Does alx ip statistic have any unpatched vulnerabilities?

No. All known vulnerabilities in alx ip statistic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is alx ip statistic compatible with WordPress 5.9.13?

According to WordPress.org data, alx ip statistic 2.3 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is alx ip statistic compatible with PHP 5.6+?

alx ip statistic requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is alx ip statistic updated?

alx ip statistic was last updated on Apr 25, 2022. Frequent updates are generally a positive security signal.

What is alx ip statistic's security score?

alx ip statistic has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

alx ip statistic Security & Risk Analysis

wordpress.org/plugins/ip-statistic

Receiving ip addresses and browser identifiers of visitors on the login page and on any page of the site.

100 active installs v2.3 PHP 5.6+ WP 4.7+ Updated Apr 25, 2022

iplogsecurityshortcodeshortcut

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is alx ip statistic Safe to Use in 2026?

Generally Safe

Score 85/100

alx ip statistic has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "ip-statistic" plugin v2.3 exhibits a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with no apparent AJAX handlers or REST API routes exposed without authentication. Furthermore, there are no recorded CVEs or known vulnerabilities, suggesting a history of stable and secure development. The absence of dangerous functions, file operations, and external HTTP requests is also a good sign.

However, significant concerns arise from the code analysis. A low percentage of SQL queries are using prepared statements, indicating a potential for SQL injection vulnerabilities. The output escaping is also alarmingly low, with only 27% of outputs properly escaped, posing a risk of cross-site scripting (XSS) attacks. The complete absence of nonce checks and capability checks on its single entry point (a shortcode) is a major security gap, as it allows any user, regardless of their role or permissions, to potentially trigger the plugin's functionality, which could then be exploited through the insecure SQL queries or unescaped outputs.

While the plugin has no reported vulnerability history, the internal code practices expose it to common web vulnerabilities. The low number of prepared statements and insufficient output escaping, combined with the lack of authorization checks on its primary entry point, represent the most critical weaknesses. The plugin needs substantial improvements in secure coding practices to mitigate these risks.

Key Concerns

Low percentage of prepared statements for SQL
Low percentage of properly escaped output
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

alx ip statistic Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

alx ip statistic Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

12% prepared33 total queries

Output Escaping

27% escaped88 total outputs

Attack Surface

alx ip statistic Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ip_statistics] ip-statics.php:368

WordPress Hooks 9

actionadmin_initip-statics.php:25

actionadmin_noticesip-statics.php:34

actionadmin_initip-statics.php:110

actionadmin_menuip-statics.php:128

filterplugin_action_linksip-statics.php:132

actionwp_loginip-statics.php:321

actionlogin_footerip-statics.php:326

actionwp_login_failedip-statics.php:331

actionwp_authenticateip-statics.php:580

Maintenance & Trust

alx ip statistic Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedApr 25, 2022

PHP min version5.6

Downloads4K

Community Trust

Rating90/100

Number of ratings2

Active installs100

Alternatives

alx ip statistic Alternatives

Expire User Passwords

expire-user-passwords

100

Require certain users to change their passwords on a regular basis.

3K No CVEs

CloudGuard

cloudguard

100

Use Cloudflare's free geolocation service to restrict access to your site's login page.

1K No CVEs

Prevent Concurrent Logins

prevent-concurrent-logins

Prevents users from staying logged into the same account from multiple places.

900 No CVEs

IP & Country Blocker Lite

ip-blocker-lite

100

Advanced WordPress security plugin with IP/country blocking and two-factor authentication for comprehensive website protection.

300 No CVEs

IP Informant Logger

ip-informant-logger

Logs and displays visitor IP addresses for website security and monitoring.

40 No CVEs

Developer Profile

alx ip statistic Developer Profile

alxinthome

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect alx ip statistic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ip-statistic/includes/css/plugi.css

HTML / DOM Fingerprints

Data Attributes

data-ip-statistic-logindata-ip-statistic-login-error

JS Globals

ip_statistic_login_arrayip_statistic_err_login_arrayip_statistic_showlogin_array

Shortcode Output

[ip_statistic_show]

FAQ