WP-Safety

Click Counter by Simple Tools Security & Risk Analysis

wordpress.org/plugins/click-counter

Advanced click tracking for any CSS selector. Analytics, charts, goals, CSV export, visual picker, and more.

80 active installs v1.0.3 PHP 7.4+ WP 6.2+ Updated Feb 11, 2026
analyticsclick-trackingconversionstatisticstracking
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Click Counter by Simple Tools Safe to Use in 2026?

Generally Safe

Score 100/100

Click Counter by Simple Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'click-counter' plugin version 1.0.3 exhibits a generally strong security posture, with excellent adherence to secure coding practices such as the exclusive use of prepared statements for SQL queries and a high percentage of properly escaped output. The absence of known CVEs and a history of no recorded vulnerabilities further reinforces this positive assessment. All identified entry points, including AJAX handlers, shortcodes, and cron events, appear to be protected by appropriate authorization and nonce checks, indicating a deliberate effort to prevent unauthorized access and actions.

Despite the overall strong security, a single high-severity taint flow with an unsanitized path represents a potential concern. While the static analysis did not uncover any directly exploitable vulnerabilities from this, it signifies an area where user-supplied input might not be adequately validated or neutralized before being used in a sensitive operation, which could lead to unexpected behavior or potentially be chained with other factors to exploit a weakness. The plugin also makes an external HTTP request, which, while not inherently a vulnerability, is a potential attack vector if the target endpoint is compromised or if sensitive data is sent unencrypted.

In conclusion, 'click-counter' v1.0.3 is a well-developed plugin with robust security fundamentals. The primary area requiring attention is the identified unsanitized path in the taint analysis. Addressing this specific issue would further solidify the plugin's security and mitigate the remaining identified risk.

Key Concerns

  • High severity taint flow with unsanitized path
  • External HTTP request
Vulnerabilities
None known

Click Counter by Simple Tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Click Counter by Simple Tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
54 prepared
Unescaped Output
19
131 escaped
Nonce Checks
13
Capability Checks
12
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared54 total queries

Output Escaping

87% escaped150 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths
clicco_track_click (click-counter.php:577)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Click Counter by Simple Tools Attack Surface

Entry Points13
Unprotected0

AJAX Handlers 12

noprivwp_ajax_clicco_track_clickclick-counter.php:574
authwp_ajax_clicco_track_clickclick-counter.php:575
authwp_ajax_clicco_add_selectorclick-counter.php:644
authwp_ajax_clicco_update_selectorclick-counter.php:645
authwp_ajax_clicco_delete_selectorclick-counter.php:646
authwp_ajax_clicco_reset_selectorclick-counter.php:647
authwp_ajax_clicco_reset_allclick-counter.php:648
authwp_ajax_clicco_delete_logclick-counter.php:649
authwp_ajax_clicco_export_csvclick-counter.php:650
authwp_ajax_clicco_get_chart_dataclick-counter.php:651
authwp_ajax_clicco_review_actionclick-counter.php:1311
authwp_ajax_clicco_deactivation_feedbackclick-counter.php:1395

Shortcodes 1

[click_count] click-counter.php:1037
WordPress Hooks 9
actionplugins_loadedclick-counter.php:28
actionclicco_daily_cleanupclick-counter.php:167
actioninitclick-counter.php:316
actionwp_enqueue_scriptsclick-counter.php:334
actionwp_footerclick-counter.php:412
actionadmin_menuclick-counter.php:1077
actionadmin_enqueue_scriptsclick-counter.php:1094
actionadmin_footerclick-counter.php:1249
actionadmin_footerclick-counter.php:1332

Scheduled Events 1

clicco_daily_cleanup
Maintenance & Trust

Click Counter by Simple Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version7.4
Downloads562

Community Trust

Rating0/100
Number of ratings0
Active installs80
Alternatives

Click Counter by Simple Tools Alternatives

Epic Tracking

Epic Tracking

epic-tracking

A
100

Easy event tracking for WordPress. Point, click, and track — no code, no tag managers, no third-party scripts.

0 No CVEs
GA Google Analytics – Connect Google Analytics to WordPress

GA Google Analytics – Connect Google Analytics to WordPress

ga-google-analytics

A
100

Adds Google Analytics tracking code to your WordPress site. Supports many tracking features.

400K No CVEs
SlimStat Analytics

SlimStat Analytics

wp-slimstat

A
88

The leading web analytics plugin for WordPress

80K 23 CVEs
Connect Matomo – Analytics Dashboard for WordPress

Connect Matomo – Analytics Dashboard for WordPress

wp-piwik

A
97

Adds Matomo (former Piwik) statistics to your WordPress dashboard and is also able to add the Matomo Tracking Code to your blog.

60K 5 CVEs
Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

A
95

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs
Developer Profile

Click Counter by Simple Tools Developer Profile

Simple Tools

6 plugins · 180 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Click Counter by Simple Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/click-counter/assets/css/chart.css/wp-content/plugins/click-counter/assets/css/editor.css/wp-content/plugins/click-counter/assets/css/frontend.css/wp-content/plugins/click-counter/assets/css/admin.css/wp-content/plugins/click-counter/assets/js/chart.js/wp-content/plugins/click-counter/assets/js/editor.js/wp-content/plugins/click-counter/assets/js/frontend.js/wp-content/plugins/click-counter/assets/js/admin.js
Script Paths
assets/js/frontend.jsassets/js/editor.jsassets/js/admin.jsassets/js/chart.js
Version Parameters
click-counter/assets/css/chart.css?ver=click-counter/assets/css/editor.css?ver=click-counter/assets/css/frontend.css?ver=click-counter/assets/css/admin.css?ver=click-counter/assets/js/chart.js?ver=click-counter/assets/js/editor.js?ver=click-counter/assets/js/frontend.js?ver=click-counter/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
clicco-chartclicco-admin-wrapclicco-goal-row
HTML Comments
CLICCO_FEEDBACK_URLCLICCO_TABLECLICCO_SELECTORS_TABLECLICCO_VERSION+4 more
Data Attributes
data-clicco-selectordata-clicco-name
JS Globals
clicco_chart_dataclicco_chart_labelsclicco_chart_configclicco_chart_instanceclicco_editor_settingsclicco_editor_post_id+1 more
REST Endpoints
/wp-json/ssp-feedback/v1/submit
FAQ

Frequently Asked Questions about Click Counter by Simple Tools