I purchased smf4mobile in 2014 and have used it ever since for my forum. However, today I had to uninstall it after learning that the redirect from the standard to the mobile site (or vice versa) could be exploited to redirect to any other website, and was used by spammers in e-mails to mask the real goal they were redirecting their victims to.
Though my domain was used without my knowledge, and the spam not sent through my server but through a hacked server in Vietnam, my host threatened to shut down my server if I didn't take measures to prevent further missuse of my domain. A friend who's an IT security specialist pinpointed the smf4mobile script as the culprit, and after uninstalling, the openredirect was indeed no longer possible.
My forum, however, needs a mobile skin, and in the six year since first purchasing the script, there have been several updates to it. If I purchase it now, is the openredirect still in it, or has the redirect between standard and mobile since been solved in another way?
Thanks for the info!