Does Kama Click Counter have any unpatched vulnerabilities?

No. All known vulnerabilities in Kama Click Counter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Kama Click Counter compatible with WordPress 6.8.5?

According to WordPress.org data, Kama Click Counter 4.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Kama Click Counter compatible with PHP 7.4+?

Kama Click Counter requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Kama Click Counter updated?

Kama Click Counter was last updated on Oct 27, 2025. Frequent updates are generally a positive security signal.

What is Kama Click Counter's security score?

Kama Click Counter has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Kama Click Counter Security & Risk Analysis

wordpress.org/plugins/kama-clic-counter

Count clicks on any link across the site. Creates a beautiful file download block in post content. Includes a widget for top downloads.

900 active installs v4.1.1 PHP 7.4+ WP 5.9+ Updated Oct 27, 2025

analyticscount-clickscounterstatistics

A · Safe

CVEs total4

Unpatched0

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Kama Click Counter Safe to Use in 2026?

Generally Safe

Score 95/100

Kama Click Counter has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Sep 22, 2025Updated 5mo ago

Risk Assessment

The kama-clic-counter plugin, version 4.1.1, presents a mixed security posture. While it demonstrates some good practices like utilizing prepared statements for a majority of SQL queries and having a relatively small attack surface with no directly unprotected entry points, several areas raise concerns. The presence of 7 taint flows with unsanitized paths, including two of high severity, is a significant red flag, indicating potential vulnerabilities if these flows are not handled correctly by downstream sanitization or escaping.

The vulnerability history of this plugin is also a point of concern. With a total of 4 known CVEs, and a history of both Cross-Site Scripting and SQL Injection vulnerabilities, it suggests a pattern of input validation and output escaping weaknesses. Although there are currently no unpatched vulnerabilities, the recurring nature of these exploit types implies that developers should be extra vigilant about the handling of user-supplied data. The plugin's strengths lie in its limited attack surface and efforts towards secure SQL querying, but the identified taint flows and past vulnerabilities require careful consideration and robust security practices.

In conclusion, while not exhibiting critical immediate threats based on the static analysis of this version, the plugin's history of critical vulnerability types and the presence of high-severity taint flows warrant attention. The developers should prioritize thorough review and remediation of any code paths that could lead to the identified unsanitized flows, and a proactive approach to security testing is recommended to prevent future occurrences of common vulnerability types.

Key Concerns

High severity taint flows found (2)
Unsanitized paths in taint flows (7)
SQL queries not using prepared statements (33% raw)
Output not properly escaped (37%)
Vulnerability history of XSS and SQLi
Bundled library (TinyMCE)

Vulnerabilities

Kama Click Counter Security Vulnerabilities

CVEs by Year

2 CVEs in 2017

2017

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-58682medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kama Click Counter <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 4.1.0 (39d)

CVE-2025-49861medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kama Click Counter <= 4.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 12, 2025 Patched in 4.0.4 (6d)

CVE-2017-18615medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kama Click Counter <= 3.4.9 - Cross-Site Scripting

Feb 27, 2017 Patched in 3.5.0 (2521d)

CVE-2017-18614high · 8.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Kama Click Counter <= 3.4.9 - Blind SQL Injection

Feb 27, 2017 Patched in 3.5.0 (2521d)

Code Analysis

Analyzed Mar 16, 2026

Kama Click Counter Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

128 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

67% prepared33 total queries

Output Escaping

63% escaped203 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths

_redirect (src\Counter.php:379)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Kama Click Counter Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[download] src\Download_Shortcode.php:11

WordPress Hooks 15

actionafter_setup_themekama_click_counter.php:32

actiondelete_attachmentsrc\Admin.php:22

actionedit_attachmentsrc\Admin.php:23

actionwp_loadedsrc\Admin.php:25

actionadmin_menusrc\Admin_Page.php:13

filterthe_contentsrc\Content_Replacer.php:15

actionwp_footersrc\Counter.php:23

actioninitsrc\Counter.php:24

actionwp_headsrc\Download_Shortcode.php:12

actionadmin_noticessrc\Helpers.php:12

actionadmin_bar_menusrc\Plugin.php:73

filtermce_buttons_2src\TinyMCE.php:16

filtermce_external_pluginssrc\TinyMCE.php:17

filterwp_mce_translationsrc\TinyMCE.php:18

actionwidgets_initsrc\Widget.php:22

Maintenance & Trust

Kama Click Counter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 27, 2025

PHP min version7.4

Downloads39K

Community Trust

Rating78/100

Number of ratings9

Active installs900

Alternatives

Kama Click Counter Alternatives

Post Views Counter

post-views-counter

Post Views Counter allows you to collect and display how many times a post, page, or other content has been viewed in a simple, fast and reliable way.

200K 2 CVEs

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

40K 8 CVEs

WP Post Statistics (Visitors & Visits Counter)

wp-post-real-time-statistics

a simple tool to know your post statistics

2K 1 CVE

ExtraWatch (Live Stats, Realtime tracking, Visits on a map and more)

extrawatch

See visits and clicks on your website in realtime!

100 No CVEs

Download Counter

download-counter

Counts the number of downloads for files and displays a table with the results.

30 1 unpatched

Developer Profile

Kama Click Counter Developer Profile

Timur Kamaev

5 plugins · 22K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

1448 days

View full developer profile

Detection Fingerprints

How We Detect Kama Click Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kama-clic-counter/assets/counter.min.js

Version Parameters

kama-clic-counter/style.css?ver=kama-clic-counter/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

kama-click-counterkcc-download-btn

HTML Comments

Data Attributes

data-kcc-id

JS Globals

kama_click_counter

Shortcode Output

[download url=

FAQ