Does DX2 Post Hit Counter have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is DX2 Post Hit Counter compatible with WordPress 4.7.33?

According to WordPress.org data, DX2 Post Hit Counter 1.3 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is DX2 Post Hit Counter updated?

DX2 Post Hit Counter was last updated on Mar 31, 2017. Frequent updates are generally a positive security signal.

What is DX2 Post Hit Counter's security score?

DX2 Post Hit Counter has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DX2 Post Hit Counter Security & Risk Analysis

wordpress.org/plugins/dx2-post-hit-counter

A lightweight counter to track the number of hits on all posts on the website.

30 active installs v1.3 PHP + WP 3.0.1+ Updated Mar 31, 2017

commentscounthitpage-viewstraffic

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is DX2 Post Hit Counter Safe to Use in 2026?

Generally Safe

Score 85/100

DX2 Post Hit Counter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The dx2-post-hit-counter plugin v1.3 exhibits a generally good security posture with a limited attack surface and no publicly known vulnerabilities. All identified entry points, including the four AJAX handlers, appear to have authentication checks, which is a strong mitigating factor against unauthorized access. The absence of taint analysis findings for critical or high severity issues, along with zero recorded CVEs, further reinforces a positive security outlook. However, the static analysis does reveal areas for improvement. Notably, 100% of SQL queries are not using prepared statements, which introduces a significant risk of SQL injection vulnerabilities. Additionally, only 14% of output is properly escaped, suggesting a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of a dangerous function like `create_function` is also a concern, as it can lead to code execution vulnerabilities if not handled with extreme care. While the plugin has a clean vulnerability history, the identified code quality issues, particularly the lack of prepared statements for SQL and insufficient output escaping, present real security risks that need to be addressed.

Key Concerns

All SQL queries use prepared statements.
All outputs are properly escaped.
Dangerous function create_function detected.
SQL queries without prepared statements.
Low percentage of properly escaped outputs.

Vulnerabilities

None known

DX2 Post Hit Counter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

DX2 Post Hit Counter Release Timeline

v1.3Current

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

DX2 Post Hit Counter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("dx2hits_popular_posts_widgetdx2posthitcounter.php:542

SQL Query Safety

0% prepared12 total queries

Output Escaping

14% escaped44 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

dx2hits_count_hit_callback (dx2posthitcounter.php:40)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DX2 Post Hit Counter Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_count_hitdx2posthitcounter.php:38

noprivwp_ajax_count_hitdx2posthitcounter.php:39

authwp_ajax_clear_hit_countdx2posthitcounter.php:122

noprivwp_ajax_clear_hit_countdx2posthitcounter.php:123

WordPress Hooks 10

actionwp_enqueue_scriptsdx2posthitcounter.php:17

actionmanage_posts_custom_columndx2posthitcounter.php:72

filtermanage_posts_columnsdx2posthitcounter.php:82

actionadmin_bar_menudx2posthitcounter.php:106

actionpost_submitbox_misc_actionsdx2posthitcounter.php:109

actionadmin_enqueue_scriptsdx2posthitcounter.php:194

actionwp_dashboard_setupdx2posthitcounter.php:262

actionwp_network_dashboard_setupdx2posthitcounter.php:320

actionadmin_menudx2posthitcounter.php:385

actionwidgets_initdx2posthitcounter.php:542

Maintenance & Trust

DX2 Post Hit Counter Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedMar 31, 2017

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs30

Alternatives

DX2 Post Hit Counter Alternatives

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

30K 8 CVEs

WPS Visitor Counter

wps-visitor-counter

Display website visitor statistics with widget, shortcode, and Gutenberg block support.

10K 1 unpatched

SRS Simple Hits Counter

srs-simple-hits-counter

Simple plugin to count and show a total number of hits (Unique visitors or page-views) to the site without using any third party code.

8K 2 CVEs

Real-Time Post Statistics for WordPress

wp-post-real-time-statistics

A lightweight and simple tool to track your post statistics with real insights.

2K 1 CVE

Plugin Name: Traffic Stats Widget Plugin

traffic-stats-widget

TSW lets your users know how much traffic you have on your blog. It counts pages visited, hits and unique IPs on your blog and shows it in a widget.

700 No CVEs

Developer Profile

DX2 Post Hit Counter Developer Profile

dx2systems

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DX2 Post Hit Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dx2-post-hit-counter/style.css/wp-content/plugins/dx2-post-hit-counter/scripts/counthit.js/wp-content/plugins/dx2-post-hit-counter/scripts/functions.js/wp-content/plugins/dx2-post-hit-counter/chartjs/Chart.bundle.min.js

Script Paths

/wp-content/plugins/dx2-post-hit-counter/scripts/counthit.js/wp-content/plugins/dx2-post-hit-counter/scripts/functions.js/wp-content/plugins/dx2-post-hit-counter/chartjs/Chart.bundle.min.js

Version Parameters

dx2-post-hit-counter/style.css?v=1.0.5dx2-post-hit-counter/scripts/counthit.js?ver=1.0.0dx2-post-hit-counter/scripts/functions.js?ver=1.0.0dx2-post-hit-counter/chartjs/Chart.bundle.min.js?ver=1.0.0

HTML / DOM Fingerprints

Data Attributes

id="ab-dx2hits"id="dx2_posthitcount"

JS Globals

hitdatareset

REST Endpoints

/wp-json/dx2-post-hit-counter/v1/count-hit

FAQ