Page Visits Counter – Lite Security & Risk Analysis

wordpress.org/plugins/page-visits-counter-lite

Display number of visits for each page in admin dashboard and browser developer-tool/console. Doesn't count page refresh as a new visit...

5K active installs v1.2.3 PHP 5.6.40+ WP 5.0+ Updated Apr 6, 2026
developer-tools-counterpage-viewspage-visit-countervisit-statswordpress-counter
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Page Visits Counter – Lite Safe to Use in 2026?

Generally Safe

Score 100/100

Page Visits Counter – Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'page-visits-counter-lite' v1.2.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no recorded CVEs, indicating a generally well-maintained codebase regarding known vulnerabilities. However, the static analysis reveals significant areas of concern. The plugin exposes 10 AJAX handlers, with 2 of them lacking authentication checks. This is a critical security weakness that could allow unauthenticated users to trigger potentially harmful actions. Furthermore, the taint analysis shows 2 flows with unsanitized paths, which could lead to vulnerabilities if these paths are exploitable, even though no critical or high severity issues were flagged. The output escaping is also only 50% proper, suggesting potential cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before rendering.

Key Concerns

  • AJAX handlers without authentication checks
  • Taint analysis: 2 flows with unsanitized paths
  • 50% of output is not properly escaped
Vulnerabilities
None known

Page Visits Counter – Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Page Visits Counter – Lite Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Page Visits Counter – Lite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
22
22 escaped
Nonce Checks
8
Capability Checks
8
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

50% escaped44 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
StrCPVisits_update_total_visits_nr (Inc\Ajax\DashboardWidget\class-update-total-visits-nr.php:49)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Page Visits Counter – Lite Attack Surface

Entry Points10
Unprotected2

AJAX Handlers 10

noprivwp_ajax_StrCPVisits_update_total_visitsInc\Ajax\Counter\class-total-visits.php:33
authwp_ajax_StrCPVisits_update_total_visitsInc\Ajax\Counter\class-total-visits.php:34
authwp_ajax_StrCPVisits_delete_pageInc\Ajax\DashboardWidget\class-delete-page.php:35
authwp_ajax_StrCPVisits_delete_pagesInc\Ajax\DashboardWidget\class-delete-pages.php:35
authwp_ajax_StrCPVisits_db_toggle_hidden_reportsInc\Ajax\DashboardWidget\class-toggle-hidden-reports.php:35
authwp_ajax_StrCPVisits_update_page_dataInc\Ajax\DashboardWidget\class-update-page-data.php:35
authwp_ajax_StrCPVisits_update_total_visits_nrInc\Ajax\DashboardWidget\class-update-total-visits-nr.php:35
authwp_ajax_StrCPVisits_db_reset_allInc\Ajax\DashboardWidget\reset\class-reset-all.php:35
authwp_ajax_StrCPVisits_db_reset_page_typeInc\Ajax\DashboardWidget\reset\class-reset-page-type.php:35
authwp_ajax_StrCPVisits_save_settingsInc\Ajax\SettingsPage\class-save-settings.php:34
WordPress Hooks 8
actionadmin_menuInc\API\class-settings-api.php:34
actionwp_enqueue_scriptsInc\Base\class-enqueue.php:26
actionadmin_enqueue_scriptsInc\Base\class-enqueue.php:27
actionwp_dashboard_setupInc\Counter\backend\class-dashboard-widget.php:24
actionwp_headInc\Counter\frontend\class-total-visits.php:33
actionbefore_woocommerce_initstrongetic-page-visits-counter-lite.php:41
filterauto_update_translationstrongetic-page-visits-counter-lite.php:51
actionplugins_loadedstrongetic-page-visits-counter-lite.php:66
Maintenance & Trust

Page Visits Counter – Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 6, 2026
PHP min version5.6.40
Downloads45K

Community Trust

Rating80/100
Number of ratings7
Active installs5K
Developer Profile

Page Visits Counter – Lite Developer Profile

Denis Botić

1 plugin · 5K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Page Visits Counter – Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/page-visits-counter-lite/assets/frontend/page-visits-counter-lite-ajax.js/wp-content/plugins/page-visits-counter-lite/assets/admin/page-visits-counter-lite.css/wp-content/plugins/page-visits-counter-lite/assets/admin/page-visits-counter-lite.js/wp-content/plugins/page-visits-counter-lite/assets/admin/page-visits-counter-lite-ajax.js
Script Paths
/wp-content/plugins/page-visits-counter-lite/assets/frontend/page-visits-counter-lite-ajax.js/wp-content/plugins/page-visits-counter-lite/assets/admin/page-visits-counter-lite.js/wp-content/plugins/page-visits-counter-lite/assets/admin/page-visits-counter-lite-ajax.js
Version Parameters
page-visits-counter-lite/assets/frontend/page-visits-counter-lite-ajax.js?ver=page-visits-counter-lite/assets/admin/page-visits-counter-lite.css?ver=page-visits-counter-lite/assets/admin/page-visits-counter-lite.js?ver=page-visits-counter-lite/assets/admin/page-visits-counter-lite-ajax.js?ver=

HTML / DOM Fingerprints

JS Globals
STR_CPVISITSSTR_CPVISITS_JS
FAQ

Frequently Asked Questions about Page Visits Counter – Lite