Does PopPosts have any unpatched vulnerabilities?

No. All known vulnerabilities in PopPosts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PopPosts compatible with WordPress 2.8.4?

According to WordPress.org data, PopPosts 0.0.1 has been tested up to WordPress 2.8.4. Check the plugin's changelog for the latest compatibility information.

How often is PopPosts updated?

PopPosts was last updated on Apr 1, 2010. Frequent updates are generally a positive security signal.

What is PopPosts's security score?

PopPosts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PopPosts Security & Risk Analysis

wordpress.org/plugins/popposts

A simple plugin to count and display hits of post and pages.

10 active installs v0.0.1 PHP + WP 1.5+ Updated Apr 1, 2010

counthitspopularitystatsstatus

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PopPosts Safe to Use in 2026?

Generally Safe

Score 85/100

PopPosts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The "popposts" v0.0.1 plugin exhibits a concerning security posture due to a complete lack of any security checks or sanitization. While the static analysis reports a zero attack surface and no taint flows, this is likely a reflection of the plugin's minimal functionality rather than robust security. The fact that all SQL queries are not using prepared statements and that all output is not properly escaped presents a significant risk. The absence of nonce and capability checks is also a critical oversight, as any entry points, even if currently undocumented, would be inherently vulnerable. The lack of any recorded vulnerability history for this version is not indicative of strong security, but rather that it may be an early or obscure version without significant prior analysis or exploitation. Overall, this plugin demonstrates a high risk due to fundamental security oversights that would be exploitable if any functionality were to be added or exposed.

Key Concerns

SQL queries without prepared statements
Output not properly escaped
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

PopPosts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

PopPosts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped2 total outputs

Attack Surface

PopPosts Attack Surface

Entry Points0

Unprotected0

Maintenance & Trust

PopPosts Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.4

Last updatedApr 1, 2010

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

PopPosts Alternatives

number of view

number-of-view

A simple plugin to count and display hits of post and pages.

60 No CVEs

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

40K 8 CVEs

WP Post Statistics (Visitors & Visits Counter)

wp-post-real-time-statistics

a simple tool to know your post statistics

2K 1 CVE

Hit Counter Max

hit-counter-max

A simple but an effective web hit counter stats plugin for your wordpress blog. Cool layouts that fit for any kind of web design.

300 No CVEs

Most Read Posts in XX days

most-read-posts-in-xx-days

A simple plugin that counts and shows hits for each Post and Page in your WordPress blog.

300 No CVEs

Developer Profile

PopPosts Developer Profile

Mudimedia

2 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PopPosts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wrap

Shortcode Output

This post has been viewedtimes.

FAQ