Hyper PWA Security & Risk Analysis
wordpress.org/plugins/hyper-pwaProvide Manifest and Service Worker, convert WordPress into Progressive Web Apps (PWA).
Is Hyper PWA Safe to Use in 2026?
Generally Safe
Score 92/100Hyper PWA has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The hyper-pwa plugin version 4.3.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any recorded CVEs and the clean taint analysis results are particularly encouraging, indicating a lack of known exploitable vulnerabilities. Furthermore, the code employs good practices like using prepared statements for SQL queries and a high percentage of properly escaped output, which are crucial for preventing common web attacks.
However, there are a few areas that warrant attention. The complete lack of nonce checks on AJAX handlers is a significant concern, as it creates an opening for potential Cross-Site Request Forgery (CSRF) attacks if any AJAX functionality is present but not explicitly detailed in this report. While capability checks are present, the absence of nonce checks on the interface for these checks could still be problematic. The presence of external HTTP requests, though only one, could also be a vector for supply chain attacks or data leakage if not properly validated or sanitized.
In conclusion, hyper-pwa appears to be a relatively secure plugin, with strengths in its SQL handling and output sanitization, and no known historical vulnerabilities. The primary concern lies in the potential for CSRF due to the missing nonce checks on AJAX handlers. Addressing this specific gap would further solidify its security.
Key Concerns
- Missing nonce checks on AJAX handlers
- External HTTP requests present
Hyper PWA Security Vulnerabilities
Hyper PWA Code Analysis
SQL Query Safety
Output Escaping
Hyper PWA Attack Surface
WordPress Hooks 11
Maintenance & Trust
Hyper PWA Maintenance & Trust
Maintenance Signals
Community Trust
Hyper PWA Alternatives
PWA for WP – Progressive Web Apps Made Simple
pwa-for-wp
PWA plugin is bringing the power of the Progressive Web Apps to the WP & AMP to take the user experience to the next level.
Super Progressive Web Apps
super-progressive-web-apps
SuperPWA helps you convert your WordPress website into a Progressive Web App instantly.
PWA
pwa
WordPress feature plugin to bring Progressive Web App (PWA) capabilities to Core
PWA — easy way to Progressive Web App
iworks-pwa
Your easy way to Progressive Web Application.
Add to Home Screen & Progressive Web App
add-to-home-screen-wp
Turn your WordPress site into a Web App (PWA) with a stylish 'Add to Home Screen' prompt for iOS & Android. Boost engagement without native app costs!
Hyper PWA Developer Profile
3 plugins · 310 total installs
How We Detect Hyper PWA
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/hyper-pwa/css/a2hs.css/wp-content/plugins/hyper-pwa/js/media-uploader.js/wp-content/plugins/hyper-pwa/register.js/wp-content/plugins/hyper-pwa/a2hs.js/wp-content/plugins/hyper-pwa/unregister.jshyper-pwa/style.css?ver=hyper-pwa/script.js?ver=hyper-pwa/register.js?ver=hyper-pwa/a2hs.js?ver=hyper-pwa/unregister.js?ver=hyper-pwa/media-uploader.js?ver=HTML / DOM Fingerprints
hyper-pwa-hiddenhyper-pwa-notification-barhyper-pwa-iconhyper-pwa-install-buttonhyper-pwa-close-buttonhyper-pwa-popup-windowhyper-pwa-popup-texthyper-pwa-popup-text-ios-safari+3 morehyper-pwa-page-typewindow.HYPER_PWA_REGISTER_JS_PATTERNwindow.HYPER_PWA_SERVICE_WORKER_JS_PATTERNwindow.HYPER_PWA_MANIFEST_JSON_PATTERNwindow.HYPER_PWA_OFFLINE_HTML_PATTERNwindow.HYPER_PWA_UNREGISTER_JS_PATTERNwindow.HYPER_PWA_A2HS_JS_PATTERN+6 more