WPReadable Security & Risk Analysis
wordpress.org/plugins/wpreadableWP Readable reinventing the mobile blog experience
Is WPReadable Safe to Use in 2026?
Generally Safe
Score 85/100WPReadable has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wpreadable v1.2 plugin exhibits a generally strong security posture based on the static analysis provided. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the plugin demonstrates good practice by using prepared statements for all SQL queries and avoiding file operations, which are common sources of vulnerabilities. The plugin also has no recorded history of vulnerabilities, which is a positive indicator of its stability and the developer's security awareness.
However, there are notable areas of concern that detract from its overall security. The extremely low percentage of properly escaped output (4%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data rendered to the user interface that is not properly escaped can be exploited by attackers to inject malicious scripts. The lack of nonce checks and capability checks on entry points (though there are no entry points identified, this is a general concern if any were to be added in future versions) leaves open the possibility of CSRF attacks and unauthorized actions if the plugin were to evolve.
In conclusion, while the plugin benefits from a minimal attack surface and secure database interaction, the severe deficiency in output escaping represents a critical risk that needs immediate attention. The absence of vulnerability history is positive, but it should not overshadow the direct evidence of potential XSS flaws identified in the static analysis.
Key Concerns
- Low percentage of properly escaped output
- No nonce checks on entry points
- No capability checks on entry points
WPReadable Security Vulnerabilities
WPReadable Code Analysis
Output Escaping
WPReadable Attack Surface
WordPress Hooks 8
Maintenance & Trust
WPReadable Maintenance & Trust
Maintenance Signals
Community Trust
WPReadable Alternatives
WPMobile Apps
wpmobile-apps
Create a mobile WordPress website experience on your website.
Any Mobile Theme Switcher
any-mobile-theme-switcher
This Plugin detects mobile browser and display the theme as the setting done from admin. Usefull for switch to Mobile Theme.
AMP WP – Google AMP For WP
amp-wp
Automagically add Google AMP functionality to your site. Tons of Premium Features for FREE. Show/Hide Post Types, Categories, and Tags.
WP Mobile X
wp-mobile-x
WP Mobile X - Mobile theme for WordPress
WP-Mobilizer
wp-mobilizer
WP-Mobilizer detects over 5,000 mobile devices and displays. You choose the theme you want for devices. Usefull for switch to Mobile Theme.
WPReadable Developer Profile
4 plugins · 1K total installs
How We Detect WPReadable
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wpreadable/css/bootstrap.min.css/wp-content/plugins/wpreadable/css/style.css/wp-content/plugins/wpreadable/js/bootstrap.min.js/wp-content/plugins/wpreadable/js/jquery.bxslider.min.js/wp-content/plugins/wpreadable/js/main.js/wp-content/plugins/wpreadable/js/bootstrap.min.js/wp-content/plugins/wpreadable/js/jquery.bxslider.min.js/wp-content/plugins/wpreadable/js/main.jswpreadable/css/bootstrap.min.css?ver=wpreadable/css/style.css?ver=wpreadable/js/bootstrap.min.js?ver=wpreadable/js/jquery.bxslider.min.js?ver=wpreadable/js/main.js?ver=HTML / DOM Fingerprints
wpr-homewpr-singlewpr-searchwpr-main-content<!-- WPReadable Header --><!-- WPReadable Footer --><!-- WPReadable Slider --><!-- WPReadable Post -->data-wpr-post-iddata-wpr-category-idwindow.wpr_bx_slider_settingsvar wpr_home_posts_countvar wpr_post_idvar wpr_category_id[wpr_slider]