp_headinc\3rd-party\adsense.php:8
filteramp_is_enabledinc\3rd-party\ampforwp.php:10
actionautomatorwp_initinc\3rd-party\automatorwp\automatorwp.php:15
filterautoptimize_filter_js_excludeinc\3rd-party\autooptimize.php:10
actionwp_headinc\3rd-party\contact7.php:8
actionwp_headinc\3rd-party\elementor.php:8
filterwptouch_exclusion_listinc\3rd-party\mobile.php:16
actioninitinc\3rd-party\mobile.php:23
actioninitinc\3rd-party\peepso.php:5
actionwp_headinc\3rd-party\peepso.php:11
filtersecupress.plugin.bruteforce.edgecaseinc\3rd-party\secupress.php:9
actionwp_headinc\3rd-party\select2.php:8
filterdo_rocket_generate_caching_filesinc\3rd-party\wp-rocket.php:17
actionpre_get_postsinc\3rd-party\wpml.php:31
filterwptouch_should_init_proinc\3rd-party\wptouch.php:4
actionadmin_print_stylesinc\admin\enqueue.php:9
actionadmin_menuinc\admin\menu.php:9
actionadd_meta_boxesinc\admin\metabox.php:32
actionsave_postinc\admin\metabox.php:317
actionadmin_initinc\admin\options.php:9
actioninitinc\admin\sdkupdate.php:10
actionadmin_noticesinc\admin\sdkupdate.php:30
actionadmin_noticesinc\admin\sdkupdate.php:54
actionadmin_initinc\admin\ui\auto.php:2533
filtermce_external_pluginsinc\admin\ui\auto.php:2540
filtermce_buttonsinc\admin\ui\auto.php:2541
actionadmin_initinc\admin\ui\auto.php:2555
filtermce_buttonsinc\admin\ui\options.php:58
filtermce_buttons_2inc\admin\ui\options.php:64
filterwp_link_queryinc\admin\ui\options.php:3722
actionadmin_initinc\admin\upgrader.php:9
actionadmin_noticesinc\admin\upgrader.php:43
actionwpappninja_first_installinc\admin\upgrader.php:90
actionwpappninja_upgradeinc\admin\upgrader.php:173
filterthe_contentinc\api\ads.php:9
filterwp_mailinc\api\push.php:415
actionnew_to_publishinc\api\push.php:476
actiondraft_to_publishinc\api\push.php:477
actionauto-draft_to_publishinc\api\push.php:478
actionprivate_to_publishinc\api\push.php:479
actiontrash_to_publishinc\api\push.php:480
actionpending_to_publishinc\api\push.php:481
actionfuture_to_publishinc\api\push.php:482
actionpublish_postinc\api\push.php:525
actionwoocommerce_order_status_changedinc\api\push.php:564
actionwoocommerce_new_customer_noteinc\api\push.php:603
actionbetter_messages_message_sentinc\api\push.php:625
actionbp_notification_after_saveinc\api\push.php:682
actiongform_pre_send_emailinc\api\push.php:718
actionpeepso_notifications_data_before_addinc\api\push.php:739
actionpeepso_action_add_message_recipient_afterinc\api\push.php:769
actionpeepso_friends_requests_after_addinc\api\push.php:811
actionfluent_community/space/joinedinc\api\push.php:906
actionfluent_community/space/join_requestedinc\api\push.php:931
actionfluent_community/comment_addedinc\api\push.php:956
actionfluent_community/feed_mentionedinc\api\push.php:1009
actionfluent_community/course/enrolledinc\api\push.php:1044
actionfluent_community/course/completedinc\api\push.php:1069
actionfluent_community/course/lesson_completedinc\api\push.php:1094
actionfluent_community/user_level_upgradedinc\api\push.php:1119
actiontemplate_redirectinc\api\read_enhanced.php:11
actionwpinc\api\rewrite.php:9
filtertheme_rootinc\api\theme.php:21
filterstylesheet_directory_uriinc\api\theme.php:22
filtertemplate_directory_uriinc\api\theme.php:23
actionsetup_themeinc\api\theme.php:26
filtertemplateinc\api\theme.php:28
filteroption_templateinc\api\theme.php:29
filterstylesheetinc\api\theme.php:30
filteroption_stylesheetinc\api\theme.php:31
actionafter_setup_themeinc\api\theme.php:41
filterthe_titleinc\api\theme.php:107
filterthe_contentinc\api\theme.php:108
actionadmin_bar_menuinc\common\admin-bar.php:9
actionadmin_print_stylesinc\common\admin-bar.php:139
actionwp_print_stylesinc\common\admin-bar.php:140
actionadmin_noticesinc\common\admin-bar.php:156
actioncomment_postinc\common\cache.php:9
filtercron_schedulesinc\common\cron.php:10
actioninitinc\common\cron.php:20
actionwpappninjacroninc\common\cron.php:41
actioninitinc\common\deeplinking.php:46
actioninitinc\common\deeplinking.php:162
actionwp_headinc\common\enqueue.php:7
actionwp_footerinc\common\enqueue.php:114
filterbody_classinc\common\enqueue.php:177
filterbody_classinc\functions\appify.php:5
filterwp_enqueue_scriptsinc\functions\appify.php:22
actionwidgets_initinc\functions\appify.php:65
actionwp_enqueue_scriptsinc\functions\appify.php:75
filterwp_headinc\functions\appify.php:90
filterwp_headinc\functions\appify.php:201
filterwp_footerinc\functions\appify.php:250
actionwp_enqueue_scriptsinc\functions\appify.php:448
filterwpmobileapp_final_outputinc\functions\appify.php:458
filterpre_get_wpappninja_option_version_appinc\functions\apple_reviewer.php:38
actionsend_headersinc\functions\apple_reviewer.php:56
actionwp_footerinc\functions\banner.php:9
actioninitinc\functions\lang.php:210
filterget_wpappninja_option_wpappninja_main_themeinc\functions\options.php:66
filterget_wpappninja_option_menu_reload_speedinc\functions\options.php:83
filterget_wpappninja_option_pageashomeicon_speedinc\functions\options.php:84
filterwp_titleinc\functions\sdk2019.php:25
actionlogin_forminc\functions\sdk2019.php:63
actionwp_footerinc\functions\sdk2019.php:64
actionadmin_footerinc\functions\sdk2019.php:65
actionwp_footerinc\functions\sdk2019.php:73
actionwp_headinc\functions\sdk2019.php:321
actionwp_headinc\functions\sdk2019.php:389
actionwpinc\functions\sdk2019.php:458
actionwp_headinc\functions\sdk2019.php:533
filterwp_redirectinc\functions\sdk2019.php:1235
actionwp_headinc\functions\seo.php:9
actioninitinc\functions\shortcodes.php:157
actionuser_registerinc\functions\shortcodes.php:183
actioninitinc\functions\shortcodes.php:190
filterauthenticateinc\functions\shortcodes.php:229
filterlogout_redirectinc\functions\shortcodes.php:267
filterlogin_redirectinc\functions\shortcodes.php:268
filterwoocommerce_login_redirectinc\functions\shortcodes.php:318
actionsetup_themeinc\functions\shortcodes.php:475
actioninitinc\functions\shortcodes.php:962
filterwpmobile_push_idinc\functions\shortcodes.php:971
actionwpappninja_admin_footerinc\stats\render.php:240
filterbody_classthemes\wpappninja\functions.php:45
actionwp_enqueue_scriptsthemes\wpappninja\functions.php:52
filterbody_classthemes\wpappninja-full\functions.php:27
filterwp_headthemes\wpappninja-full\functions.php:40
filterwp_enqueue_scriptsthemes\wpappninja-full\functions.php:164
actionwp_enqueue_scriptsthemes\wpappninja-full\functions.php:169
actioninitwpappninja.php:75
actionplugins_loadedwpappninja.php:81
filterwpwpappninja.php:119
filterlocalewpappninja.php:127
filtersanitize_file_namewpappninja.php:136
filterlocalewpappninja.php:234

Scheduled Events 9

wpappninjacron
wpappninjacron
wpappninjacron
wpappninjacron
wpappninjacron
wpappninjacron
wpappninjacronnbinstall
wpappninjacron
wpappninjacron
Maintenance & Trust

WPMobile.App Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version5.6
Downloads551K

Community Trust

Rating96/100
Number of ratings161
Active installs4K
Alternatives

WPMobile.App Alternatives

Mobile Smart App Banner

Mobile Smart App Banner

mobile-smart-app-banner

A
100

Transform your mobile website visitors into app users with intelligent smart app banners that boost downloads across iOS and Android devices.

200 No CVEs
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps

APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps

appexperts

C
54

APPExperts is a freemium mobile app builder that gives you the power to turn your WordPress-powered website into a mobile application for iOS and Andr &hellip;

40 2 unpatched
Knowband Mobile App Builder

Knowband Mobile App Builder

knowband-mobile-app-builder-for-woocommerce

A
99

The Knowband Mobile App Builder converts your online store into a pair of native Android & iOS apps without any coding.

10 1 CVE
miTT PWA FREE WP

miTT PWA FREE WP

mitt-pwa

A
100

miTT PWA FREE WP transforms your WordPress Website into a Progressive Web App (PWA) and makes it offline ready using Service Workers.

0 No CVEs
Swipecart

Swipecart

swipecart

A
100

Launch a world-class mobile app for your brand within minutes, without codes. Ready-to-market feature-rich app for your e-commerce store instantly.

10 No CVEs
Developer Profile

WPMobile.App Developer Profile

Amauri

2 plugins · 14K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
218 days
View full developer profile
Detection Fingerprints

How We Detect WPMobile.App

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpappninja/assets/css/wpappninja.css/wp-content/plugins/wpappninja/assets/js/wpappninja.js/wp-content/plugins/wpappninja/assets/svg/ic_wpappninja.svg
Script Paths
/wp-content/plugins/wpappninja/assets/js/wpappninja.js
Version Parameters
wpappninja/assets/css/wpappninja.css?ver=wpappninja/assets/js/wpappninja.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpappninja-button
Data Attributes
data-wpappninja-id
JS Globals
window.WPAPPNINJA_SETTINGWPAPPNINJA_SETTING
Shortcode Output
[wpappninja_qr_code]
FAQ

Frequently Asked Questions about WPMobile.App