Post Count Security & Risk Analysis

wordpress.org/plugins/post-count

Counts the number of posts.

60 active installs v2.0 PHP + WP + Updated Dec 8, 2015
countposts
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Post Count Safe to Use in 2026?

Generally Safe

Score 85/100

Post Count has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'post-count' v2.0 plugin exhibits a strong static security posture with no identified vulnerabilities in its attack surface or taint analysis. The plugin avoids dangerous functions, utilizes prepared statements for all SQL queries, and has no recorded CVEs, indicating a history of secure development and maintenance. However, a significant concern arises from the complete lack of output escaping for the single identified output. This leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks if user-controlled data is ever displayed without proper sanitization. Additionally, the absence of any nonce or capability checks, while not immediately indicative of a vulnerability given the current attack surface, represents a potential weakness that could be exploited if new entry points are introduced in future versions without corresponding security measures.

Key Concerns

  • 100% of outputs are not properly escaped
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

Post Count Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Post Count Release Timeline

v2.0Current
v1.01
v1.1
Code Analysis
Analyzed Mar 16, 2026

Post Count Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped1 total outputs
Attack Surface

Post Count Attack Surface

Entry Points0
Unprotected0
Maintenance & Trust

Post Count Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedDec 8, 2015
PHP min version
Downloads10K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Developer Profile

Post Count Developer Profile

Nick Momrik

12 plugins · 3K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Post Count

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
<span class="mdv_post_count"></span>
FAQ

Frequently Asked Questions about Post Count