WP-Safety

Reading Position Indicator Security & Risk Analysis

wordpress.org/plugins/reading-position-indicator

Add reading position indicator on page top.

900 active installs v1.2.1 PHP 8.0+ WP 6.0+ Updated Oct 14, 2025
animationindicatorprogress-barreading-timetime
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Reading Position Indicator Safe to Use in 2026?

Generally Safe

Score 100/100

Reading Position Indicator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The 'reading-position-indicator' plugin v1.2.1 demonstrates a generally strong security posture based on the provided static analysis. The absence of any known CVEs and a history free of recorded vulnerabilities is a significant positive indicator. Furthermore, the code analysis reveals excellent practices such as 100% use of prepared statements for SQL queries, a high percentage of properly escaped output, and the presence of nonce and capability checks on its single AJAX entry point. The limited attack surface, with only one AJAX handler and no REST API routes, shortcodes, or cron events, further reduces potential exposure. The taint analysis also shows no critical or high severity flows with unsanitized paths, indicating no immediate data processing vulnerabilities were detected.

While the plugin exhibits strong security practices, a minor area for consideration is the bundled Select2 library. Although not explicitly flagged as outdated or vulnerable in this analysis, bundled libraries can sometimes become a vector for vulnerabilities if not regularly maintained and updated. However, given the otherwise robust security measures and clean vulnerability history, the overall risk associated with this plugin is very low. The developer appears to have a good understanding of WordPress security best practices.

Vulnerabilities
None known

Reading Position Indicator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Reading Position Indicator Release Timeline

v1.2.1Current
v1.2.0
v1.1.2
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
Code Analysis
Analyzed Mar 16, 2026

Reading Position Indicator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
284 escaped
Nonce Checks
3
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

96% escaped296 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
update_taxonomy_options (includes\iworks\options\options.php:1484)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Reading Position Indicator Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_iworks_rate_buttonincludes\iworks\rate\rate.php:113
WordPress Hooks 24
actionadmin_initincludes\iworks\class-iworks-position.php:62
actioninitincludes\iworks\class-iworks-position.php:63
actioninitincludes\iworks\class-iworks-position.php:64
actioniworks_rate_cssincludes\iworks\class-iworks-position.php:65
actionwp_enqueue_scriptsincludes\iworks\class-iworks-position.php:66
actionwp_headincludes\iworks\class-iworks-position.php:67
actionwp_headincludes\iworks\class-iworks-position.php:68
filterthe_contentincludes\iworks\class-iworks-position.php:69
filteriworks_rate_notice_logo_styleincludes\iworks\class-iworks-position.php:73
actionadmin_enqueue_scriptsincludes\iworks\options\options.php:87
actionadmin_headincludes\iworks\options\options.php:88
actionadmin_menuincludes\iworks\options\options.php:89
actionadmin_noticesincludes\iworks\options\options.php:90
filterscreen_layout_columnsincludes\iworks\options\options.php:91
actionload-index.phpincludes\iworks\rate\rate.php:111
actioniworks-register-pluginincludes\iworks\rate\rate.php:112
actionadmin_initincludes\iworks\rate\rate.php:114
filteriworks_rate_assistanceincludes\iworks\rate\rate.php:118
filteriworks_rate_loveincludes\iworks\rate\rate.php:119
filteriworks_rate_advertising_ogincludes\iworks\rate\rate.php:125
actionadmin_enqueue_scriptsincludes\iworks\rate\rate.php:190
actionadmin_noticesincludes\iworks\rate\rate.php:191
actionadmin_enqueue_scriptsincludes\iworks\rate\rate.php:200
actionadmin_noticesincludes\iworks\rate\rate.php:201
Maintenance & Trust

Reading Position Indicator Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 14, 2025
PHP min version8.0
Downloads25K

Community Trust

Rating100/100
Number of ratings66
Active installs900
Alternatives

Reading Position Indicator Alternatives

Easy Reading Progress Bar

Easy Reading Progress Bar

wp-easy-reading-progress-bar

A
100

A simple, lightweight, and highly compatible reading progress bar for your WordPress posts.

0 No CVEs
Article Read Time Lite – WordPress plugin for displaying total reading time and progress bar

Article Read Time Lite – WordPress plugin for displaying total reading time and progress bar

article-read-time-lite

A
100

Calculate and display total reading time| Calculate and display Characters and Words | Progress Bar

20 No CVEs
Reading Progress Bar

Reading Progress Bar

blog-reading-progress-bar

A
100

A modern WordPress plugin that adds a customizable reading progress bar to your blog posts with advanced styling options.

0 No CVEs
ReadJoy – Progress Bar with Celebrations

ReadJoy – Progress Bar with Celebrations

farjana-reading-progress-bar

A
100

Make reading joyful! Show progress bar, reading time, and celebrate your readers with confetti, mood detection & heartfelt messages. 🎉

0 No CVEs
MP Smart Content Timekeeper

MP Smart Content Timekeeper

mp-smart-content-timekeeper

A
100

Enhance user engagement with smart reading time estimates and interactive progress tracking.

0 No CVEs
Developer Profile

Reading Position Indicator Developer Profile

Marcin Pietrzak

23 plugins · 89K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
274 days
View full developer profile
Detection Fingerprints

How We Detect Reading Position Indicator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/reading-position-indicator/assets/css/reading-position-indicator.css/wp-content/plugins/reading-position-indicator/assets/js/reading-position-indicator.js
Script Paths
/wp-content/plugins/reading-position-indicator/assets/js/reading-position-indicator.js
Version Parameters
reading-position-indicator/assets/css/reading-position-indicator.css?ver=reading-position-indicator/assets/js/reading-position-indicator.js?ver=

HTML / DOM Fingerprints

CSS Classes
progress-bar
Data Attributes
role="progressbar"
JS Globals
window.iworks_reading_position_indicator_options
FAQ

Frequently Asked Questions about Reading Position Indicator