WP-Safety

Post Views Counter Security & Risk Analysis

wordpress.org/plugins/post-views-counter

Post Views Counter allows you to collect and display how many times a post, page, or other content has been viewed in a simple, fast and reliable way.

200K active installs v1.7.9 PHP 7.0+ WP 6.3.0+ Updated Mar 23, 2026
analyticscounterpageviewspostviewsstatistics
99
A · Safe
CVEs total2
Unpatched0
Last CVEApr 5, 2024
Plugin page Download
Safety Verdict

Is Post Views Counter Safe to Use in 2026?

Generally Safe

Score 99/100

Post Views Counter has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Apr 5, 2024Updated 1mo ago
Risk Assessment

The 'post-views-counter' plugin version 1.7.8 exhibits a generally good security posture, with a strong emphasis on input sanitization and authorization. The absence of unprotected AJAX handlers and REST API routes, along with a high percentage of SQL queries using prepared statements and a substantial number of nonce and capability checks, indicates a proactive approach to security by the developers. The plugin also avoids dangerous functions and file operations, further contributing to its solid foundation. However, the static analysis did reveal two flows with unsanitized paths, flagged as high severity. While the vulnerability history shows two medium-severity CVEs, both are now patched, and the plugin has a recent vulnerability record from April 5, 2024, which, although patched, highlights the need for continued vigilance. The historical prevalence of CSRF and XSS vulnerabilities suggests that while current protections are robust, past issues indicate potential areas where attack vectors might emerge if not carefully monitored and addressed. Overall, the plugin is in a good state, but the identified taint flows warrant attention and a thorough review to ensure they do not pose an immediate risk.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Past medium severity CVEs, despite being patched
Vulnerabilities
2 published

Post Views Counter Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-31264medium · 4.3Cross-Site Request Forgery (CSRF)

Post Views Counter <= 1.4.4 - Cross-Site Request Forgery via save_bulk_post_views()

Apr 5, 2024 Patched in 1.4.5 (7d)
CVE-2021-24613medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Views Counter <= 1.3.4 - Authenticated Stored Cross-Site Scripting

Aug 23, 2021 Patched in 1.3.5 (883d)
Version History

Post Views Counter Release Timeline

v1.7.9Current10 files changed
v1.7.814 files changed
v1.7.722 files changed
v1.7.63 files changed
v1.7.522 files changed
v1.7.422 files changed
v1.7.36 files changed
v1.7.216 files changed
v1.7.123 files changed
v1.7.020 files changed
v1.6.128 files changed
v1.6.010 files changed
v1.5.98 files changed
v1.5.87 files changed
v1.5.75 files changed
v1.5.614 files changed
v1.5.58 files changed
v1.5.47 files changed
v1.5.310 files changed
v1.5.2
Code Analysis
Analyzed Mar 16, 2026

Post Views Counter Code Analysis

Dangerous Functions
0
Raw SQL Queries
17
40 prepared
Unescaped Output
36
243 escaped
Nonce Checks
9
Capability Checks
22
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

70% prepared57 total queries

Output Escaping

87% escaped279 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
save_bulk_post_views (includes\class-columns.php:371)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Post Views Counter Attack Surface

Entry Points14
Unprotected0

AJAX Handlers 10

authwp_ajax_pvc_column_chartincludes\class-columns-modal.php:24
authwp_ajax_save_bulk_post_viewsincludes\class-columns.php:27
authwp_ajax_pvc-view-postsincludes\class-counter.php:158
noprivwp_ajax_pvc-view-postsincludes\class-counter.php:159
authwp_ajax_pvc-check-postincludes\class-counter.php:167
noprivwp_ajax_pvc-check-postincludes\class-counter.php:168
authwp_ajax_pvc_dashboard_post_most_viewedincludes\class-dashboard.php:48
authwp_ajax_pvc_dashboard_post_views_chartincludes\class-dashboard.php:49
authwp_ajax_pvc_dashboard_user_optionsincludes\class-dashboard.php:50
authwp_ajax_pvc_dismiss_noticepost-views-counter.php:325

REST API Routes 3

GET/wp-json/post-views-counter/update-post-views/includes\class-admin.php:50
GET/wp-json/post-views-counter/view-post/(?P<id>\d+)|/view-post/includes\class-counter.php:1490
GET/wp-json/post-views-counter/get-post-views/(?P<id>(\d+,?)+)includes\class-counter.php:1513

Shortcodes 1

[post-views] includes\class-frontend.php:33
WordPress Hooks 100
actionplugins_loadedincludes\class-admin.php:20
actionadmin_enqueue_scriptsincludes\class-admin.php:21
actionrest_api_initincludes\class-admin.php:39
actionenqueue_block_editor_assetsincludes\class-admin.php:40
actionadmin_enqueue_scriptsincludes\class-columns-modal.php:23
actionadmin_footerincludes\class-columns-modal.php:80
actionadmin_initincludes\class-columns.php:20
actionpost_submitbox_misc_actionsincludes\class-columns.php:21
actionattachment_submitbox_misc_actionsincludes\class-columns.php:22
actionsave_postincludes\class-columns.php:23
actionedit_attachmentincludes\class-columns.php:24
actionbulk_edit_custom_boxincludes\class-columns.php:25
actionquick_edit_custom_boxincludes\class-columns.php:26
actionmanage_media_custom_columnincludes\class-columns.php:176
filtermanage_media_columnsincludes\class-columns.php:179
filtermanage_upload_sortable_columnsincludes\class-columns.php:180
filterbbp_admin_forums_column_headersincludes\class-columns.php:193
filterbbp_admin_topics_column_headersincludes\class-columns.php:195
actionplugins_loadedincludes\class-counter.php:31
actioninitincludes\class-counter.php:32
actiondeleted_postincludes\class-counter.php:33
actionwp_print_footer_scriptsincludes\class-counter.php:160
actionwpincludes\class-counter.php:164
actionrest_api_initincludes\class-counter.php:172
filterpvc_count_conditions_metincludes\class-counter.php:208
actionafter_setup_themeincludes\class-crawler-detect.php:69
actioninitincludes\class-cron.php:20
actionpvc_reset_countsincludes\class-cron.php:21
filtercron_schedulesincludes\class-cron.php:24
actionadmin_initincludes\class-dashboard.php:22
actionwp_dashboard_setupincludes\class-dashboard.php:44
actionadmin_enqueue_scriptsincludes\class-dashboard.php:45
actionafter_setup_themeincludes\class-frontend.php:22
actionwp_enqueue_scriptsincludes\class-frontend.php:23
actionwpincludes\class-frontend.php:24
filterthe_contentincludes\class-frontend.php:75
actioninitincludes\class-import.php:37
actioninitincludes\class-integration-gutenberg.php:27
filterquery_loop_block_query_varsincludes\class-integration-gutenberg.php:41
filterrender_block_dataincludes\class-integration-gutenberg.php:42
filterrender_blockincludes\class-integration-gutenberg.php:43
actionpre_get_postsincludes\class-integration-gutenberg.php:44
actionrest_api_initincludes\class-integration-gutenberg.php:47
actionenqueue_block_editor_assetsincludes\class-integration-gutenberg.php:50
actionpre_get_postsincludes\class-query.php:22
filterquery_varsincludes\class-query.php:25
filterposts_joinincludes\class-query.php:26
filterposts_groupbyincludes\class-query.php:27
filterposts_orderbyincludes\class-query.php:28
filterposts_distinctincludes\class-query.php:29
filterposts_fieldsincludes\class-query.php:30
filterthe_postsincludes\class-query.php:31
actionadmin_menuincludes\class-settings-api.php:48
actionadmin_initincludes\class-settings-api.php:49
actionadmin_enqueue_scriptsincludes\class-settings-api.php:50
actionupdate_option_post_views_counter_settings_displayincludes\class-settings-display.php:25
actionadd_option_post_views_counter_settings_displayincludes\class-settings-display.php:26
filterpre_update_option_post_views_counter_settings_otherincludes\class-settings-display.php:29
actionadmin_initincludes\class-settings-general.php:24
actionpvc_settings_sidebarincludes\class-settings.php:45
actionpvc_settings_formincludes\class-settings.php:46
filterpvc_settings_dataincludes\class-settings.php:49
filterpvc_settings_dataincludes\class-settings.php:50
filterpvc_settings_dataincludes\class-settings.php:51
filterpvc_settings_dataincludes\class-settings.php:52
filterpvc_settings_pagesincludes\class-settings.php:53
filterpvc_settings_page_classincludes\class-settings.php:54
filterpvc_plugin_status_tablesincludes\class-settings.php:55
filteradmin_titleincludes\class-settings.php:630
filtersubmenu_fileincludes\class-settings.php:638
actionwp_loadedincludes\class-toolbar.php:20
actionadmin_initincludes\class-toolbar.php:45
actionwpincludes\class-toolbar.php:47
actionadmin_bar_menuincludes\class-toolbar.php:182
actionadmin_headincludes\class-toolbar.php:186
actionwp_headincludes\class-toolbar.php:189
actionadmin_initincludes\class-traffic-signals.php:24
actionadmin_enqueue_scriptsincludes\class-traffic-signals.php:25
actionpvc_after_update_post_views_countincludes\class-traffic-signals.php:26
actionpvc_flush_cached_countsincludes\class-traffic-signals.php:27
actionpvc_reset_countsincludes\class-traffic-signals.php:28
actiontransition_post_statusincludes\class-traffic-signals.php:29
actiondeleted_postincludes\class-traffic-signals.php:30
actionadmin_initincludes\class-update.php:20
actionwidgets_initincludes\class-widgets.php:20
actionplugins_loadedpost-views-counter.php:318
actionadmin_enqueue_scriptspost-views-counter.php:319
actionadmin_print_stylespost-views-counter.php:320
actionwp_loadedpost-views-counter.php:321
actioninitpost-views-counter.php:322
actionadmin_initpost-views-counter.php:323
actionwp_initialize_sitepost-views-counter.php:324
filterpvc_active_caching_pluginspost-views-counter.php:338
filterpvc_is_plugin_activepost-views-counter.php:339
actionenqueue_block_editor_assetspost-views-counter.php:349
filterblock_categories_allpost-views-counter.php:352
filterregister_block_type_argspost-views-counter.php:354
actionadmin_print_scriptspost-views-counter.php:558
actionadmin_noticespost-views-counter.php:594
actionnetwork_admin_noticespost-views-counter.php:597

Scheduled Events 1

pvc_reset_counts
Maintenance & Trust

Post Views Counter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 23, 2026
PHP min version7.0
Downloads5.2M

Community Trust

Rating98/100
Number of ratings1,198
Active installs200K
Alternatives

Post Views Counter Alternatives

Statify

Statify

statify

A
100

Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.

100K No CVEs
Visitor Traffic Real Time Statistics

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

A
90

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

30K 8 CVEs
Real-Time Post Statistics for WordPress

Real-Time Post Statistics for WordPress

wp-post-real-time-statistics

A
99

A lightweight and simple tool to track your post statistics with real insights.

2K 1 CVE
Pageviews

Pageviews

pageviews

A
85

A simple and lightweight pageviews counter for your WordPress posts and pages.

1K No CVEs
Kama Click Counter

Kama Click Counter

kama-clic-counter

A
95

Count clicks on any link across the site. Creates a beautiful file download block in post content. Includes a widget for top downloads.

900 4 CVEs
Developer Profile

Post Views Counter Developer Profile

dFactory

12 plugins · 357K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
251 days
View full developer profile
Detection Fingerprints

How We Detect Post Views Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-views-counter/assets/css/frontend.css/wp-content/plugins/post-views-counter/assets/js/frontend.js/wp-content/plugins/post-views-counter/assets/css/admin.css/wp-content/plugins/post-views-counter/assets/js/admin.js/wp-content/plugins/post-views-counter/assets/css/frontend.min.css/wp-content/plugins/post-views-counter/assets/js/frontend.min.js/wp-content/plugins/post-views-counter/assets/css/admin.min.css/wp-content/plugins/post-views-counter/assets/js/admin.min.js
Script Paths
/wp-content/plugins/post-views-counter/post-views-counter.php
Version Parameters
post-views-counter/assets/css/frontend.css?ver=post-views-counter/assets/js/frontend.js?ver=post-views-counter/assets/css/admin.css?ver=post-views-counter/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
pvc_statspvc_views
Data Attributes
data-pvc-post-iddata-pvc-post-type
JS Globals
pvc_frontend_ajax_objectPostViewsCounterFrontend
REST Endpoints
/wp-json/post-views-counter/v1/view
FAQ

Frequently Asked Questions about Post Views Counter