Does Super Progressive Web Apps have any unpatched vulnerabilities?

No. All known vulnerabilities in Super Progressive Web Apps have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Super Progressive Web Apps compatible with WordPress 6.9.4?

According to WordPress.org data, Super Progressive Web Apps 2.2.42 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Super Progressive Web Apps compatible with PHP 5.3+?

Super Progressive Web Apps requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Super Progressive Web Apps updated?

Super Progressive Web Apps was last updated on Feb 9, 2026. Frequent updates are generally a positive security signal.

What is Super Progressive Web Apps's security score?

Super Progressive Web Apps has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Super Progressive Web Apps Security & Risk Analysis

wordpress.org/plugins/super-progressive-web-apps

SuperPWA helps you convert your WordPress website into a Progressive Web App instantly.

50K active installs v2.2.42 PHP 5.3+ WP 3.6.0+ Updated Feb 9, 2026

add-to-homescreenandroid-appchrome-appprogressive-web-appspwa

A · Safe

CVEs total2

Unpatched0

Last CVENov 22, 2023

Plugin page Download

Safety Verdict

Is Super Progressive Web Apps Safe to Use in 2026?

Generally Safe

Score 99/100

Super Progressive Web Apps has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 22, 2023Updated 1mo ago

Risk Assessment

The Super Progressive Web Apps plugin (v2.2.42) exhibits a generally good security posture with strong adherence to core WordPress security practices. Notably, all identified AJAX entry points are protected by authentication checks, and there are no insecure REST API routes, shortcodes, or cron events. The absence of dangerous functions and the exclusive use of prepared statements for SQL queries are excellent signs. File operations are also not present, reducing the attack surface in that regard. Furthermore, the plugin demonstrates a strong commitment to nonces and capability checks, with a high percentage of outputs being properly escaped.

However, there are areas for improvement. The presence of external HTTP requests, while not inherently malicious, warrants careful review to ensure they are not exploited for cross-site scripting or other injection attacks. The vulnerability history, though currently showing no unpatched CVEs, reveals two past medium-severity vulnerabilities, both attributed to Missing Authorization. This pattern suggests a recurring weakness in authorization checks, which, if not thoroughly addressed in the current codebase, could become a future concern. The bundling of Select2, while common, is another area to monitor for potential outdated versions carrying known vulnerabilities.

In conclusion, the plugin has a solid foundation in secure coding practices, especially concerning SQL and input validation on its direct entry points. The historical pattern of missing authorization vulnerabilities, however, is a red flag that requires continued vigilance. The presence of external HTTP requests and the bundled library also represent minor areas of potential risk that should be monitored.

Key Concerns

Past medium severity vulnerabilities (Missing Authorization)
External HTTP requests detected
Bundled library (Select2) may need version check

Vulnerabilities

Super Progressive Web Apps Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-48277medium · 5.3Missing Authorization

Super Progressive Web Apps <= 2.2.21 - Missing Authorization

Nov 22, 2023 Patched in 2.2.22 (62d)

WF-7255319c-8175-4885-8f94-3f46f9e577a6-super-progressive-web-appsmedium · 4.3Missing Authorization

Super Progressive Web Apps <= 2.2.8 - Missing Authorization

Nov 29, 2022 Patched in 2.2.9 (420d)

Code Analysis

Analyzed Mar 16, 2026

Super Progressive Web Apps Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

125

323 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

72% escaped448 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

superpwa_addons_interface_render (admin\admin-ui-render-addons.php:309)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Super Progressive Web Apps Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_superpwa_splashscreen_uploaderaddons\apple-touch-icons.php:547

authwp_ajax_superpwa_enable_modules_upgreadaddons\superpwa-push-notification.php:37

authwp_ajax_superpwa_newsletter_submitadmin\admin-ui-render-addons.php:795

authwp_ajax_superpwa_newsletter_hide_formadmin\admin-ui-render-addons.php:810

authwp_ajax_superpwa_get_select2_dataadmin\basic-setup.php:539

authwp_ajax_superpwa_send_feedbackadmin\mb-helper-function.php:106

authwp_ajax_superpwa_reset_all_settingsfunctions\common.php:338

WordPress Hooks 84

actionpre_amp_render_post3rd-party\amp.php:21

actionwp3rd-party\amp.php:23

actionamp_post_template_footer3rd-party\amp.php:33

filteramp_post_template_data3rd-party\amp.php:34

actionamp_post_template_head3rd-party\amp.php:35

actionwp_footer3rd-party\amp.php:42

filteramp_post_template_data3rd-party\amp.php:43

actioninit3rd-party\amp.php:117

filtersuperpwa_manifest3rd-party\onesignal.php:40

filtersuperpwa_sw_filename3rd-party\onesignal.php:43

filtersuperpwa_sw_template3rd-party\onesignal.php:46

filtersuperpwa_manifest3rd-party\onesignal.php:50

filtersuperpwa_sw_filename3rd-party\onesignal.php:53

filtersuperpwa_sw_template3rd-party\onesignal.php:56

actionplugins_loaded3rd-party\onesignal.php:62

filtersuperpwa_manifest3rd-party\onesignal.php:158

filtersuperpwa_sw_filename3rd-party\onesignal.php:167

filtersuperpwa_sw_template3rd-party\onesignal.php:170

actionactivate_onesignal-free-web-push-notifications/onesignal.php3rd-party\onesignal.php:175

actiondeactivate_onesignal-free-web-push-notifications/onesignal.php3rd-party\onesignal.php:214

filtersuperpwa_is_pwa_ready3rd-party\onesignal.php:236

filtersuperpwa_sw_template3rd-party\pushengage.php:11

filtersuperpwa_sw_filename3rd-party\wonderpush.php:30

filtersuperpwa_sw_template3rd-party\wonderpush.php:33

actionplugins_loaded3rd-party\wonderpush.php:36

filtersuperpwa_manifest3rd-party\yandex.php:12

filtersuperpwa_wp_head_tagsaddons\apple-touch-icons.php:68

filtersite_icon_meta_tagsaddons\apple-touch-icons.php:101

actionadmin_initaddons\apple-touch-icons.php:179

actionadmin_enqueue_scriptsaddons\apple-touch-icons.php:321

filtersuperpwa_sw_templateaddons\caching-strategies.php:122

filtersuperpwa_sw_files_to_cacheaddons\caching-strategies.php:159

actionpublish_postaddons\caching-strategies.php:166

actionpublish_pageaddons\caching-strategies.php:167

actionadd_option_superpwa_caching_strategies_settingsaddons\caching-strategies.php:246

actionupdate_option_superpwa_caching_strategies_settingsaddons\caching-strategies.php:247

actionsuperpwa_addon_activated_caching_strategiesaddons\caching-strategies.php:248

actionsuperpwa_addon_deactivated_caching_strategiesaddons\caching-strategies.php:271

actionadmin_initaddons\caching-strategies.php:317

actionadmin_enqueue_scriptsaddons\caching-strategies.php:463

actionadd_option_superpwa_pull_to_refresh_settingsaddons\pull-to-refresh.php:66

actionupdate_option_superpwa_pull_to_refresh_settingsaddons\pull-to-refresh.php:67

actionsuperpwa_addon_activated_pull_to_refreshaddons\pull-to-refresh.php:68

actionadmin_initaddons\pull-to-refresh.php:153

actionwp_enqueue_scriptsaddons\pull-to-refresh.php:365

filtersuperpwa_manifest_start_urladdons\utm-tracking.php:85

actionadd_option_superpwa_utm_tracking_settingsaddons\utm-tracking.php:104

actionupdate_option_superpwa_utm_tracking_settingsaddons\utm-tracking.php:105

actionsuperpwa_addon_activated_utm_trackingaddons\utm-tracking.php:106

actionsuperpwa_addon_deactivated_utm_trackingaddons\utm-tracking.php:126

actionadmin_initaddons\utm-tracking.php:209

actionadmin_post_superpwa_activate_addonadmin\admin-ui-render-addons.php:711

actionadmin_post_superpwa_deactivate_addonadmin\admin-ui-render-addons.php:759

actionadmin_menuadmin\admin-ui-setup.php:97

actionadmin_initadmin\admin-ui-setup.php:447

actionadd_option_superpwa_settingsadmin\admin-ui-setup.php:632

actionupdate_option_superpwa_settingsadmin\admin-ui-setup.php:633

actionadmin_enqueue_scriptsadmin\admin-ui-setup.php:675

filteradmin_footer_textadmin\admin-ui-setup.php:694

filterupdate_footeradmin\admin-ui-setup.php:711

actionactivated_pluginadmin\basic-setup.php:101

actionadmin_noticesadmin\basic-setup.php:137

actionnetwork_admin_noticesadmin\basic-setup.php:171

filtersuperpwa_sw_filenameadmin\basic-setup.php:258

actionadmin_initadmin\basic-setup.php:317

actionplugins_loadedadmin\basic-setup.php:357

filterplugin_row_metaadmin\basic-setup.php:406

actioninitadmin\basic-setup.php:496

actionparse_requestadmin\basic-setup.php:497

actionplugins_loadedadmin\basic-setup.php:499

actionadmin_enqueue_scriptsadmin\basic-setup.php:565

filterquery_varsadmin\basic-setup.php:567

actionadmin_enqueue_scriptsadmin\mb-helper-function.php:108

filteradmin_footeradmin\mb-helper-function.php:121

filteroption_page_capability_superpwa_settings_groupfunctions\common.php:537

filterpre_update_option_superpwa_settingsfunctions\common.php:574

actionwp_headpublic\manifest.php:432

actionfluent_community/portal_headpublic\manifest.php:745

actionwp_enqueue_scriptspublic\sw.php:396

filtersuperpwa_sw_files_to_cachepublic\sw.php:447

filtersuperpwa_sw_never_cache_urlspublic\sw.php:480

filtersuperpwa_sw_never_cache_urlspublic\sw.php:510

filterseraph_accel_jscss_addtypepublic\sw.php:519

actionfluent_community/portal_footerpublic\sw.php:532

Maintenance & Trust

Super Progressive Web Apps Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 9, 2026

PHP min version5.3

Downloads2.3M

Community Trust

Rating92/100

Number of ratings224

Active installs50K

Alternatives

Super Progressive Web Apps Alternatives

PWA

pwa

100

WordPress feature plugin to bring Progressive Web App (PWA) capabilities to Core

20K No CVEs

PWA for WP – Progressive Web Apps Made Simple

pwa-for-wp

PWA plugin is bringing the power of the Progressive Web Apps to the WP & AMP to take the user experience to the next level.

20K 5 CVEs

Hyper PWA

hyper-pwa

Provide Manifest and Service Worker, convert WordPress into Progressive Web Apps (PWA).

300 No CVEs

PWA for WordPress

pwa4wp

PWA for WordPress makes your WordPress site to PWA (Progressive Web App) and makes control of PWA data caches easy.

300 No CVEs

Public Woo Api

public-woo-api

Allows to fetch WooCommerce products, categories, tags, variations and reviews without authentication.

70 No CVEs

Developer Profile

Super Progressive Web Apps Developer Profile

SuperPWA

1 plugin · 50K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

241 days

View full developer profile

Detection Fingerprints

How We Detect Super Progressive Web Apps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/super-progressive-web-apps/public/css/main.css/wp-content/plugins/super-progressive-web-apps/public/js/superpwa-main.js/wp-content/plugins/super-progressive-web-apps/public/js/superpwa-register-worker.js/wp-content/plugins/super-progressive-web-apps/public/js/sw.js/wp-content/plugins/super-progressive-web-apps/public/js/offline.js/wp-content/plugins/super-progressive-web-apps/public/js/pwa-installer.js/wp-content/plugins/super-progressive-web-apps/public/js/icons.js/wp-content/plugins/super-progressive-web-apps/public/js/app.js

Script Paths

/wp-content/plugins/super-progressive-web-apps/public/js/superpwa-main.js/wp-content/plugins/super-progressive-web-apps/public/js/superpwa-register-worker.js/wp-content/plugins/super-progressive-web-apps/public/js/sw.js/wp-content/plugins/super-progressive-web-apps/public/js/offline.js/wp-content/plugins/super-progressive-web-apps/public/js/pwa-installer.js/wp-content/plugins/super-progressive-web-apps/public/js/icons.js+1 more

Version Parameters

super-progressive-web-apps/public/css/main.css?ver=super-progressive-web-apps/public/js/superpwa-main.js?ver=super-progressive-web-apps/public/js/superpwa-register-worker.js?ver=super-progressive-web-apps/public/js/sw.js?ver=super-progressive-web-apps/public/js/offline.js?ver=super-progressive-web-apps/public/js/pwa-installer.js?ver=super-progressive-web-apps/public/js/icons.js?ver=super-progressive-web-apps/public/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

superpwa-logo-wrapsuperpwa-app-bannersuperpwa-install-buttonsuperpwa-menu-iconsuperpwa-welcome-message

HTML Comments

Data Attributes

data-superpwa-app-bannerdata-superpwa-install-buttondata-superpwa-theme-color

JS Globals

window.superPWAwindow.SuperPWA_Settingswindow.SuperPWA_Configvar superpwa_optionsvar superpwa_admin_options

REST Endpoints

/wp-json/superpwa/v1/settings/wp-json/superpwa/v1/status

Shortcode Output

[superpwa_app_banner][superpwa_install_button]

FAQ