Does ProgPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ProgPress compatible with WordPress 4.6.30?

According to WordPress.org data, ProgPress 1.2.2 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is ProgPress updated?

ProgPress was last updated on Nov 3, 2016. Frequent updates are generally a positive security signal.

What is ProgPress's security score?

ProgPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ProgPress Security & Risk Analysis

wordpress.org/plugins/progpress

Easily insert progress meters into your content and/or sidebars.

10 active installs v1.2.2 PHP + WP 2.2+ Updated Nov 3, 2016

bargraphmeterprogresswordcount

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ProgPress Safe to Use in 2026?

Generally Safe

Score 85/100

ProgPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "progpress" v1.2.1 plugin exhibits a generally strong security posture based on the provided static analysis. It has no recorded vulnerabilities (CVEs) and demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no file operations or external HTTP requests. The small attack surface, with only one shortcode and no unprotected AJAX handlers or REST API routes, is also a positive sign. However, there are areas for improvement that introduce some risk. Specifically, the plugin has zero nonce checks and zero capability checks, meaning that potentially sensitive actions initiated by the shortcode could be performed by unauthenticated or unauthorized users. Additionally, only 50% of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if the unescaped output is user-controllable.

Key Concerns

No nonce checks implemented
No capability checks implemented
Half of outputs not properly escaped

Vulnerabilities

None known

ProgPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ProgPress Release Timeline

v1.2.2Current

v1.2.1

v1.2

v1.1

v1.0

v0.8.6

v0.8.5

v0.8.1

v0.8

v0.1

Code Analysis

Analyzed Apr 16, 2026

ProgPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped4 total outputs

Attack Surface

ProgPress Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[progpress] wp-progpress.php:430

WordPress Hooks 12

filterjcp_progpress_shortcode_attsphp/class.JCP_ProgPress_NaNoWriMo.php:243

actioninitprogpress.nanowrimo.php:46

filterjcp_progpress_shortcode_attswp-progpress.php:431

filterthe_contentwp-progpress.php:436

filterwidget_textwp-progpress.php:440

actionwp_print_styleswp-progpress.php:445

filterwidget_textwp-progpress.php:452

filterwidget_textwp-progpress.php:453

filterplugin_row_metawp-progpress.php:488

actionadmin_initwp-progpress.php:494

actionadmin_menuwp-progpress.php:495

actioninitwp-progpress.php:496

Maintenance & Trust

ProgPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedNov 3, 2016

PHP min version

Downloads64K

Community Trust

Rating90/100

Number of ratings2

Active installs10

Alternatives

ProgPress Alternatives

Ultimeter

ultimeter

Ultimeter - the Ultimate Progress and Goals Meter

1K 1 CVE

Author WIP Progress Bar

author-work-in-progress-bar

Tested up to 6.7.1 The WIP Progress Bar plugin allows writers and authors to display beautiful progress bars on their WordPress websites via a Widget …

400 1 unpatched

Dave’s Whizmatronic Widgulating Calibrational Scribometer

daves-whizmatronic-widgulating-calibrational-scribometer

The Scribometer allows writers to track and display their writing progress in their sidebar.

20 No CVEs

Pretty Simple Progress meter

pretty-simple-progress-meter

Pretty Simply Progress meter is a clean and fun way to share your tracked progress on everything!

10 No CVEs

WC Weight Meter

wc-weight-meter

A WooCommerce weight meter plugin that allows customers to view the total weight of their cart in real-time with a customizable progress bar.

0 No CVEs

Developer Profile

ProgPress Developer Profile

Jason Penney

2 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ProgPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/progpress/styles/progpress_default.css/wp-content/plugins/progpress/js/admin.js

Script Paths

/wp-content/plugins/progpress/js/admin.js

Version Parameters

progpress/styles/progpress_default.css?ver=progpress/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

jcp_ppjcp_pp_titlejcp_pp_meterjcp_pp_progjcp_pp_newjcp_pp_countjcp_pp_currentjcp_pp_separator+3 more

HTML Comments

Data Attributes

title="

Shortcode Output

[progpress nanowrimo=[progpress title=

FAQ