[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fy2iODAFhuFKXHDgOiltYJga-M6AfOu4BSOR1i4-iC_M":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":9,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":141,"fingerprints":392},"mechanic-visitor-counter","Mechanic Visitor Counter","3.3.3","Aditya Subawa","https:\u002F\u002Fprofiles.wordpress.org\u002Fadityasubawa\u002F","","Mechanic Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include …",8000,222754,72,15,"2021-01-02T07:20:00.000Z","5.5.18","4.5.3",[19,20,21,22,23],"blog-stats","traffic-counter","traffic-statistics","visitor-counter","visitor-traffic","https:\u002F\u002Fwww.adityasubawa.com\u002Fmechanic-visitor-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmechanic-visitor-counter.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"adityasubawa",4,8230,89,30,86,"2026-04-03T21:14:38.675Z",[40,58,81,100,121],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":9,"tags":55,"homepage":56,"download_link":57,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"xt-visitor-counter","XT Visitor Counter","1.4.3","xtrsyz","https:\u002F\u002Fprofiles.wordpress.org\u002Fxtrsyz\u002F","\u003Cp>XT Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress.Some of the features offered include Today Visitor, Today Hits, Total Hits, Total Visit, Who’s Online and IP Address Visitors.\u003C\u002Fp>\n\u003Cp>Upload and Install XT Visitor Counter Plugins, Activate and Drag the Widgets in to your WordPress Sidebar. And this plugins will useless for a thousands of websites. If you were here, download and install it, you’ll like it.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Refer Installation and FAQ section for all required information\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Most simple plugin available so far\u003C\u002Fli>\n\u003Cli>Do not remove developer plugins link\u003C\u002Fli>\n\u003C\u002Fol>\n","XT Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include Today …",7000,106479,84,5,"2023-01-31T15:01:00.000Z","6.1.10","3.0.1",[19,20,21,22,23],"http:\u002F\u002Fxtrsyz.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxt-visitor-counter.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":77,"download_link":78,"security_score":68,"vuln_count":79,"unpatched_count":79,"last_vuln_date":80,"fetched_at":29},"wps-visitor-counter","WPS Visitor Counter","1.4.9","techmix","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechmix\u002F","\u003Cp>WPS Visitor Counter plugin is one of the best visitor counter plugin in wordpress. This plugin will help you to display the number of visitor your website have and its traffic statistics for your WordPress website. We have tried to include all the available data you needed to show in the visitor counter. Here are the items we are showing on our visitor counter:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users Today\u003C\u002Fli>\n\u003Cli>Users Yesterday\u003C\u002Fli>\n\u003Cli>Users Last 7 days\u003C\u002Fli>\n\u003Cli>Users Last 30 days\u003C\u002Fli>\n\u003Cli>Users This Month\u003C\u002Fli>\n\u003Cli>Users This Year\u003C\u002Fli>\n\u003Cli>Total Users\u003C\u002Fli>\n\u003Cli>Views Today\u003C\u002Fli>\n\u003Cli>Views Yesterday\u003C\u002Fli>\n\u003Cli>Views Last 7 days\u003C\u002Fli>\n\u003Cli>Views Last 30 days\u003C\u002Fli>\n\u003Cli>Views This Month\u003C\u002Fli>\n\u003Cli>Views This Year\u003C\u002Fli>\n\u003Cli>Total Views\u003C\u002Fli>\n\u003Cli>Who’s Online\u003C\u002Fli>\n\u003Cli>Your IP Address\u003C\u002Fli>\n\u003Cli>Server Time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You will find all the data authentic and this will help you to get your website traffic stats. Just install the plugin. It will take effect just after you install it on your website. Our plugin is compatible for all types of websites and able to run in all versions of WordPress.\u003C\u002Fp>\n\u003Ch4>WPS Visitor Counter shortcode\u003C\u002Fh4>\n\u003Cp>Use this [wps_visitor_counter] Shortcode anywhere in your website where you want to show visitor counter.\u003C\u002Fp>\n\u003Ch3>gutenberg block supported\u003C\u002Fh3>\n\u003Ch4>Translation Support\u003C\u002Fh4>\n\u003Cp>The plugin is fully internationalized and supports multiple languages. Translation files are located in the \u002Flanguages\u002F directory.\u003C\u002Fp>\n\u003Cp>Currently available languages:\u003Cbr \u002F>\n* English (default)\u003Cbr \u002F>\n* Spanish (es_ES) – Complete translation included\u003C\u002Fp>\n\u003Cp>To create translations for other languages:\u003Cbr \u002F>\n1. Use the wps-visitor-counter.pot file as a template\u003Cbr \u002F>\n2. Create a .po file for your language (e.g., wps-visitor-counter-fr_FR.po)\u003Cbr \u002F>\n3. Translate the strings and compile to .mo format\u003Cbr \u002F>\n4. WordPress will automatically load the appropriate translation file\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Refer Installation and FAQ section for all required information\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and feature requests, please visit our website at https:\u002F\u002Ftechmix.xyz\u002F\u003C\u002Fp>\n","Display website visitor statistics with widget, shortcode, and Gutenberg block support.",10000,118356,78,8,"2026-01-21T19:29:00.000Z","6.9.4","5.0","7.4",[19,75,21,22,76],"hit-counter","website-counter","https:\u002F\u002Ftechmix.xyz\u002Fdownloads\u002Fwps-visitor-counter-plugin-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-visitor-counter.1.4.9.zip",1,"2025-11-21 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":27,"num_ratings":27,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":98,"download_link":99,"security_score":89,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"mc-visitor-tally","MC Visitor Tally","2.8.3","Mike Hickcox","https:\u002F\u002Fprofiles.wordpress.org\u002Fmike-hickcox\u002F","\u003Cp>Easy-to-use visitor counter designed for the website admin. With a clean look appropriate for a professional website. Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unique site visitor counts in these time frames: Today, Yesterday, Past 7 Days, Current Month, Current Year.\u003C\u002Fli>\n\u003Cli>Counts are shown in an admin dashboard widget which appears when the plugin is activated.\u003C\u002Fli>\n\u003Cli>The admin dashboard widget has an optional table of monthly totals for comparisons.\u003C\u002Fli>\n\u003Cli>The dashboard widget tells when the plugin was installed so you know when the counts on your website began.\u003C\u002Fli>\n\u003Cli>Use the front-end WIDGET (MC Visitor Tally) to place the tallies on website pages, sidebars, and\u002For footer.\u003C\u002Fli>\n\u003Cli>Use the SHORTCODE [mcvt-visitor-tally] to place the tallies in sidebars, pages, and other locations on the website.\u003C\u002Fli>\n\u003Cli>Use any of several styles of visitor tables on your website with the shortcode and widget.\u003C\u002Fli>\n\u003Cli>The year-to-date count on the shortcode and widget can be turned off if you don’t want to show the YTD numbers at this time.\u003C\u002Fli>\n\u003Cli>Visitor data more than one year old are automatically deleted from the plugin’s database table, removing unneeded records.\u003C\u002Fli>\n\u003Cli>Counts are real people, as most bots and crawlers will not be counted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings and Use\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>SETTINGS LINK: Find “MC Visitor Tally” under “Settings” in the left menu. Also found under the plugin name in the list of installed plugins.\u003C\u002Fli>\n\u003Cli>MONTHLY COMPARISONS: Decide if you want month-to-month totals shown in the admin dashboard widget for comparisons. Also shows the total for the past 12 months.\u003C\u002Fli>\n\u003Cli>ONLINE TABLE STYLES: Choose a style for online tables. Experiment with this – themes and page builders display these tables very differently.\u003C\u002Fli>\n\u003Cli>YEAR-TO-DATE TOTALS: On the settings page, you can turn off the year-to-date counts on your website pages.\u003C\u002Fli>\n\u003Cli>WIDGET: Use the widget (MC Visitor Tally) to add the counter to sidebars or other widget-enabled areas of the website.\u003C\u002Fli>\n\u003Cli>SHORTCODE: Use the shortcode [mcvt-visitor-tally] to add the counter to any page, sidebar, or the footer.\u003C\u002Fli>\n\u003Cli>ON PLUGIN REMOVAL: On the settings page, you can decide not to delete the database table when removing the plugin – if you intend to re-install it later.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays unique daily visits. Web page tables. Dashboard widget with monthly comparisons.",100,4869,"2025-11-25T21:41:00.000Z","6.6.5","4.7","7.0",[75,20,96,22,97],"traffic-stats","visitor-stats","https:\u002F\u002Fmid-coast.com\u002Fmc-visitor-tally","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmc-visitor-tally.2.8.3.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":72,"tags":115,"homepage":119,"download_link":120,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-visitors-widget","Live Visitor Counter","2.2","Adam Z","https:\u002F\u002Fprofiles.wordpress.org\u002Fliveplugins\u002F","\u003Cp>What Makes this Counter Unique from others?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to install\u003C\u002Fli>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Beautifully designed counters\u003C\u002Fli>\n\u003Cli>Extremely lightweight \u003C\u002Fli>\n\u003Cli>Free Forever\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FEATURES INCLUDE:\u003C\u002Fh4>\n\u003Cp>The free Live Visitor Counter widget includes the following features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Live visitors\u003C\u002Fli>\n\u003Cli>Today’s visitors\u003C\u002Fli>\n\u003Cli>Total visitors\u003C\u002Fli>\n\u003Cli>Dark Mode\u003C\u002Fli>\n\u003Cli>Unique Visitor Per Session\u003C\u002Fli>\n\u003Cli>Transfer your numbers from previous counters\u003C\u002Fli>\n\u003Cli>Lighter and faster\u003C\u002Fli>\n\u003Cli>Transparent background Style\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The design is minimalistic and simple and works with all kind of website styles.\u003C\u002Fp>\n","Wordpress Live Visitor Counter allows you to display how many times a page has been viewed with this simple, fast and easy to use the plugin.",4000,85930,80,12,"2023-06-20T10:26:00.000Z","6.2.9","4.0",[116,117,118],"click-counter","marketing","wordpress-visitor-counter","http:\u002F\u002Fvisitorplugin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-visitors-widget.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":89,"num_ratings":51,"last_updated":131,"tested_up_to":71,"requires_at_least":132,"requires_php":72,"tags":133,"homepage":9,"download_link":138,"security_score":139,"vuln_count":79,"unpatched_count":27,"last_vuln_date":140,"fetched_at":29},"counter-visitor-for-woocommerce","Counter live visitors for WooCommerce","1.4.0","DanielRiera","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielriera\u002F","\u003Cp>🎉+1.000 Active installations!!🎉\u003C\u002Fp>\n\u003Cblockquote>\n\u003Ch3>Important NOTE\u003C\u002Fh3>\n\u003Cp>If your website uses a cache plugin, you can activate the option ‘Your site use cache system?’, This option will enable an additional call to show the block of active users 🙂\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>It is not a simple visitor counter, this counter is shown on each product with the number of users who are currently viewing that same product\u003C\u002Fp>\n\u003Cp>Navigate to Woocommerce -> Visitor Counter in the administration menu for configure\u003C\u002Fp>\n\u003Cp>You use Elementor or other page builder?\u003C\u002Fp>\n\u003Cp>Try [wcvisitor] shortcode, available from 1.1.2 version\u003C\u002Fp>\n\u003Cp>Since version 1.2.0 the \u003Cstrong>\u003Cem>msgone\u003C\u002Fem>\u003C\u002Fstrong> and \u003Cstrong>\u003Cem>msgmore\u003C\u002Fem>\u003C\u002Fstrong> parameters are included (optionals) to customize the message for each shortcode, example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>[wcvisitor msgOne=”Only One” msgMore=”Now %n users on this product”]\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>Español (Spanish), English (English US)\u003C\u002Fp>\n","Show user count on product",1000,34563,"2026-03-15T01:02:00.000Z","4.3",[134,135,136,22,137],"counter","live","visitor","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcounter-visitor-for-woocommerce.1.4.0.zip",98,"2025-07-15 18:17:09",{"attackSurface":142,"codeSignals":170,"taintFlows":351,"riskAssessment":380,"analyzedAt":391},{"hooks":143,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":169,"entryPointCount":79,"unprotectedCount":27},[144,150,154,158],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","plugins_loaded","statsmechanic_load_textdomain","wp-statsmechanic.php",13,{"type":145,"name":151,"callback":152,"file":148,"line":153},"widgets_init","register_wp_statsmechanic",286,{"type":145,"name":155,"callback":156,"file":148,"line":157},"admin_menu","statsmechanic_menu",318,{"type":145,"name":159,"callback":160,"file":148,"line":161},"admin_notices","statsmechanic_admin_notice__error",506,[],[],[165],{"tag":166,"callback":167,"file":148,"line":168},"mechanic_visitor","mvc_shortcode",313,[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":198,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":79,"bundledLibraries":350},[],{"prepared":173,"raw":174,"locations":175},7,10,[176,179,181,183,185,187,189,191,193,196],{"file":148,"line":177,"context":178},169,"$wpdb->query() with variable interpolation",{"file":148,"line":180,"context":178},172,{"file":148,"line":182,"context":178},175,{"file":148,"line":184,"context":178},179,{"file":148,"line":186,"context":178},181,{"file":148,"line":188,"context":178},184,{"file":148,"line":190,"context":178},186,{"file":148,"line":192,"context":178},188,{"file":148,"line":194,"context":195},192,"$wpdb->get_var() with variable interpolation",{"file":148,"line":197,"context":178},199,{"escaped":27,"rawEcho":199,"locations":200},107,[201,204,205,206,207,209,210,211,212,214,215,216,217,219,220,221,222,223,224,225,226,228,229,230,231,232,234,235,236,238,239,240,242,243,244,246,247,248,250,251,252,254,255,256,258,259,260,262,263,264,266,267,268,270,272,273,274,276,277,279,281,283,284,286,288,289,290,291,293,294,295,296,298,299,300,301,303,304,305,306,308,309,310,311,313,314,315,316,318,319,320,322,324,326,327,328,329,331,333,335,337,339,340,342,344,346,348],{"file":148,"line":202,"context":203},87,"raw output",{"file":148,"line":202,"context":203},{"file":148,"line":202,"context":203},{"file":148,"line":202,"context":203},{"file":148,"line":208,"context":203},88,{"file":148,"line":208,"context":203},{"file":148,"line":208,"context":203},{"file":148,"line":208,"context":203},{"file":148,"line":213,"context":203},93,{"file":148,"line":213,"context":203},{"file":148,"line":213,"context":203},{"file":148,"line":213,"context":203},{"file":148,"line":218,"context":203},95,{"file":148,"line":218,"context":203},{"file":148,"line":218,"context":203},{"file":148,"line":218,"context":203},{"file":148,"line":139,"context":203},{"file":148,"line":139,"context":203},{"file":148,"line":139,"context":203},{"file":148,"line":139,"context":203},{"file":148,"line":227,"context":203},99,{"file":148,"line":227,"context":203},{"file":148,"line":199,"context":203},{"file":148,"line":199,"context":203},{"file":148,"line":199,"context":203},{"file":148,"line":233,"context":203},108,{"file":148,"line":233,"context":203},{"file":148,"line":233,"context":203},{"file":148,"line":237,"context":203},109,{"file":148,"line":237,"context":203},{"file":148,"line":237,"context":203},{"file":148,"line":241,"context":203},110,{"file":148,"line":241,"context":203},{"file":148,"line":241,"context":203},{"file":148,"line":245,"context":203},111,{"file":148,"line":245,"context":203},{"file":148,"line":245,"context":203},{"file":148,"line":249,"context":203},112,{"file":148,"line":249,"context":203},{"file":148,"line":249,"context":203},{"file":148,"line":253,"context":203},113,{"file":148,"line":253,"context":203},{"file":148,"line":253,"context":203},{"file":148,"line":257,"context":203},114,{"file":148,"line":257,"context":203},{"file":148,"line":257,"context":203},{"file":148,"line":261,"context":203},115,{"file":148,"line":261,"context":203},{"file":148,"line":261,"context":203},{"file":148,"line":265,"context":203},116,{"file":148,"line":265,"context":203},{"file":148,"line":265,"context":203},{"file":148,"line":269,"context":203},117,{"file":148,"line":271,"context":203},118,{"file":148,"line":271,"context":203},{"file":148,"line":271,"context":203},{"file":148,"line":275,"context":203},119,{"file":148,"line":275,"context":203},{"file":148,"line":278,"context":203},135,{"file":148,"line":280,"context":203},140,{"file":148,"line":282,"context":203},240,{"file":148,"line":282,"context":203},{"file":148,"line":285,"context":203},241,{"file":148,"line":287,"context":203},245,{"file":148,"line":287,"context":203},{"file":148,"line":287,"context":203},{"file":148,"line":287,"context":203},{"file":148,"line":292,"context":203},248,{"file":148,"line":292,"context":203},{"file":148,"line":292,"context":203},{"file":148,"line":292,"context":203},{"file":148,"line":297,"context":203},251,{"file":148,"line":297,"context":203},{"file":148,"line":297,"context":203},{"file":148,"line":297,"context":203},{"file":148,"line":302,"context":203},254,{"file":148,"line":302,"context":203},{"file":148,"line":302,"context":203},{"file":148,"line":302,"context":203},{"file":148,"line":307,"context":203},257,{"file":148,"line":307,"context":203},{"file":148,"line":307,"context":203},{"file":148,"line":307,"context":203},{"file":148,"line":312,"context":203},260,{"file":148,"line":312,"context":203},{"file":148,"line":312,"context":203},{"file":148,"line":312,"context":203},{"file":148,"line":317,"context":203},263,{"file":148,"line":317,"context":203},{"file":148,"line":317,"context":203},{"file":148,"line":321,"context":203},264,{"file":148,"line":323,"context":203},267,{"file":148,"line":325,"context":203},271,{"file":148,"line":325,"context":203},{"file":148,"line":325,"context":203},{"file":148,"line":325,"context":203},{"file":148,"line":330,"context":203},276,{"file":148,"line":332,"context":203},279,{"file":148,"line":334,"context":203},284,{"file":148,"line":336,"context":203},390,{"file":148,"line":338,"context":203},397,{"file":148,"line":338,"context":203},{"file":148,"line":341,"context":203},398,{"file":148,"line":343,"context":203},399,{"file":148,"line":345,"context":203},400,{"file":148,"line":347,"context":203},401,{"file":148,"line":349,"context":203},402,[],[352,370],{"entryPoint":353,"graph":354,"unsanitizedCount":79,"severity":369},"widget (wp-statsmechanic.php:130)",{"nodes":355,"edges":366},[356,361],{"id":357,"type":358,"label":359,"file":148,"line":360},"n0","source","$_SERVER",159,{"id":362,"type":363,"label":364,"file":148,"line":330,"wp_function":365},"n1","sink","echo() [XSS]","echo",[367],{"from":357,"to":362,"sanitized":368},false,"medium",{"entryPoint":371,"graph":372,"unsanitizedCount":27,"severity":379},"\u003Cwp-statsmechanic> (wp-statsmechanic.php:0)",{"nodes":373,"edges":376},[374,375],{"id":357,"type":358,"label":359,"file":148,"line":360},{"id":362,"type":363,"label":364,"file":148,"line":330,"wp_function":365},[377],{"from":357,"to":362,"sanitized":378},true,"low",{"summary":381,"deductions":382},"The \"mechanic-visitor-counter\" plugin version 3.3.3 exhibits a mixed security posture. On the positive side, it has a very small attack surface with no AJAX handlers, REST API routes, or cron events that lack authentication. The plugin also avoids dangerous functions, file operations, and external HTTP requests, which are common vectors for exploitation. Furthermore, there is no known vulnerability history, suggesting a history of responsible development or minimal scrutiny, both of which are beneficial for security.\n\nHowever, significant concerns arise from the static analysis results. The most critical finding is that 100% of output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-provided data that is displayed by the plugin is susceptible to injection. Additionally, while the plugin uses capability checks, it lacks nonce checks entirely, which, combined with the unescaped output, presents a substantial risk if any user input is processed without proper validation and authorization. The taint analysis, though limited, did identify a flow with unsanitized paths, further highlighting potential vulnerabilities.\n\nIn conclusion, while the plugin's small attack surface and lack of known vulnerabilities are commendable, the complete absence of output escaping and nonce checks creates a critical security flaw. The plugin is highly vulnerable to XSS attacks. The presence of a taint flow with unsanitized paths further supports this. Developers should prioritize addressing the unescaped output immediately. The plugin's strengths lie in its limited external interactions and attack vectors, but its weaknesses in input validation and output sanitization are severe.",[383,385,387,389],{"reason":384,"points":14},"100% of outputs not properly escaped",{"reason":386,"points":69},"No nonce checks found",{"reason":388,"points":51},"Flow with unsanitized paths",{"reason":390,"points":33},"41% SQL queries not using prepared statements","2026-03-16T17:55:22.147Z",{"wat":393,"direct":402},{"assetPaths":394,"generatorPatterns":397,"scriptPaths":398,"versionParams":399},[395,396],"\u002Fwp-content\u002Fplugins\u002Fmechanic-visitor-counter\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmechanic-visitor-counter\u002Fjs\u002Ffrontend.js",[],[396],[400,401],"mechanic-visitor-counter\u002Fcss\u002Fstyle.css?ver=","mechanic-visitor-counter\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":403,"htmlComments":404,"htmlAttributes":405,"restEndpoints":431,"jsGlobals":432,"shortcodeOutput":434},[],[],[406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430],"id=\"mechanic-visitor-counter-widget-widget\"","for=\"mechanic-visitor-counter-widget-widget-title\"","name=\"mechanic-visitor-counter-widget-widget-title\"","id=\"mechanic-visitor-counter-widget-widget-font_color\"","name=\"mechanic-visitor-counter-widget-widget-font_color\"","id=\"mechanic-visitor-counter-widget-widget-count_start\"","name=\"mechanic-visitor-counter-widget-widget-count_start\"","id=\"mechanic-visitor-counter-widget-widget-hits_start\"","name=\"mechanic-visitor-counter-widget-widget-hits_start\"","id=\"mechanic-visitor-counter-widget-widget-count_length\"","name=\"mechanic-visitor-counter-widget-widget-count_length\"","id=\"mechanic-visitor-counter-widget-widget-today_view\"","name=\"mechanic-visitor-counter-widget-widget-today_view\"","id=\"mechanic-visitor-counter-widget-widget-yesterday_view\"","name=\"mechanic-visitor-counter-widget-widget-yesterday_view\"","id=\"mechanic-visitor-counter-widget-widget-month_view\"","name=\"mechanic-visitor-counter-widget-widget-month_view\"","id=\"mechanic-visitor-counter-widget-widget-year_view\"","name=\"mechanic-visitor-counter-widget-widget-year_view\"","id=\"mechanic-visitor-counter-widget-widget-total_view\"","name=\"mechanic-visitor-counter-widget-widget-total_view\"","id=\"mechanic-visitor-counter-widget-widget-hits_view\"","name=\"mechanic-visitor-counter-widget-widget-hits_view\"","id=\"mechanic-visitor-counter-widget-widget-totalhits_view\"","name=\"mechanic-visitor-counter-widget-widget-totalhits_view\"",[],[433],"window.BMW_STATS_MECHANIC_LOCALIZE",[]]