Does Download Counter have any unpatched vulnerabilities?

Yes — Download Counter currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Download Counter compatible with WordPress 6.7.5?

According to WordPress.org data, Download Counter 1.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Download Counter compatible with PHP 5.6.8+?

Download Counter requires PHP 5.6.8 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Download Counter updated?

Download Counter was last updated on Aug 4, 2025. Frequent updates are generally a positive security signal.

What is Download Counter's security score?

Download Counter has a WP-Safety security score of 74/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Download Counter Security & Risk Analysis

wordpress.org/plugins/download-counter

Counts the number of downloads for files and displays a table with the results.

30 active installs v1.4 PHP 5.6.8+ WP + Updated Aug 4, 2025

analyticscount-downloadscounterstatistic-downloadsstatistics

B · Generally Safe

CVEs total2

Unpatched1

Last CVEAug 4, 2025

Plugin page Download

Safety Verdict

Is Download Counter Safe to Use in 2026?

Mostly Safe

Score 74/100

Download Counter is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Aug 4, 2025Updated 8mo ago

Risk Assessment

The 'download-counter' plugin v1.4 exhibits a mixed security posture. On one hand, it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped output, along with the absence of file operations and external HTTP requests, suggesting a developer conscious of common web vulnerabilities. However, the presence of two 'unserialize' calls is a significant concern, as it can lead to Remote Code Execution if not handled with extreme care. While the static analysis shows no unprotected entry points and a reasonable number of nonce checks, the taint analysis highlights one flow with unsanitized paths, which could potentially be exploited for path traversal attacks, especially given the plugin's vulnerability history that includes this very type of vulnerability.

Key Concerns

Unpatched High Severity CVE
High severity taint flow with unsanitized paths
Use of dangerous 'unserialize' function
Vulnerability history includes Path Traversal
Vulnerability history includes XSS

Vulnerabilities

Download Counter Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-8294medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Counter <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter

Aug 4, 2025 Patched in 1.4 (1d)

CVE-2025-60242high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Download Counter <= 1.4 - Unauthenticated Arbitrary File Read

Jun 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Download Counter Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

90 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$file = unserialize($file);download-counter.php:346

unserializereturn @unserialize(get_option(self::$optName));download-counter.php:652

SQL Query Safety

96% prepared24 total queries

Output Escaping

96% escaped94 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

download_counter_plugin_page_statistics (download-counter.php:170)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Download Counter Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[download_counter_url] download-counter.php:64

[download_counter_count] download-counter.php:65

[download_counter_size] download-counter.php:66

[download_counter_date] download-counter.php:67

WordPress Hooks 9

actionplugins_loadeddownload-counter.php:59

actionupgrader_process_completedownload-counter.php:60

actionadmin_menudownload-counter.php:61

actionadmin_menudownload-counter.php:62

filterplugin_action_linksdownload-counter.php:69

filterplugin_action_linksdownload-counter.php:70

filterplugin_row_metadownload-counter.php:71

filterparse_requestdownload-counter.php:72

actionadmin_initdownload-counter.php:74

Maintenance & Trust

Download Counter Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedAug 4, 2025

PHP min version5.6.8

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Download Counter Alternatives

Post Views Counter

post-views-counter

Post Views Counter allows you to collect and display how many times a post, page, or other content has been viewed in a simple, fast and reliable way.

200K 2 CVEs

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

40K 8 CVEs

WP Post Statistics (Visitors & Visits Counter)

wp-post-real-time-statistics

a simple tool to know your post statistics

2K 1 CVE

Kama Click Counter

kama-clic-counter

Count clicks on any link across the site. Creates a beautiful file download block in post content. Includes a widget for top downloads.

900 4 CVEs

ExtraWatch (Live Stats, Realtime tracking, Visits on a map and more)

extrawatch

See visits and clicks on your website in realtime!

100 No CVEs

Developer Profile

Download Counter Developer Profile

Anatoly

2 plugins · 50 total installs

trust score

Avg Security Score

80/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Download Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/download-counter/download-counter.php

Version Parameters

download-counter.php?ver=

HTML / DOM Fingerprints

Shortcode Output

[download_counter_url[download_counter_count[download_counter_size[download_counter_date

FAQ