WP-Safety

Author WIP Progress Bar Security & Risk Analysis

wordpress.org/plugins/author-work-in-progress-bar

Tested up to 6.7.1 The WIP Progress Bar plugin allows writers and authors to display beautiful progress bars on their WordPress websites via a Widget …

400 active installs v1.0 PHP + WP 4.2.5+ Updated Nov 27, 2024
authornovelistprogress-barprogress-meterwriter
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVEApr 16, 2025
Plugin page Download
Safety Verdict

Is Author WIP Progress Bar Safe to Use in 2026?

Mostly Safe

Score 70/100

Author WIP Progress Bar is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 16, 2025Updated 1yr ago
Risk Assessment

The "author-work-in-progress-bar" plugin v1.0 presents a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively. Furthermore, it avoids external HTTP requests and file operations, which are common vectors for security exploits. However, several concerning aspects were identified in the static analysis.

A significant concern is the high percentage of improperly escaped output (39%). This indicates a strong possibility of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website. While the taint analysis shows only one flow with unsanitized paths and no critical or high severity issues, the unescaped output is a direct indicator of potential XSS risks.

The vulnerability history is a major red flag. The plugin has a known medium severity Cross-Site Scripting (XSS) vulnerability from April 2025, which is currently unpatched. This indicates a lack of ongoing security maintenance and a failure to address known issues promptly. The presence of a past XSS vulnerability, combined with the high percentage of unescaped output in the current version, strongly suggests that XSS remains a significant threat for this plugin.

Key Concerns

  • Unpatched CVE (Medium severity XSS)
  • High percentage of unescaped output
  • Flow with unsanitized path in taint analysis
  • No nonce checks
  • No capability checks
Vulnerabilities
1

Author WIP Progress Bar Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-39516medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Author WIP Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Author WIP Progress Bar Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
73
115 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

61% escaped188 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<generate_shortcode> (generate_shortcode.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Author WIP Progress Bar Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[progressbar] index.php:65
WordPress Hooks 5
actionadmin_menuindex.php:34
actionadmin_enqueue_scriptsindex.php:62
actionwp_headindex.php:66
actionadmin_enqueue_scriptsprogress_widget.php:17
actionwidgets_initprogress_widget.php:340
Maintenance & Trust

Author WIP Progress Bar Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedNov 27, 2024
PHP min version
Downloads10K

Community Trust

Rating88/100
Number of ratings7
Active installs400
Alternatives

Author WIP Progress Bar Alternatives

Author Website Templates – Create Writer, Author & Publisher Websites Easily

Author Website Templates – Create Writer, Author & Publisher Websites Easily

author-website-templates

A
100

Effortlessly design stunning websites for authors, writers, publishers, and bloggers with Elementor using Author Website Templates.

500 No CVEs
Mooberry Book Manager

Mooberry Book Manager

mooberry-book-manager

A
91

Sell books via Amazon and other retailers directly from your author website with this easy-to-use system. Creates book pages, widgets, and book grids.

1K 1 CVE
About Author

About Author

about-author

A
99

Display Blog Authors Information In Style you can publish blog users profile into any Page or Post in your WordPress sites.

200 2 CVEs
Sunray Author Manager

Sunray Author Manager

sunray-author-manager

A
92

A versatile plugin for writers to highlight their work, with a carousel slider and bibliography.

10 No CVEs
WP Author Report Free

WP Author Report Free

wp-author-report-free

A
100

"WP Author Report" is the only productivity plugin for WordPress which will generate detail report how authors are working.

10 No CVEs
Developer Profile

Author WIP Progress Bar Developer Profile

Alan Petersen

1 plugin · 400 total installs

73
trust score
Avg Security Score
70/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Author WIP Progress Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/author-work-in-progress-bar/css/admin.css/wp-content/plugins/author-work-in-progress-bar/css/front.css
Version Parameters
author-work-in-progress-bar/css/admin.css?ver=author-work-in-progress-bar/css/front.css?ver=

HTML / DOM Fingerprints

CSS Classes
wip-progress-shortcodemeternostripesextra-font-colorwidget-titlepogress-bar-mediaprogress-bar-classwip-title+5 more
Data Attributes
iddata-origWidth
JS Globals
jQuery
Shortcode Output
<div class="wip-progress-shortcode" id="widget_<h2 class="widget-title extra-font-color"><div class="pogress-bar-media progress-bar-class"><img src="<div class="wip-title progress-bar-class extra-font-color">
FAQ

Frequently Asked Questions about Author WIP Progress Bar