Does Dashboard Wordcount have any unpatched vulnerabilities?

No. All known vulnerabilities in Dashboard Wordcount have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dashboard Wordcount compatible with WordPress 4.6.30?

According to WordPress.org data, Dashboard Wordcount 0.8 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Dashboard Wordcount updated?

Dashboard Wordcount was last updated on Oct 11, 2016. Frequent updates are generally a positive security signal.

What is Dashboard Wordcount's security score?

Dashboard Wordcount has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dashboard Wordcount Security & Risk Analysis

wordpress.org/plugins/dashboard-wordcount

Updates the Dashboard's At a Glance widget to show the total word count of all the published posts and age of this WordPress website.

500 active installs v0.8 PHP + WP 3.8.0+ Updated Oct 11, 2016

countdashboardwordword-countwords

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Dashboard Wordcount Safe to Use in 2026?

Generally Safe

Score 85/100

Dashboard Wordcount has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "dashboard-wordcount" plugin version 0.8 exhibits a strong security posture based on the provided static analysis. There are no identified entry points like AJAX handlers, REST API routes, or shortcodes that are accessible to unauthenticated users. Furthermore, the code shows no signs of dangerous functions being used, all SQL queries are properly prepared, and there are no file operations or external HTTP requests that could be exploited. The absence of vulnerability history, including known CVEs, further reinforces this positive assessment. This indicates a diligent approach to secure coding practices within the plugin.

However, a significant concern arises from the output escaping analysis. With 3 total outputs and 0% properly escaped, this presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed on the dashboard without proper sanitization could be manipulated to inject malicious scripts. While the plugin's limited attack surface and absence of other common vulnerabilities are strengths, the lack of output escaping is a critical oversight that needs immediate attention. The taint analysis results are inconclusive due to zero flows analyzed, so no deductions can be made in that regard. The overall conclusion is that while the plugin is architecturally secure against many common attack vectors, the unescaped output creates a substantial and actionable security risk.

Key Concerns

All outputs are unescaped, risking XSS

Vulnerabilities

None known

Dashboard Wordcount Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Dashboard Wordcount Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Attack Surface

Dashboard Wordcount Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_initdashboard-wordcount.php:29

actiondashboard_glance_itemsdashboard-wordcount.php:54

actiondashboard_glance_itemsdashboard-wordcount.php:65

actiondashboard_glance_itemsdashboard-wordcount.php:78

Maintenance & Trust

Dashboard Wordcount Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedOct 11, 2016

PHP min version

Downloads9K

Community Trust

Rating100/100

Number of ratings4

Active installs500

Alternatives

Dashboard Wordcount Alternatives

Just Writing Statistics

just-writing-statistics

Calculate your writing statistics on your WordPress site.

1K 3 CVEs

Post Word Counter – Content Insights Dashboard

doubledome-wordcount-details-dashboard

100

The Word Counter plugin offers a dedicated dashboard view that tracks the word count, post count, pages wordcount, and custom post types across your e …

200 No CVEs

Word Counter Plus

word-counter-plus

100

🔥 Supercharge your content workflow with Word Counter Plus — the ultimate tool for tracking, sorting, and filtering word counts in your WordPress post …

50 No CVEs

Keyword Counter And Density Calculator

keyword-counter-and-density-calculator

The Keyword Counter & Density Calculator plugin calculates how many times and how commonly each keyword is used in a post or a page.

10 No CVEs

Reading Time WP

reading-time-wp

Reading Time WP creates an estimated reading time of your posts that is inserted above the content or by using a shortcode.

30K No CVEs

Developer Profile

Dashboard Wordcount Developer Profile

ricardjorg

1 plugin · 500 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Dashboard Wordcount

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

word-countyear-countcomment-word-count

FAQ