Does Simple Counter have any unpatched vulnerabilities?

Yes — Simple Counter currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Simple Counter compatible with WordPress 6.5.8?

According to WordPress.org data, Simple Counter 1.0.3 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Simple Counter updated?

Simple Counter was last updated on Apr 22, 2024. Frequent updates are generally a positive security signal.

What is Simple Counter's security score?

Simple Counter has a WP-Safety security score of 71/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Counter Security & Risk Analysis

wordpress.org/plugins/abwp-simple-counter

The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.

1K active installs v1.0.3 PHP + WP 3.9+ Updated Apr 22, 2024

%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0metrikastatisticsyandex

B · Generally Safe

CVEs total1

Unpatched1

Last CVEDec 19, 2023

Plugin page Download

Safety Verdict

Is Simple Counter Safe to Use in 2026?

Mostly Safe

Score 71/100

Simple Counter is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Dec 19, 2023Updated 1yr ago

Risk Assessment

The "abwp-simple-counter" plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode and no AJAX handlers or REST API routes. All SQL queries are properly prepared, and there are no detected file operations or external HTTP requests. The presence of a capability check on its sole entry point is also a good sign.

However, significant concerns arise from the lack of output escaping. With 18 outputs and 0% properly escaped, this plugin is highly vulnerable to Cross-Site Scripting (XSS) attacks. The absence of nonce checks on any potential entry points further exacerbates this risk, as it allows for potential Cross-Site Request Forgery (CSRF) if malicious actors can trigger actions. The vulnerability history, which includes a known medium-severity XSS vulnerability that remains unpatched, strongly reinforces these concerns.

In conclusion, while the plugin demonstrates some good security practices like prepared SQL statements, the critical lack of output escaping and the unpatched XSS vulnerability present a substantial risk. The developer needs to address output sanitization and ensure all known vulnerabilities are patched to improve the plugin's security.

Key Concerns

Unpatched Medium CVE
100% Unescaped Output
0 Nonce Checks

Vulnerabilities

Simple Counter Security Vulnerabilities

CVEs by Year

1 CVE in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-50377medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Counter <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Dec 19, 2023Unpatched

Code Analysis

Analyzed Mar 16, 2026

Simple Counter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped18 total outputs

Attack Surface

Simple Counter Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[simple-counter] simple-counter.php:78

WordPress Hooks 7

actionload-metrica_page_counters-settingsincludes\admin-counters.php:7

actioninitsimple-counter.php:30

actionplugins_loadedsimple-counter.php:41

actionadmin_menusimple-counter.php:42

actionadmin_initsimple-counter.php:43

actionwp_headsimple-counter.php:76

actionwp_footersimple-counter.php:77

Maintenance & Trust

Simple Counter Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 22, 2024

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings2

Active installs1K

Alternatives

Simple Counter Alternatives

WT Yandex Metrika

wt-yandex-metrika

Простое добавление на сайт счетчика Яндекс.Метрика

6K No CVEs

Easy Yandex Metrica

easy-yandex-metrica

Easily add statistics display Yandex Metrica to the Wordpress admin panel.

1K No CVEs

Fast Yandex Metrika

fast-yandex-metrika

100

Plugin for configuring the counter and Yandex Metrica goals.

200 No CVEs

Yandex.Metrica

wp-yandex-metrika

The free official Yandex.Metrica plugin for WordPress.

60K 1 unpatched

Yandex Metrica

yandex-metrica

Easy way to use Yandex Metrica on your WordPress site.

20K No CVEs

Developer Profile

Simple Counter Developer Profile

abwp

2 plugins · 2K total installs

trust score

Avg Security Score

82/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wrap

Shortcode Output

[simple-counter id="metrika"][simple-counter id="analytics"]

FAQ