Does Post Display Counter have any unpatched vulnerabilities?

No. All known vulnerabilities in Post Display Counter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Post Display Counter compatible with WordPress 3.9.40?

According to WordPress.org data, Post Display Counter 1.0 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Post Display Counter updated?

Post Display Counter was last updated on Aug 11, 2014. Frequent updates are generally a positive security signal.

What is Post Display Counter's security score?

Post Display Counter has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post Display Counter Security & Risk Analysis

wordpress.org/plugins/post-display-counter

Show a counter above each post with number of displays and number of views

10 active installs v1.0 PHP + WP 3.7+ Updated Aug 11, 2014

clickthrough-ratecount-views

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Post Display Counter Safe to Use in 2026?

Generally Safe

Score 85/100

Post Display Counter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The post-display-counter plugin v1.0 exhibits a concerning security posture primarily due to a significant lack of authentication checks on its AJAX endpoints. With all four identified AJAX handlers lacking any form of authorization, an attacker could potentially trigger these functionalities without proper user privileges. This is further exacerbated by the fact that 100% of its outputs are not properly escaped, creating a high risk for cross-site scripting (XSS) vulnerabilities. While the plugin shows strengths by not using dangerous functions, employing prepared statements for SQL, and having no recorded vulnerabilities, these positive aspects are overshadowed by critical weaknesses in input sanitization and output escaping, especially on exposed AJAX endpoints. The absence of any historical vulnerabilities might suggest a low attack profile so far, but the current code analysis reveals a clear and present danger that needs immediate attention.

Key Concerns

Unprotected AJAX handlers
Output escaping missing
Missing nonce checks on AJAX

Vulnerabilities

None known

Post Display Counter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Post Display Counter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped8 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

pdc_plugin_menu (post-display-counter.php:47)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Post Display Counter Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_pdc_count_viewspost-display-counter.php:19

noprivwp_ajax_pdc_count_viewspost-display-counter.php:20

authwp_ajax_pdc_count_servedpost-display-counter.php:21

noprivwp_ajax_pdc_count_servedpost-display-counter.php:22

WordPress Hooks 10

actionadmin_enqueue_scriptspost-display-counter.php:13

actionadmin_footerpost-display-counter.php:14

actionadd_meta_boxespost-display-counter.php:15

actionadmin_menupost-display-counter.php:16

actionplugins_loadedpost-display-counter.php:17

actionsave_postpost-display-counter.php:18

actionwp_enqueue_scriptspost-display-counter.php:23

filterthe_contentpost-display-counter.php:25

filterthe_titlepost-display-counter.php:26

filterthe_titlepost-display-counter.php:222

Maintenance & Trust

Post Display Counter Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedAug 11, 2014

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings4

Active installs10

Alternatives

Post Display Counter Alternatives

No alternatives data available yet.

Developer Profile

Post Display Counter Developer Profile

Carlo Roosen

5 plugins · 140 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Post Display Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-display-counter/css/jquery-ui-1.8.16.custom.css

Script Paths

/wp-content/plugins/post-display-counter/js/post-display-counter.js

Version Parameters

post-display-counter/js/post-display-counter.js?ver=

HTML / DOM Fingerprints

CSS Classes

countable

Data Attributes

data-served-iddata-view-idid="pdc_hide_counters_date"name="pdc_hide_counters_date"name="pdc_hide_counter_line"id="pdc_hide_counter"+1 more

JS Globals

pdc_hide_counters_datepdc_hide_counter_lineajax_object

REST Endpoints

/wp-admin/admin-ajax.php

FAQ