WP-Safety

Progressive Web Apps Security & Risk Analysis

wordpress.org/plugins/progressive-web-apps

Use a Progressive Web App implemented with React JS to enhance the experience of your mobile users.

10 active installs v1.0.1 PHP 5.4+ WP 4.8+ Updated Jan 31, 2020
mobilemobile-internetmobile-webprogressive-web-appspwa
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Progressive Web Apps Safe to Use in 2026?

Generally Safe

Score 85/100

Progressive Web Apps has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "progressive-web-apps" v1.0.1 plugin exhibits significant security concerns primarily due to its exposed attack surface. A large proportion of its entry points, specifically all AJAX handlers and REST API routes, lack proper authentication and authorization checks. This means that any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure.

While the plugin demonstrates good practices in handling SQL queries with prepared statements and does not appear to have any recorded vulnerabilities or critical taint flows, the lack of security checks on its AJAX and REST API routes is a major weakness. The significant percentage of improperly escaped output also presents a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully within these exposed endpoints.

Overall, the plugin's security posture is weak due to the unauthenticated entry points, despite the absence of known historical vulnerabilities. The code signals suggest potential for XSS due to poor output escaping. The lack of any recorded vulnerabilities might indicate a small user base or limited security scrutiny thus far. The plugin's strengths lie in its SQL handling, but these are overshadowed by the critical concerns regarding its exposed and unprotected endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Significant percentage of unescaped output
  • No nonce checks on AJAX handlers
Vulnerabilities
None known

Progressive Web Apps Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Progressive Web Apps Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
60
18 escaped
Nonce Checks
0
Capability Checks
9
File Operations
21
External Requests
1
Bundled Libraries
0

Output Escaping

23% escaped78 total outputs
Attack Surface
7 unprotected

Progressive Web Apps Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 4

authwp_ajax_pwapp_editimagesprogressive-web-apps.php:59
authwp_ajax_pwapp_theme_settingsprogressive-web-apps.php:60
authwp_ajax_pwapp_send_feedbackprogressive-web-apps.php:61
authwp_ajax_pwapp_settings_saveprogressive-web-apps.php:62

REST API Routes 3

GET/wp-json/pwapp/manifestinc\class-api.php:21
GET/wp-json/pwapp/categoriesinc\class-api.php:28
GET/wp-json/pwapp/languageinc\class-api.php:49
WordPress Hooks 14
actionadmin_enqueue_scriptsadmin\class-admin-init.php:54
actionadmin_menuadmin\class-admin-init.php:57
actionadmin_noticescore\class-pwapp.php:84
actionwp_headfrontend\class-application.php:87
actionwp_footerfrontend\class-application.php:90
actionwp_headfrontend\class-application.php:96
filterstylesheetfrontend\class-application.php:164
filtertemplatefrontend\class-application.php:165
filtertheme_rootfrontend\class-application.php:167
filtertheme_root_urifrontend\class-application.php:168
actionadmin_noticesinc\class-uploads.php:54
actionrest_api_initprogressive-web-apps.php:43
actionplugins_loadedprogressive-web-apps.php:65
actionplugins_loadedprogressive-web-apps.php:68
Maintenance & Trust

Progressive Web Apps Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedJan 31, 2020
PHP min version5.4
Downloads15K

Community Trust

Rating90/100
Number of ratings4
Active installs10
Alternatives

Progressive Web Apps Alternatives

PWA for WordPress

PWA for WordPress

pwa4wp

A
85

PWA for WordPress makes your WordPress site to PWA (Progressive Web App) and makes control of PWA data caches easy.

300 No CVEs
Web Manifest

Web Manifest

web-manifest

A
85

Allows to create and configure a web-app manifest file (manifest.json).

100 No CVEs
BAAP Mobile Version

BAAP Mobile Version

baap-mobile-version

A
85

The BAAP Mobile Version is a complete toolkit to help mobilize your WordPress site. It has a mobile switcher, themes, widgets, and mobile admin panel.

40 No CVEs
Super Progressive Web Apps

Super Progressive Web Apps

super-progressive-web-apps

A
99

SuperPWA helps you convert your WordPress website into a Progressive Web App instantly.

50K 2 CVEs
PWA

PWA

pwa

A
100

WordPress feature plugin to bring Progressive Web App (PWA) capabilities to Core

20K No CVEs
Developer Profile

Progressive Web Apps Developer Profile

Rock Solid

7 plugins · 17K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
223 days
View full developer profile
Detection Fingerprints

How We Detect Progressive Web Apps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/progressive-web-apps/admin/css/fonts.css/wp-content/plugins/progressive-web-apps/admin/css/general.css/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/Lib/jquery.validate.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/Lib/validate-additional-methods.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/Loader.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/AjaxUpload.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/JSInterface.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Modules/Feedback/PWAPP_SEND_FEEDBACK.min.js+10 more
Script Paths
/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/Lib/jquery.validate.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/Lib/validate-additional-methods.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/Loader.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/AjaxUpload.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Interface/JSInterface.min.js/wp-content/plugins/progressive-web-apps/admin/js/UI.Modules/Feedback/PWAPP_SEND_FEEDBACK.min.js+4 more
Version Parameters
progressive-web-apps/admin/css/fonts.css?ver=progressive-web-apps/admin/css/general.css?ver=progressive-web-apps/admin/css/jquery.selectBoxIt.css?ver=progressive-web-apps/frontend/fonts/font-1.css?ver=progressive-web-apps/frontend/fonts/font-2.css?ver=progressive-web-apps/frontend/fonts/font-3.css?ver=progressive-web-apps/frontend/fonts/font-4.css?ver=progressive-web-apps/frontend/fonts/font-5.css?ver=progressive-web-apps/admin/js/UI.Interface/Lib/jquery.validate.min.js?ver=1.11.1progressive-web-apps/admin/js/UI.Interface/Lib/validate-additional-methods.min.js?ver=1.11.1progressive-web-apps/admin/js/UI.Interface/Loader.min.js?ver=progressive-web-apps/admin/js/UI.Interface/AjaxUpload.min.js?ver=progressive-web-apps/admin/js/UI.Interface/JSInterface.min.js?ver=progressive-web-apps/admin/js/UI.Modules/Feedback/PWAPP_SEND_FEEDBACK.min.js?ver=progressive-web-apps/admin/js/UI.Interface/Lib/jquery.selectBoxIt.min.js?ver=3.8.1progressive-web-apps/admin/js/UI.Modules/Theming/PWAPP_EDIT_THEME.min.js?ver=progressive-web-apps/admin/js/UI.Modules/Theming/PWAPP_EDIT_IMAGES.min.js?ver=progressive-web-apps/admin/js/UI.Modules/Theming/PWAPP_SERVICE_WORKER.min.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Uncomment the line below to enable comments -->
JS Globals
PWAPP_PLUGIN_NAMEPWAPP_DOMAINPWAPP_VERSION
REST Endpoints
/wp-json/pwapp
FAQ

Frequently Asked Questions about Progressive Web Apps