WP-Safety

TDD Progress Bar Security & Risk Analysis

wordpress.org/plugins/tdd-progress-bar

Configure and display any number of percent-complete progress bars.

20 active installs v0.5.2 PHP + WP 3.3+ Updated Jun 2, 2012
progressshortcodewidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is TDD Progress Bar Safe to Use in 2026?

Generally Safe

Score 85/100

TDD Progress Bar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The "tdd-progress-bar" plugin v0.5.2 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history are significant positives, suggesting a history of secure development. The plugin effectively utilizes prepared statements for its single SQL query and implements both nonce and capability checks for its single AJAX handler, which is a good practice for protecting sensitive operations. The limited attack surface, with no exposed REST API routes and no cron events, further contributes to its security.

However, the static analysis reveals a concern regarding output escaping, with only 56% of outputs being properly escaped. This means a notable portion of the plugin's output is vulnerable to Cross-Site Scripting (XSS) attacks, where malicious scripts could be injected into content displayed by the plugin. While there are no critical or high severity taint flows identified, and no dangerous functions are used, the unescaped output remains the primary risk identified in the code. The presence of bundled jQuery is common but could be a concern if it's an outdated version, though this is not explicitly stated in the provided data.

In conclusion, the plugin demonstrates good practices in input validation and access control for its entry points. The lack of historical vulnerabilities is reassuring. The main area for improvement is to ensure all outputs are properly escaped to mitigate XSS risks. If the bundled jQuery is outdated, updating it would also be a prudent security measure. Overall, it's a relatively secure plugin with a manageable risk profile, primarily centered around output sanitization.

Key Concerns

  • Output escaping is not consistently applied (56%)
Vulnerabilities
None known

TDD Progress Bar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

TDD Progress Bar Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
32
40 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

100% prepared1 total queries

Output Escaping

56% escaped72 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
tdd_pb_ajax_qe_handler (inc\admin.php:292)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TDD Progress Bar Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 1

authwp_ajax_tdd_pb_get_custom_valuesinc\admin.php:320

Shortcodes 2

[progress] tdd-progress-bar.php:164
[tdd_pb] tdd-progress-bar.php:165
WordPress Hooks 18
actionadd_meta_boxesinc\admin.php:27
actionadmin_enqueue_scriptsinc\admin.php:38
actionadmin_footer-tdd_pb_page_settingsinc\admin.php:46
actionadmin_footer-post.phpinc\admin.php:47
actionsave_postinc\admin.php:222
filtermanage_edit-tdd_pb_columnsinc\admin.php:235
actionmanage_posts_custom_columninc\admin.php:258
actionquick_edit_custom_boxinc\admin.php:287
actionadmin_footerinc\admin.php:353
filterpost_row_actionsinc\admin.php:371
actionadmin_menuinc\admin.php:379
actionadmin_initinc\admin.php:380
actionwidgets_initinc\widget.php:10
actionadmin_enqueue_scriptsinc\widget.php:22
actioninittdd-progress-bar.php:18
actioninittdd-progress-bar.php:53
actioninittdd-progress-bar.php:76
actioninittdd-progress-bar.php:111
Maintenance & Trust

TDD Progress Bar Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedJun 2, 2012
PHP min version
Downloads9K

Community Trust

Rating60/100
Number of ratings3
Active installs20
Alternatives

TDD Progress Bar Alternatives

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

C
67

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 1 unpatched
Apollo13 Framework Extensions

Apollo13 Framework Extensions

apollo13-framework-extensions

A
95

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs
Kaya QR Code Generator

Kaya QR Code Generator

kaya-qr-code-generator

A
99

Generate QR Code through Widgets and Shortcodes, without any dependencies.

20K 2 CVEs
Donations via PayPal

Donations via PayPal

paypal-donations

A
100

Easy, simple setup to add a PayPal Donation button as a Widget or with a shortcode.

20K 1 CVE
Reusable Blocks Extended

Reusable Blocks Extended

reusable-blocks-extended

A
100

Extend Gutenberg Reusable Blocks feature with a complete admin panel, widgets, shortcodes and PHP functions.

20K 1 CVE
Developer Profile

TDD Progress Bar Developer Profile

Taylor Dewey

3 plugins · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TDD Progress Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tdd-progress-bar/css/default.css/wp-content/plugins/tdd-progress-bar/css/default.min.css/wp-content/plugins/tdd-progress-bar/js/animate.js/wp-content/plugins/tdd-progress-bar/js/animate.min.js
Script Paths
/wp-content/plugins/tdd-progress-bar/js/animate.js/wp-content/plugins/tdd-progress-bar/js/animate.min.js
Version Parameters
tdd_pb_styletdd_pb_js

HTML / DOM Fingerprints

CSS Classes
tdd_pb_bar_containertdd_pb_bartdd_pb_numberstdd_pb_redtdd_pb_race
Data Attributes
aria-valuemaxaria-valueminaria-valuenowrole="progressbar"data-progress
Shortcode Output
<div class="tdd_pb_bar_container<div class="tdd_pb_numbers<div class="tdd_pb_bar
FAQ

Frequently Asked Questions about TDD Progress Bar