Does Post Pay Counter have any unpatched vulnerabilities?

No. All known vulnerabilities in Post Pay Counter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Post Pay Counter compatible with WordPress 6.9.4?

According to WordPress.org data, Post Pay Counter 2.793 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Post Pay Counter updated?

Post Pay Counter was last updated on Dec 6, 2025. Frequent updates are generally a positive security signal.

What is Post Pay Counter's security score?

Post Pay Counter has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post Pay Counter Security & Risk Analysis

wordpress.org/plugins/post-pay-counter

Easily handle authors' payments on a multi-author blog by computing posts' remuneration basing on admin defined rules.

2K active installs v2.793 PHP + WP 3.7+ Updated Dec 6, 2025

authorsearningspaymentsrevenue-sharingstats

A · Safe

CVEs total3

Unpatched0

Last CVENov 8, 2023

Plugin page Download

Safety Verdict

Is Post Pay Counter Safe to Use in 2026?

Generally Safe

Score 97/100

Post Pay Counter has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 8, 2023Updated 3mo ago

Risk Assessment

The "post-pay-counter" v2.793 plugin exhibits a concerning security posture, primarily due to a large number of unprotected AJAX entry points and a history of critical vulnerabilities. The static analysis reveals a significant attack surface with 11 AJAX handlers, all of which lack authentication checks, presenting a prime opportunity for unauthorized actions. Furthermore, the presence of the `unserialize` function without clear input validation raises significant risks of deserialization vulnerabilities. The limited proper output escaping (12%) suggests a high likelihood of Cross-Site Scripting (XSS) flaws, which is corroborated by past vulnerability types.

Key Concerns

Large attack surface without auth checks
Dangerous function 'unserialize' used
SQL queries without prepared statements
Low percentage of properly escaped output
Missing nonce checks on AJAX handlers
History of critical vulnerabilities
History of high severity vulnerabilities
History of medium severity vulnerabilities
Flows with unsanitized paths

Vulnerabilities

Post Pay Counter Security Vulnerabilities

CVEs by Year

2 CVEs in 2017

2017

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

3 total CVEs

CVE-2023-47673medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Pay Counter <= 2.789 - Reflected Cross-Site Scripting

Nov 8, 2023 Patched in 2.790 (93d)

CVE-2017-18584high · 7.5Improper Authentication

Post Pay Counter < 2.731 - Arbitrary Settings Change

Sep 16, 2017 Patched in 2.731 (2320d)

CVE-2017-18583critical · 9.8Deserialization of Untrusted Data

Post Pay Counter < 2.731 - PHP Object Injection

Sep 16, 2017 Patched in 2.731 (2320d)

Code Analysis

Analyzed Mar 16, 2026

Post Pay Counter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

212

29 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cached_data = unserialize( $file_content );classes\ppc_cache_class.php:149

unserialize$cached_data = unserialize( $file_content );classes\ppc_cache_class.php:189

unserialize$errors = unserialize( $errors );classes\ppc_error_class.php:55

unserialize$errors = unserialize( $errors );classes\ppc_error_class.php:112

SQL Query Safety

0% prepared3 total queries

Output Escaping

12% escaped241 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

show_stats_page_header (classes\ppc_html_functions_class.php:21)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

Post Pay Counter Attack Surface

Entry Points11

Unprotected11

AJAX Handlers 11

authwp_ajax_ppc_save_counting_settingspost-pay-counter.php:125

authwp_ajax_ppc_save_permissionspost-pay-counter.php:126

authwp_ajax_ppc_save_misc_settingspost-pay-counter.php:127

authwp_ajax_ppc_personalize_fetch_users_by_rolespost-pay-counter.php:128

authwp_ajax_ppc_vaporize_user_settingspost-pay-counter.php:129

authwp_ajax_ppc_import_settingspost-pay-counter.php:130

authwp_ajax_ppc_clear_error_logpost-pay-counter.php:131

authwp_ajax_ppc_dismiss_notificationpost-pay-counter.php:132

authwp_ajax_ppc_stats_get_users_by_rolepost-pay-counter.php:133

authwp_ajax_ppc_license_activatepost-pay-counter.php:136

authwp_ajax_ppc_license_deactivatepost-pay-counter.php:137

WordPress Hooks 25

filterpre_set_site_transient_update_pluginsclasses\ppc_autoupdate_class.php:71

filterplugins_apiclasses\ppc_autoupdate_class.php:74

actionwp_update_pluginsclasses\ppc_autoupdate_class.php:77

actionppcp_updated_post_payment_historyclasses\ppc_cache_class.php:97

actionppcp_fb_updated_post_dataclasses\ppc_cache_class.php:102

filterposts_joinclasses\ppc_generate_stats_class.php:114

actioninitclasses\ppc_visits_trackers.php:10

actioninitclasses\ppc_visits_trackers.php:19

actionadmin_menupost-pay-counter.php:84

actionwpmu_new_blogpost-pay-counter.php:91

actionplugins_loadedpost-pay-counter.php:94

filtercron_schedulespost-pay-counter.php:97

actionload-toplevel_page_ppc-statspost-pay-counter.php:100

filterset-screen-optionpost-pay-counter.php:105

actionadmin_menupost-pay-counter.php:108

actionadmin_headpost-pay-counter.php:109

actionload-dashboard_page_ppc-aboutpost-pay-counter.php:111

actionload-dashboard_page_ppc-changelogpost-pay-counter.php:112

filterplugin_action_linkspost-pay-counter.php:115

filterplugin_row_metapost-pay-counter.php:116

actionadmin_initpost-pay-counter.php:122

actionpost_updatedpost-pay-counter.php:143

actionadmin_noticespost-pay-counter.php:436

filterppc_get_requested_posts_argspost-pay-counter.php:597

actionplugins_loadedpost-pay-counter.php:816

Scheduled Events 2

ppcp_cron_check_activation

Maintenance & Trust

Post Pay Counter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 6, 2025

PHP min version

Downloads117K

Community Trust

Rating96/100

Number of ratings46

Active installs2K

Alternatives

Post Pay Counter Alternatives

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.

600K 35 CVEs

ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

google-analytics-dashboard-for-wp

Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!

300K 5 CVEs

Developer Profile

Post Pay Counter Developer Profile

Stefano

6 plugins · 3K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1578 days

View full developer profile

Detection Fingerprints

How We Detect Post Pay Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-pay-counter/css/ppc-admin.css/wp-content/plugins/post-pay-counter/css/ppc-frontend.css/wp-content/plugins/post-pay-counter/css/ppc-visitors-tracking.css/wp-content/plugins/post-pay-counter/js/ppc-admin.js/wp-content/plugins/post-pay-counter/js/ppc-frontend.js/wp-content/plugins/post-pay-counter/js/ppc-visitors-tracking.js

Script Paths

/wp-content/plugins/post-pay-counter/js/ppc-admin.js/wp-content/plugins/post-pay-counter/js/ppc-frontend.js/wp-content/plugins/post-pay-counter/js/ppc-visitors-tracking.js

Version Parameters

post-pay-counter/css/ppc-admin.css?ver=post-pay-counter/css/ppc-frontend.css?ver=post-pay-counter/css/ppc-visitors-tracking.css?ver=post-pay-counter/js/ppc-admin.js?ver=post-pay-counter/js/ppc-frontend.js?ver=post-pay-counter/js/ppc-visitors-tracking.js?ver=

HTML / DOM Fingerprints

CSS Classes

ppc-admin-settings-sectionppc-main-settings-containerppc-rowppc-settings-section-descriptionppc-input-groupppc-number-inputppc-text-inputppc-textarea+36 more

HTML Comments

Copyright Stefano Ottolenghi 2013This program is free software: you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,You should have received a copy of the GNU General Public License+14 more

Data Attributes

data-ppc-option-namedata-ppc-option-valuedata-ppc-option-typedata-ppc-setting-namedata-ppc-setting-valuedata-ppc-setting-type+7 more

JS Globals

ppc_global_settingsPPC_AJAX_OBJECTppc_ajax_urlppc_noncePPC_install_functionsPPC_welcome+19 more

FAQ