Does Page View Count have any unpatched vulnerabilities?

Yes — Page View Count currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Page View Count compatible with WordPress 6.9.0?

According to WordPress.org data, Page View Count 2.8.7 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

How often is Page View Count updated?

Page View Count was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is Page View Count's security score?

Page View Count has a WP-Safety security score of 54/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Page View Count Security & Risk Analysis

wordpress.org/plugins/page-views-count

Places an icon, all time views count and views today count at the bottom of posts, pages and custom post types on any WordPress website.

10K active installs v2.8.7 PHP + WP 6.0+ Updated Dec 2, 2025

gutenbergpage-view-countpost-view-countpost-viewswordpress-page-view

C · Use Caution

CVEs total6

Unpatched1

Last CVEDec 8, 2025

Download

Safety Verdict

Is Page View Count Safe to Use in 2026?

Use With Caution

Score 54/100

Page View Count has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

6 known CVEs 1 unpatched Last CVE: Dec 8, 2025Updated 4mo ago

Risk Assessment

The "page-views-count" plugin v2.8.7 exhibits a mixed security posture. While it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, critical concerns arise from its attack surface. Notably, one of the five AJAX handlers lacks authentication checks, presenting a direct pathway for unauthorized actions. The presence of two flows with unsanitized paths, though not rated as critical or high in the taint analysis, still warrants attention as it can indicate potential vulnerabilities if these paths are exposed to user input.

The plugin's vulnerability history is a significant red flag. With a total of six known CVEs, including one critical and two high-severity vulnerabilities, and one currently unpatched critical vulnerability, the plugin has a history of serious security flaws. The common vulnerability types, such as Missing Authorization, Cross-site Scripting (XSS), CSRF, and SQL Injection, indicate recurring weaknesses in how the plugin handles user input and access control. This historical pattern, coupled with the unpatched critical vulnerability, suggests a pattern of incomplete or ineffective security patching by the developers.

Overall, while the static code analysis reveals some positive security implementations, the significant historical vulnerability record and the presence of an unprotected AJAX handler create a substantial risk. The unpatched critical vulnerability is particularly concerning, making the plugin a potentially high-risk component for any WordPress site. Users should exercise extreme caution and prioritize updating or replacing this plugin.

Key Concerns

1 critical unpatched CVE
1 unprotected AJAX handler
2 flows with unsanitized paths
2 high severity known CVEs
3 medium severity known CVEs

Vulnerabilities

Page View Count Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2022

2022

1 CVE in 2023

2023

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

6 total CVEs

CVE-2025-63034medium · 4.3Missing Authorization

Page View Count <= 2.8.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Dec 8, 2025Unpatched

CVE-2025-2816high · 8.1Missing Authorization

Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

Apr 30, 2025 Patched in 2.8.5 (1d)

CVE-2023-0095medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page View Count <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 10, 2023 Patched in 2.6.1 (378d)

CVE-2022-40131high · 8.8Cross-Site Request Forgery (CSRF)

Page View Count <= 2.5.5 - Cross-Site Request Forgery

Oct 13, 2022 Patched in 2.5.6 (467d)

CVE-2022-0434critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection

Feb 1, 2022 Patched in 2.4.15 (721d)

CVE-2021-24509medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page View Counts <= 2.4.8 - Contributor+ Stored Cross-Site Scripting

Jul 12, 2021 Patched in 2.4.9 (925d)

Code Analysis

Analyzed Mar 16, 2026

Page View Count Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

1068 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

86% prepared37 total queries

Output Escaping

98% escaped1085 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

11 flows2 with unsanitized paths

a3_admin_ui_event (admin\admin-interface.php:174)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Page View Count Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 5

authwp_ajax_pvc_yellow_message_dontshowadmin\plugin-init.php:92

authwp_ajax_pvc_increasesrc\api\pvc-api.php:21

noprivwp_ajax_pvc_increasesrc\api\pvc-api.php:22

authwp_ajax_pvc_viewsrc\api\pvc-api.php:23

noprivwp_ajax_pvc_viewsrc\api\pvc-api.php:24

Shortcodes 1

[pvc_stats] src\pvc_shortcode.php:12

WordPress Hooks 38

actionplugins_loadedadmin\admin-init.php:39

actioninitadmin\admin-init.php:47

actioninitadmin\admin-interface.php:49

actioninitadmin\admin-interface.php:50

actionadmin_enqueue_scriptsadmin\admin-interface.php:65

actionadmin_enqueue_scriptsadmin\admin-interface.php:66

actionadmin_print_scriptsadmin\admin-interface.php:69

actionadmin_print_footer_scriptsadmin\admin-interface.php:70

actionadmin_enqueue_scriptsadmin\admin-interface.php:81

actionadmin_enqueue_scriptsadmin\includes\uploader\class-uploader.php:59

actionwp_enqueue_scriptsadmin\less\sass.php:22

filterfilesystem_methodadmin\less\sass.php:57

actioninitadmin\plugin-init.php:46

actionwidgets_initadmin\plugin-init.php:48

actionadmin_enqueue_scriptsadmin\plugin-init.php:53

filterplugin_row_metaadmin\plugin-init.php:59

actionpvc_empty_daily_table_daily_event_hookadmin\plugin-init.php:71

actiongenesis_before_post_contentadmin\plugin-init.php:79

actiongenesis_after_post_contentadmin\plugin-init.php:81

filterthe_contentadmin\plugin-init.php:84

filterthe_excerptadmin\plugin-init.php:85

actionwp_enqueue_scriptsadmin\plugin-init.php:89

actionplugins_loadedadmin\plugin-init.php:95

actionadmin_initadmin\plugin-init.php:142

actionadmin_noticesadmin\plugin-init.php:151

actionresponsi_loop_beforeadmin\plugin-init.php:189

actionresponsi_loop_afteradmin\plugin-init.php:191

actionwp_headadmin\plugin-init.php:198

actionrest_api_initsrc\api\pvc-api.php:20

actioninitsrc\blocks\stats\block.php:58

actioninitsrc\blocks.php:22

actionenqueue_block_assetssrc\blocks.php:25

filterblock_categories_allsrc\blocks.php:65

actionplugins_loadedsrc\class-wpml-functions.php:10

actionadd_meta_boxessrc\metabox\class-pvc-metabox.php:7

actionsave_postsrc\metabox\class-pvc-metabox.php:8

filterpvc_stats_shortcodesrc\pvc_shortcode.php:14

filterpvc_stats_widgetsrc\pvc_widget.php:19

Scheduled Events 2

pvc_empty_daily_table_daily_event_hook

Maintenance & Trust

Page View Count Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedDec 2, 2025

PHP min version

Downloads717K

Community Trust

Rating80/100

Number of ratings55

Active installs10K

Alternatives

Page View Count Alternatives

Simple Page Views with Analytics

simple-page-views-with-analytics

Track page views, devices, browsers, and countries with this lightweight plugin. Display data using a simple shortcode anywhere on your site.

0 No CVEs

Bubuku post view count

bubuku-post-view-count

Complement to know how many times a Post has been seen

0 No CVEs

Wp Post Views – WordPress Post views counter

wp-post-views

100

Wordpress Post views counter

4K No CVEs

Post views Stats

post-views-stats

100

This plugins will count each post/page views by visitor.

1K 1 CVE

MWR Hit Counter

mwr-hit-counter

100

MWR Hit Counter is a simple and lightweight text-based counter for your website.

100 No CVEs

Developer Profile

Page View Count Developer Profile

Steve Truman

13 plugins · 117K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

539 days

View full developer profile

Detection Fingerprints

How We Detect Page View Count

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/page-views-count/assets/css/admin-style.css/wp-content/plugins/page-views-count/assets/css/bootstrap-modal.css/wp-content/plugins/page-views-count/assets/css/bootstrap-popover.css/wp-content/plugins/page-views-count/assets/css/bootstrap-tooltip.css/wp-content/plugins/page-views-count/assets/css/bootstrap.css/wp-content/plugins/page-views-count/assets/css/colorpicker.css/wp-content/plugins/page-views-count/assets/css/font-awesome.css/wp-content/plugins/page-views-count/assets/css/modal.css+15 more

Script Paths

/wp-content/plugins/page-views-count/assets/js/admin.js/wp-content/plugins/page-views-count/assets/js/bootstrap/bootstrap.js/wp-content/plugins/page-views-count/assets/js/bootstrap/modal.js/wp-content/plugins/page-views-count/assets/js/bootstrap/popper.min.js/wp-content/plugins/page-views-count/assets/js/bootstrap/tooltip.js/wp-content/plugins/page-views-count/assets/js/bootstrap/util.js+6 more

Version Parameters

page-views-count/assets/css/admin-style.css?ver=page-views-count/assets/css/bootstrap-modal.css?ver=page-views-count/assets/css/bootstrap-popover.css?ver=page-views-count/assets/css/bootstrap-tooltip.css?ver=page-views-count/assets/css/bootstrap.css?ver=page-views-count/assets/css/colorpicker.css?ver=page-views-count/assets/css/font-awesome.css?ver=page-views-count/assets/css/modal.css?ver=page-views-count/assets/css/popover.css?ver=page-views-count/assets/css/styles.css?ver=page-views-count/assets/css/tooltip.css?ver=page-views-count/assets/js/admin.js?ver=page-views-count/assets/js/bootstrap/bootstrap.js?ver=page-views-count/assets/js/bootstrap/modal.js?ver=page-views-count/assets/js/bootstrap/popper.min.js?ver=page-views-count/assets/js/bootstrap/tooltip.js?ver=page-views-count/assets/js/bootstrap/util.js?ver=page-views-count/assets/js/colorpicker.js?ver=page-views-count/assets/js/init.js?ver=page-views-count/assets/js/jquery-ui.js?ver=page-views-count/assets/js/script.js?ver=page-views-count/assets/js/tinymce.js?ver=page-views-count/assets/js/vue/vue.js?ver=page-views-count/vendor/bootstrap/css/bootstrap.min.css?ver=page-views-count/vendor/bootstrap/js/bootstrap.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

a3-pvc-stats-todaya3-pvc-stats-totala3-pvc-wrap

HTML Comments

Data Attributes

data-a3-pvc-post-iddata-a3-pvc-url

JS Globals

a3_admin_script_paramspvc_admin_vue_params

Shortcode Output

[pvc_stats][pvc_stats_update]

FAQ