[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT_MvaxzK-yXMohjdmRz3WUaP-YwaugC5ZQcC_91S40g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":36,"fingerprints":183},"post-display-counter","Post Display Counter","1.0","Carlo Roosen","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarloroosen\u002F","\u003Cp>Want to know how often a post is actually displayed on the actual screen?\u003C\u002Fp>\n\u003Cp>This plugin has a javascript that is triggered when the title of a post is displayed in the visible area of the window, either when the page is loaded or when the window is scrolled or resized. It will not be triggered when the post is on the page but stays outside the visual area.\u003C\u002Fp>\n\u003Cp>There are two independent counters. The ‘displayed’ counter counts all instances of the post, whether it is in overview pages, search pages or on its own page. The ‘viewed’ counter only counts the post on its own page. Note that ‘viewed’ this also is counted as ‘displayed’.\u003C\u002Fp>\n\u003Cp>The ratio between the two values can be used as a metric for the attractiveness of the article title, the excerpt and\u002For featured images that are displayed in overviews.\u003C\u002Fp>\n\u003Cp>Both counters are triggered by javascript. This means that search bots will not trigger the counter. Also the rare cases a user has javascript disabled the counter will not be triggered.\u003C\u002Fp>\n\u003Cp>The counter values will by default be displayed above each post on its own page. The plugin has several functions that can be used inside template files for more control.\u003C\u002Fp>\n\u003Ch4>Acknowledgements\u003C\u002Fh4>\n\u003Cp>We created this plugin for http:\u002F\u002Fdenhaagdirect.nl, a local news and blog website in The Hague, Netherlands. . Thanks Michael and Jeroen for letting us share this plugin.\u003C\u002Fp>\n","Show a counter above each post with number of displays and number of views",10,1792,100,4,"2014-08-11T11:33:00.000Z","3.9.40","3.7","",[20,21],"clickthrough-rate","count-views","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-display-counter.1.0.zip",85,0,null,"2026-03-15T14:54:45.397Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"carloroosen",5,140,30,84,"2026-04-05T02:29:50.706Z",[],{"attackSurface":37,"codeSignals":96,"taintFlows":121,"riskAssessment":173,"analyzedAt":182},{"hooks":38,"ajaxHandlers":80,"restRoutes":93,"shortcodes":94,"cronEvents":95,"entryPointCount":14,"unprotectedCount":14},[39,45,49,53,57,61,65,69,74,78],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_enqueue_scripts","pdc_admin_scripts","post-display-counter.php",13,{"type":40,"name":46,"callback":47,"file":43,"line":48},"admin_footer","pdc_footer",14,{"type":40,"name":50,"callback":51,"file":43,"line":52},"add_meta_boxes","pdc_metaboxes_add",15,{"type":40,"name":54,"callback":55,"file":43,"line":56},"admin_menu","pdc_plugin_menu",16,{"type":40,"name":58,"callback":59,"file":43,"line":60},"plugins_loaded","pdc_load_translation_file",17,{"type":40,"name":62,"callback":63,"priority":11,"file":43,"line":64},"save_post","pdc_metaboxes_save",18,{"type":40,"name":66,"callback":67,"file":43,"line":68},"wp_enqueue_scripts","pdc_scripts_and_styles",23,{"type":70,"name":71,"callback":72,"file":43,"line":73},"filter","the_content","pdc_print_counters",25,{"type":70,"name":75,"callback":76,"priority":11,"file":43,"line":77},"the_title","pdc_wrap_the_title",26,{"type":70,"name":75,"callback":76,"priority":11,"file":43,"line":79},222,[81,85,88,91],{"action":82,"nopriv":83,"callback":82,"hasNonce":83,"hasCapCheck":83,"file":43,"line":84},"pdc_count_views",false,19,{"action":82,"nopriv":86,"callback":82,"hasNonce":83,"hasCapCheck":83,"file":43,"line":87},true,20,{"action":89,"nopriv":83,"callback":89,"hasNonce":83,"hasCapCheck":83,"file":43,"line":90},"pdc_count_served",21,{"action":89,"nopriv":86,"callback":89,"hasNonce":83,"hasCapCheck":83,"file":43,"line":92},22,[],[],[],{"dangerousFunctions":97,"sqlUsage":98,"outputEscaping":100,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":119,"bundledLibraries":120},[],{"prepared":24,"raw":24,"locations":99},[],{"escaped":24,"rawEcho":101,"locations":102},8,[103,106,108,110,111,113,115,117],{"file":43,"line":104,"context":105},74,"raw output",{"file":43,"line":107,"context":105},76,{"file":43,"line":109,"context":105},92,{"file":43,"line":109,"context":105},{"file":43,"line":112,"context":105},97,{"file":43,"line":114,"context":105},123,{"file":43,"line":116,"context":105},124,{"file":43,"line":118,"context":105},125,3,[],[122,146,157],{"entryPoint":123,"graph":124,"unsanitizedCount":24,"severity":145},"pdc_plugin_menu (post-display-counter.php:47)",{"nodes":125,"edges":142},[126,131,136,140],{"id":127,"type":128,"label":129,"file":43,"line":130},"n0","source","$_POST['pdc_hide_counters_date']",55,{"id":132,"type":133,"label":134,"file":43,"line":130,"wp_function":135},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":137,"type":128,"label":138,"file":43,"line":139},"n2","$_POST['pdc_hide_counter_line']",56,{"id":141,"type":133,"label":134,"file":43,"line":139,"wp_function":135},"n3",[143,144],{"from":127,"to":132,"sanitized":86},{"from":137,"to":141,"sanitized":86},"low",{"entryPoint":147,"graph":148,"unsanitizedCount":24,"severity":145},"pdc_plugin_page (post-display-counter.php:64)",{"nodes":149,"edges":155},[150,152],{"id":127,"type":128,"label":151,"file":43,"line":107},"$_REQUEST['error']",{"id":132,"type":133,"label":153,"file":43,"line":107,"wp_function":154},"echo() [XSS]","echo",[156],{"from":127,"to":132,"sanitized":86},{"entryPoint":158,"graph":159,"unsanitizedCount":24,"severity":145},"\u003Cpost-display-counter> (post-display-counter.php:0)",{"nodes":160,"edges":169},[161,162,163,164,165,167],{"id":127,"type":128,"label":129,"file":43,"line":130},{"id":132,"type":133,"label":134,"file":43,"line":130,"wp_function":135},{"id":137,"type":128,"label":138,"file":43,"line":139},{"id":141,"type":133,"label":134,"file":43,"line":139,"wp_function":135},{"id":166,"type":128,"label":151,"file":43,"line":107},"n4",{"id":168,"type":133,"label":153,"file":43,"line":107,"wp_function":154},"n5",[170,171,172],{"from":127,"to":132,"sanitized":86},{"from":137,"to":141,"sanitized":86},{"from":166,"to":168,"sanitized":86},{"summary":174,"deductions":175},"The post-display-counter plugin v1.0 exhibits a concerning security posture primarily due to a significant lack of authentication checks on its AJAX endpoints. With all four identified AJAX handlers lacking any form of authorization, an attacker could potentially trigger these functionalities without proper user privileges. This is further exacerbated by the fact that 100% of its outputs are not properly escaped, creating a high risk for cross-site scripting (XSS) vulnerabilities.  While the plugin shows strengths by not using dangerous functions, employing prepared statements for SQL, and having no recorded vulnerabilities, these positive aspects are overshadowed by critical weaknesses in input sanitization and output escaping, especially on exposed AJAX endpoints. The absence of any historical vulnerabilities might suggest a low attack profile so far, but the current code analysis reveals a clear and present danger that needs immediate attention.",[176,178,180],{"reason":177,"points":11},"Unprotected AJAX handlers",{"reason":179,"points":101},"Output escaping missing",{"reason":181,"points":11},"Missing nonce checks on AJAX","2026-03-16T23:38:21.093Z",{"wat":184,"direct":192},{"assetPaths":185,"generatorPatterns":187,"scriptPaths":188,"versionParams":190},[186],"\u002Fwp-content\u002Fplugins\u002Fpost-display-counter\u002Fcss\u002Fjquery-ui-1.8.16.custom.css",[],[189],"\u002Fwp-content\u002Fplugins\u002Fpost-display-counter\u002Fjs\u002Fpost-display-counter.js",[191],"post-display-counter\u002Fjs\u002Fpost-display-counter.js?ver=",{"cssClasses":193,"htmlComments":195,"htmlAttributes":196,"restEndpoints":204,"jsGlobals":206,"shortcodeOutput":210},[194],"countable",[],[197,198,199,200,201,202,203],"data-served-id","data-view-id","id=\"pdc_hide_counters_date\"","name=\"pdc_hide_counters_date\"","name=\"pdc_hide_counter_line\"","id=\"pdc_hide_counter\"","name=\"pdc_hide_counter\"",[205],"\u002Fwp-admin\u002Fadmin-ajax.php",[207,208,209],"pdc_hide_counters_date","pdc_hide_counter_line","ajax_object",[]]