WP-Safety

WPMobile Apps Security & Risk Analysis

wordpress.org/plugins/wpmobile-apps

Create a mobile WordPress website experience on your website.

10 active installs v1.0.2 PHP + WP 3.4+ Updated Unknown
androidiphonemobilemobile-pluginmobile-theme
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPMobile Apps Safe to Use in 2026?

Generally Safe

Score 100/100

WPMobile Apps has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wpmobile-apps" plugin v1.0.2 presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and has a clean vulnerability history with no known CVEs. This suggests a degree of developer diligence in addressing known security issues.

However, there are significant concerns arising from the static analysis. The presence of two AJAX handlers without authentication checks creates a direct attack vector for unauthorized actions. Furthermore, the static analysis reveals a concerning trend in output sanitization, with only 3% of outputs being properly escaped. This significantly increases the risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the 8 identified taint flows with unsanitized paths. While these taint flows are not flagged as critical or high severity, the sheer number and lack of sanitization are worrying.

The plugin also utilizes a potentially outdated bundled library, Select2, which could harbor its own unpatched vulnerabilities if not kept up-to-date. The use of the `create_function` is a deprecated and insecure practice that should be avoided. Despite the lack of known CVEs, the identified code signals and taint analysis warrant careful attention and remediation to improve the plugin's overall security.

Key Concerns

  • AJAX handlers without authentication checks
  • Low percentage of properly escaped output
  • Taint flows with unsanitized paths (8 total)
  • Use of deprecated and insecure function 'create_function'
  • Bundled library (Select2) potential for unpatched vulns
Vulnerabilities
None known

WPMobile Apps Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPMobile Apps Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
332
9 escaped
Nonce Checks
3
Capability Checks
11
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

create_functionadd_filter('wp_mail_content_type',create_function('', 'return "text/html"; '));apps\contact-us\send-email.php:20

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

3% escaped341 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
acera_ajax_image_upload (themes\mobilissimo\acera-options\ajax-image.php:7)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WPMobile Apps Attack Surface

Entry Points22
Unprotected2

AJAX Handlers 2

authwp_ajax_acera_ajax_uploadthemes\mobilissimo\acera-options\ajax-image.php:5
authwp_ajax_acera_ajax_removethemes\mobilissimo\acera-options\ajax-image.php:29

Shortcodes 20

[pricing_table] themes\mobilissimo\shortcodes.php:63
[pt_price] themes\mobilissimo\shortcodes.php:64
[pt_item] themes\mobilissimo\shortcodes.php:65
[pt_description] themes\mobilissimo\shortcodes.php:66
[pt_title] themes\mobilissimo\shortcodes.php:67
[pt_button] themes\mobilissimo\shortcodes.php:68
[highlight] themes\mobilissimo\shortcodes.php:99
[marktext] themes\mobilissimo\shortcodes.php:130
[subheader] themes\mobilissimo\shortcodes.php:149
[list_nobullet] themes\mobilissimo\shortcodes.php:168
[table] themes\mobilissimo\shortcodes.php:194
[widget] themes\mobilissimo\shortcodes.php:220
[icon] themes\mobilissimo\shortcodes.php:246
[alert] themes\mobilissimo\shortcodes.php:281
[progress] themes\mobilissimo\shortcodes.php:330
[button] themes\mobilissimo\shortcodes.php:385
[panel] themes\mobilissimo\shortcodes.php:417
[vimeo] themes\mobilissimo\shortcodes.php:490
[soundcloud] themes\mobilissimo\shortcodes.php:576
[youtube] themes\mobilissimo\shortcodes.php:662
WordPress Hooks 21
filterwp_mail_content_typeapps\contact-us\send-email.php:20
actionwp_footercore\class-wpmob-app.php:26
actionwp_enqueue_scriptscore\class-wpmob-app.php:27
actionadmin_headcore\class-wpmob-app.php:29
actionadmin_noticescore\class-wpmob-theme-switch-manager.php:69
actionadmin_menucore\class-wpmob.php:24
actionadmin_noticescore\class-wpmob.php:34
actionadmin_headcore\theme\class-wpmob-mobilissimo.php:10
actionadmin_menuthemes\mobilissimo\acera-options\generate-options.php:14
actionadmin_headthemes\mobilissimo\acera-options\options-init.php:11
actionwp_enqueue_scriptsthemes\mobilissimo\functions\actions.php:95
actionafter_setup_themethemes\mobilissimo\functions\actions.php:155
actioninitthemes\mobilissimo\functions\actions.php:174
actionbody_classthemes\mobilissimo\functions\actions.php:205
filterwp_prepare_themes_for_jswpmob.php:47
filtertemplatewpmob.php:58
filterstylesheetwpmob.php:60
actionload-wpmobile-apps_page_wpmobile-redirwpmob.php:63
actionplugins_loadedwpmob.php:74
filterplugin_action_linkswpmob.php:76
actionwpwpmob.php:78
Maintenance & Trust

WPMobile Apps Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedUnknown
PHP min version
Downloads5K

Community Trust

Rating80/100
Number of ratings1
Active installs10
Alternatives

WPMobile Apps Alternatives

WPapptouch

WPapptouch

wpapptouch

A
85

WPapptouch is a WordPress plugin & theme to transform your WordPress website to a Native like application for mobile.

50 No CVEs
WPtouch – Make your WordPress Website Mobile-Friendly

WPtouch – Make your WordPress Website Mobile-Friendly

wptouch

A
86

With just a few clicks, make your WordPress website mobile-friendly (iPhone, Android, and more). Recommended by Google, it will instantly enable a mob …

50K 10 CVEs
AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

appmysite

B
77

Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.

8K 1 unpatched
AppPresser – Mobile App Framework

AppPresser – Mobile App Framework

apppresser

B
82

Connect your WordPress site to a native mobile app.

1K 9 CVEs
MOBILOOK — Mobile View & Mobile‑Friendly Test

MOBILOOK — Mobile View & Mobile‑Friendly Test

mobilook

A
100

Instant mobile view of website (pages, posts, products) for responsive web design on phone (+ dualscreen). This plugin also offers helpful tools on ea …

1K No CVEs
Developer Profile

WPMobile Apps Developer Profile

MarceloMuriel

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPMobile Apps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpmobile-apps/apps/call-us/app.js/wp-content/plugins/wpmobile-apps/apps/call-us/app.css/wp-content/plugins/wpmobile-apps/apps/contact-us/app.js/wp-content/plugins/wpmobile-apps/apps/contact-us/app.css/wp-content/plugins/wpmobile-apps/themes/mobilissimo/css/style.css
Script Paths
/wp-content/plugins/wpmobile-apps/apps/call-us/app.js/wp-content/plugins/wpmobile-apps/apps/contact-us/app.js
Version Parameters
wpmobile-apps/apps/call-us/app.js?ver=wpmobile-apps/apps/call-us/app.css?ver=wpmobile-apps/apps/contact-us/app.js?ver=wpmobile-apps/apps/contact-us/app.css?ver=wpmobile-apps/themes/mobilissimo/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpmob-call-uswpmob-contact-us
Data Attributes
wpmob_app_call_us_orderwpmob_app_call_us_labelwpmob_app_call_us_text_iconwpmob_app_call_us_phonewpmob_app_contact_us_orderwpmob_app_contact_us_label+2 more
FAQ

Frequently Asked Questions about WPMobile Apps