Does WP Pace have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Pace have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Pace compatible with WordPress 3.6.1?

According to WordPress.org data, WP Pace 2.0 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is WP Pace updated?

WP Pace was last updated on Apr 28, 2014. Frequent updates are generally a positive security signal.

What is WP Pace's security score?

WP Pace has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Pace Security & Risk Analysis

wordpress.org/plugins/wp-pace

Create an automatic page load progress bar. Based on Pace - Automatic page load progress bar. Javascript by Zack Bloom CSS by Adam Schwartz.

90 active installs v2.0 PHP + WP 3.0.1+ Updated Apr 28, 2014

loadingloading-animationpaceprogress-bar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Pace Safe to Use in 2026?

Generally Safe

Score 85/100

WP Pace has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The wp-pace v2.0 plugin exhibits a generally positive security posture, particularly in its avoidance of dangerous functions and its exclusive use of prepared statements for SQL queries. The attack surface is minimal, with no identified AJAX handlers or REST API routes that lack authentication checks, and no known vulnerabilities in its history. This suggests a proactive approach to common security pitfalls.

However, a significant concern arises from the static analysis regarding output escaping. With 4 total outputs and 0% properly escaped, there is a high likelihood of cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on the single shortcode, while the capability check is present, could also be a point of weakness if the shortcode is exploitable without proper session validation, although the specific nature of the shortcode's functionality is not detailed.

Overall, while the plugin demonstrates strengths in SQL security and attack surface control, the complete lack of output escaping presents a critical risk that needs immediate attention. The absence of past vulnerabilities is a good sign, but it doesn't negate the current identified risks. The plugin's small attack surface is a mitigating factor, but the unescaped output remains a primary concern.

Key Concerns

No output escaping
No nonce checks on shortcode

Vulnerabilities

None known

WP Pace Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Pace Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

WP Pace Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[pace] pace.php:19

WordPress Hooks 6

actionadmin_initpace-options.php:6

actionadmin_menupace-options.php:7

actionadmin_enqueue_scriptspace-options.php:43

actioninitpace.php:18

filterplugin_action_links_$pluginpace.php:21

actionwp_enqueue_scriptspace.php:22

Maintenance & Trust

WP Pace Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedApr 28, 2014

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings8

Active installs90

Alternatives

WP Pace Alternatives

Automatic Page Load Progress Bar

automatic-page-load-progress-bar

Embed beautiful loading bar on your wordpress website in just a few clics.

70 No CVEs

LoadGo for WP

loadgo-for-wp

Use your logo as a loader for your website/blog using PACE - Automatic page load progress bar and LoadGo Javascript plugin.

60 No CVEs

Page Loader

page-loader

Page Loader is a free Wordpress plugin to show a loader animation while page is being loaded.

3K No CVEs

Brozzme Material Loading

brozzme-material-loading

Add automatic loading and progress bar on each page without coding. Choose between 14 templates and add page progress animations.

80 No CVEs

Mega Lazyload

dmo-spacer-gif-generator

100

Whether building a masonry grid, or trying to increase pagespeed, sometimes it makes sense to use a png as a spacer. Mega lazyload generates automatic …

0 No CVEs

Developer Profile

WP Pace Developer Profile

jamesdbruner

3 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Pace

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-pace/js/pace.js/wp-content/plugins/wp-pace/themes/minimal.css/wp-content/plugins/wp-pace/themes/flash.css/wp-content/plugins/wp-pace/themes/barbershop.css/wp-content/plugins/wp-pace/themes/macosx.css/wp-content/plugins/wp-pace/themes/fill-left.css/wp-content/plugins/wp-pace/themes/flat-top.css/wp-content/plugins/wp-pace/themes/cornerindicator.css+3 more

Script Paths

../js/pace.js

HTML / DOM Fingerprints

CSS Classes

pacepace-progresspace-activity

Shortcode Output

<style>.pace .pace-progress, .pace .pace-activity{background:.pace .pace-progress {margin-top: 32px;}

FAQ