[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbWCITju2jKCmkn2seSHqBL5fKD_o14Qq8lXomTyx-n4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":142,"fingerprints":344},"post-views-stats-counter","Post Views Stats Counter","1.1.7","Kazuki Yanamoto","https:\u002F\u002Fprofiles.wordpress.org\u002Fkazukiyanamoto\u002F","\u003Cp>This plugin will display how many times post and page viewed.\u003C\u002Fp>\n\u003Cp>It`s a simple stat analytics that also shows total view per day, week, month and all days. Those view are showed with titles and permalink.\u003Cbr \u002F>\nSelect only by title to see particular pages.\u003C\u002Fp>\n\u003Cp>You can exclude admin user and login users + you can ignore bots and useragents.\u003C\u002Fp>\n\u003Cp>The another merit is that “Most Popular articles” section can be added on to your widget.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Display how many times post and page viewed\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View total access per day, week, month, and all days\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Show titles and permalinks as well\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Change view order by date and title\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can ignore bots and UserAgents\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Exclude admin user and login users\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“Most Popular articles” section can be added on to your widget\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin will display how many times post and page viewed. It shows total view of access per day, week, month, and all days.",700,22283,80,4,"2023-04-12T05:51:00.000Z","6.2.9","4.6","",[20,21,22,23,24],"counter","hits","post-views","posts","postviews","https:\u002F\u002Fglobal-s-h.com\u002Fpvs\u002Fen\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-views-stats-counter.1.1.7.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"kazukiyanamoto",5,6850,88,30,86,"2026-04-04T05:55:53.636Z",[41,61,80,100,124],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":13,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":18,"tags":55,"homepage":59,"download_link":60,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"easy-post-view-counter","Easy Post View Counter","1.2.3","Michael Gertz","https:\u002F\u002Fprofiles.wordpress.org\u002Fmgertz\u002F","\u003Cp>With this plugin you can see how many views a single post has.\u003Cbr \u002F>\nJust link on the All Post link in the left menu\u003Cbr \u002F>\nNo need for adding codes anywhere, just plug’n’play\u003C\u002Fp>\n","With this plugin you can see how many views a single post has.",100,10991,3,"2015-04-07T06:59:00.000Z","4.1.42","2.7",[56,57,22,24,58],"post-counter","post-hits","view-counter","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Feasy-post-views-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-post-view-counter.1.2.3.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":49,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":78,"download_link":79,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"dp-post-views","DP Post Views Counter","1.2","Denys Popov","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenisatu\u002F","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fdenyspopov.com\" rel=\"nofollow ugc\">Denys Popov\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin shows the number of views on the site.\u003C\u002Fp>\n","The plugin show how many people have viewed an article on the site.",60,3506,1,"2019-08-12T17:54:00.000Z","5.2.24","4.9.1","5.6",[20,21,22,23,77],"view","https:\u002F\u002Fdenyspopov.com\u002Fdp-post-views","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdp-post-views.1.2.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":36,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":96,"download_link":97,"security_score":98,"vuln_count":71,"unpatched_count":28,"last_vuln_date":99,"fetched_at":30},"wp-postviews","WP-PostViews","1.78","Lester Chan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgamerz\u002F","\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Open \u003Ccode>wp-content\u002Fthemes\u002F\u003CYOUR THEME NAME>\u002Findex.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>You may place it in archive.php, single.php, post.php or page.php also.\u003C\u002Fli>\n\u003Cli>Find: \u003Ccode>\u003C?php while (have_posts()) : the_post(); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Add Anywhere Below It (The Place You Want The Views To Show): \u003Ccode>\u003C?php if(function_exists('the_views')) { the_views(); } ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Or you can use the shortcode \u003Ccode>[views]\u003C\u002Fcode> or \u003Ccode>[views id=\"1\"]\u003C\u002Fcode> (where 1 is the post ID) in a post\u003C\u002Fli>\n\u003Cli>Go to \u003Ccode>WP-Admin -> Settings -> PostViews\u003C\u002Fcode> to configure the plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-postviews\u002F\" title=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-postviews\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-postviews\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-postviews\u002Fi18n\u002F\" title=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-postviews\u002Fi18n\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-postviews\u002Fi18n\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Plugin icon by \u003Ca href=\"http:\u002F\u002Fwww.icomoon.io\" rel=\"nofollow ugc\">Iconmoon\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" rel=\"nofollow ugc\">Flaticon\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.\u003C\u002Fp>\n\u003Ch3>Version 1.76.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Add Post Author in views template\u003C\u002Fli>\n\u003Cli>NEW: Bump for WordPress 5.3\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.76\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Added postviews_should_count filter\u003C\u002Fli>\n\u003Cli>FIXED: Change to (int) from intval() and use sanitize_key() with it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.75\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Use WP_Query() for most\u002Fleast viewed posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.74\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Bump WordPress 4.7\u003C\u002Fli>\n\u003Cli>NEW: Template variable %POST_CATEGORY_ID%. It returns Post’s Category ID. If you are using Yoast SEO Plugin, it will return the priority Category ID. Props @FunFrog-BY\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.73\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIXED: In preview mode, don’t count views\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.72\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Add %POST_THUMBNAIL% to template variables\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.71\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIXED: Notices in Widget Constructor for WordPress 4.3\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.70\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIXED: Integration with WP-Stats\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.69\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Shortcode \u003Ccode>[views]\u003C\u002Fcode> or [views id=”POST_ID”]` to embed view count into post\u003C\u002Fli>\n\u003Cli>NEW: Added template variable \u003Ccode>%VIEW_COUNT_ROUNDED%\u003C\u002Fcode> to support rounded view count like 10.1k or 11.2M\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.68\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Added action hook ‘postviews_increment_views’ and ‘postviews_increment_views_ajax’\u003C\u002Fli>\n\u003Cli>NEW: Allow custom post type to be chosen under the widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.67\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Allow user to not use AJAX to update the views even though WP_CACHE is true\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.66\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>NEW: Supports MultiSite Network Activation\u003C\u002Fli>\n\u003Cli>NEW: Add %POST_DATE% and %POST_TIME% to template variables\u003C\u002Fli>\n\u003Cli>NEW: Add China isearch engines bots\u003C\u002Fli>\n\u003Cli>NEW: Ability to pass in an array of post types for get_most\u002Fleast_*() functions. Props Leo Plaw.\u003C\u002Fli>\n\u003Cli>FIXED: Moved uninstall to uninstall.php and hence fix missing nonce. Props Julio Potier.\u003C\u002Fli>\n\u003Cli>FIXED: Notices and better way to get views from meta. Props daankortenbach.\u003C\u002Fli>\n\u003Cli>FIXED: No longer needing add_post_meta() if update_post_meta() fails.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version 1.65 (02-06-2013)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIXED: Views not showing in WP-Admin if “Display Options” is not set to “Display to everyone”\u003C\u002Fli>\n\u003C\u002Ful>\n","Enables you to display how many times a post\u002Fpage had been viewed.",100000,3382051,65,"2025-08-31T05:28:00.000Z","6.8.5","4.0",[20,21,24,95],"views","https:\u002F\u002Flesterchan.net\u002Fportfolio\u002Fprogramming\u002Fphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postviews.1.78.zip",99,"2013-05-08 00:00:00",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":49,"num_ratings":34,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":28,"last_vuln_date":123,"fetched_at":30},"wpecounter","WP Views Counter","2.1.3","etruel","https:\u002F\u002Fprofiles.wordpress.org\u002Fetruel\u002F","\u003Cp>\u003Cstrong>WP Views Counter\u003C\u002Fstrong> is a lightweight, high-performance plugin that accurately tracks and displays post, page, and custom post type views — directly in the WordPress admin, via shortcode, or with a Gutenberg block.\u003C\u002Fp>\n\u003Cp>Built for bloggers, marketers, store owners, and developers, it works seamlessly across all post types — including WooCommerce and Easy Digital Downloads — with minimal impact on your site’s speed. No external scripts. No unnecessary bloat.\u003C\u002Fp>\n\u003Cp>This plugin does one job and does it exceptionally well: it tells you which content is getting the most attention.\u003C\u002Fp>\n\u003Ch4>Key Benefits\u003C\u002Fh4>\n\u003Cp>✅ \u003Cstrong>Accurate view counts\u003C\u002Fstrong> in admin columns, shortcode, or block\u003Cbr \u002F>\n✅ \u003Cstrong>Metabox per post\u003C\u002Fstrong> with real-time views and reset button\u003Cbr \u002F>\n✅ \u003Cstrong>Exclude views from logged-in users or specific roles\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Fully AJAX-powered\u003C\u002Fstrong> — no page reloads or slowdowns\u003Cbr \u002F>\n✅ \u003Cstrong>Works with all post types\u003C\u002Fstrong>, including EDD and WooCommerce\u003Cbr \u002F>\n✅ \u003Cstrong>Block to display popular posts\u003C\u002Fstrong> — no legacy widgets required\u003Cbr \u002F>\n✅ \u003Cstrong>Developer-friendly and fully translatable\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Import views from other plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Whether you’re optimizing your content strategy or simply want to know what’s working, \u003Cstrong>WP Views Counter\u003C\u002Fstrong> is the simple and effective alternative to bloated analytics plugins.\u003C\u002Fp>\n\u003Cp>📦 Start tracking your most popular content today — with clarity, speed and control.\u003C\u002Fp>\n\u003Cp>💡 Developer-friendly: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FEtruel-Developments\u002Fwpecounter\u002Fissues\" rel=\"nofollow ugc\">Contribute on GitHub\u003C\u002Fa> — forks and pull requests welcome.\u003C\u002Fp>\n","Fast, lightweight post views counter. Display views in admin, blocks or shortcodes — no tracking scripts required.",2000,41916,"2025-12-19T18:09:00.000Z","6.9.4","3.1","7.0",[115,116,117,22,118],"ajax-counter","analytics","popular-posts","views-counter","https:\u002F\u002Fetruel.com\u002Fdownloads\u002Fwpecounter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpecounter.2.1.3.zip",98,2,"2025-12-14 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":49,"num_ratings":51,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":140,"download_link":141,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-postviews-plus","WP-PostViews Plus","2.1.2","Richer Yang","https:\u002F\u002Fprofiles.wordpress.org\u002Ffantasyworld\u002F","\u003Cp>It can set that if count the registered member views OR views in index page.\u003Cbr \u002F>\nTo differentiate between USER and BOT is by HTTP_agent, and it can set at admin\u003C\u002Fp>\n","Enables You To Display How Many Times A Post Had Been Viewed By User Or Bot.",400,106635,"2020-05-08T02:43:00.000Z","5.4.19","5.0","5.6.20",[139,20,21,24,95],"bot","https:\u002F\u002Fricher.tw\u002Fwp-postviews-plus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postviews-plus.2.1.2.zip",{"attackSurface":143,"codeSignals":171,"taintFlows":243,"riskAssessment":334,"analyzedAt":343},{"hooks":144,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":28,"unprotectedCount":28},[145,151,156,159,163],{"type":146,"name":147,"callback":148,"file":149,"line":150},"filter","wp_footer","pvs_counter_filter_footer","wp_pvscounter.php",34,{"type":152,"name":153,"callback":154,"file":149,"line":155},"action","init","pvs_counter_init",37,{"type":152,"name":153,"callback":157,"file":149,"line":158},"pvs_counter_load_textdomain",40,{"type":152,"name":160,"callback":161,"file":149,"line":162},"admin_menu","pvs_counter_admin_menu",43,{"type":152,"name":164,"callback":165,"file":149,"line":166},"widgets_init","closure",498,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":176,"fileOperations":28,"externalRequests":28,"nonceChecks":71,"capabilityChecks":71,"bundledLibraries":242},[],{"prepared":174,"raw":28,"locations":175},35,[],{"escaped":177,"rawEcho":150,"locations":178},62,[179,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,211,213,215,217,218,220,223,224,226,228,230,232,234,236,237,238,240,241],{"file":180,"line":166,"context":181},"manage\\admin.php","raw output",{"file":180,"line":183,"context":181},503,{"file":180,"line":185,"context":181},508,{"file":180,"line":187,"context":181},513,{"file":180,"line":189,"context":181},558,{"file":180,"line":191,"context":181},575,{"file":180,"line":193,"context":181},582,{"file":180,"line":195,"context":181},589,{"file":180,"line":197,"context":181},599,{"file":180,"line":199,"context":181},606,{"file":180,"line":201,"context":181},613,{"file":180,"line":203,"context":181},630,{"file":180,"line":205,"context":181},631,{"file":180,"line":207,"context":181},632,{"file":180,"line":209,"context":181},633,{"file":180,"line":209,"context":181},{"file":180,"line":212,"context":181},639,{"file":180,"line":214,"context":181},681,{"file":180,"line":216,"context":181},696,{"file":180,"line":216,"context":181},{"file":180,"line":219,"context":181},708,{"file":221,"line":222,"context":181},"wp_mostpost.php",27,{"file":221,"line":222,"context":181},{"file":149,"line":225,"context":181},446,{"file":149,"line":227,"context":181},463,{"file":149,"line":229,"context":181},465,{"file":149,"line":231,"context":181},466,{"file":149,"line":233,"context":181},467,{"file":149,"line":235,"context":181},491,{"file":149,"line":235,"context":181},{"file":149,"line":235,"context":181},{"file":149,"line":239,"context":181},492,{"file":149,"line":239,"context":181},{"file":149,"line":239,"context":181},[],[244],{"entryPoint":245,"graph":246,"unsanitizedCount":14,"severity":333},"\u003Cadmin> (manage\\admin.php:0)",{"nodes":247,"edges":319},[248,252,258,262,267,271,276,279,284,287,291,294,298,301,304,307,310,314,317],{"id":249,"type":250,"label":251,"file":180,"line":177},"n0","source","$_POST",{"id":253,"type":254,"label":255,"file":180,"line":256,"wp_function":257},"n1","sink","query() [SQLi]",67,"query",{"id":259,"type":250,"label":260,"file":180,"line":261},"n2","$_POST (x14)",74,{"id":263,"type":254,"label":264,"file":180,"line":265,"wp_function":266},"n3","update_option() [Settings Manipulation]",77,"update_option",{"id":268,"type":250,"label":269,"file":180,"line":270},"n4","$_POST (x3)",46,{"id":272,"type":254,"label":273,"file":180,"line":274,"wp_function":275},"n5","get_var() [SQLi]",278,"get_var",{"id":277,"type":250,"label":278,"file":180,"line":270},"n6","$_POST (x2)",{"id":280,"type":254,"label":281,"file":180,"line":282,"wp_function":283},"n7","get_results() [SQLi]",420,"get_results",{"id":285,"type":250,"label":278,"file":180,"line":286},"n8",91,{"id":288,"type":254,"label":289,"file":180,"line":212,"wp_function":290},"n9","echo() [XSS]","echo",{"id":292,"type":250,"label":278,"file":180,"line":293},"n10",319,{"id":295,"type":296,"label":297,"file":180,"line":293},"n11","transform","→ pvs_counter_static_days()",{"id":299,"type":254,"label":273,"file":180,"line":300,"wp_function":275},"n12",297,{"id":302,"type":250,"label":278,"file":180,"line":303},"n13",325,{"id":305,"type":296,"label":306,"file":180,"line":303},"n14","→ pvs_counter_static_title_days()",{"id":308,"type":254,"label":273,"file":180,"line":309,"wp_function":275},"n15",307,{"id":311,"type":250,"label":312,"file":180,"line":313},"n16","$_POST (x6)",423,{"id":315,"type":296,"label":316,"file":180,"line":313},"n17","→ pvs_counter_rows_all()",{"id":318,"type":254,"label":281,"file":180,"line":282,"wp_function":283},"n18",[320,322,323,324,325,326,328,329,330,331,332],{"from":249,"to":253,"sanitized":321},true,{"from":259,"to":263,"sanitized":321},{"from":268,"to":272,"sanitized":321},{"from":277,"to":280,"sanitized":321},{"from":285,"to":288,"sanitized":321},{"from":292,"to":295,"sanitized":327},false,{"from":295,"to":299,"sanitized":327},{"from":302,"to":305,"sanitized":327},{"from":305,"to":308,"sanitized":327},{"from":311,"to":315,"sanitized":327},{"from":315,"to":318,"sanitized":321},"high",{"summary":335,"deductions":336},"The \"post-views-stats-counter\" plugin v1.1.7 exhibits a generally strong security posture, primarily due to the complete absence of dangerous functions, external requests, and file operations. The plugin also demonstrates good practices by exclusively using prepared statements for its SQL queries and including at least one nonce and capability check.  However, there are areas for improvement.  The static analysis reveals a concerning taint flow with unsanitized paths identified as high severity, indicating a potential for vulnerabilities if this flow involves user-controlled input that is not adequately validated or sanitized before being used in a sensitive operation. Furthermore, while 96 outputs are accounted for, only 65% are properly escaped, leaving a significant portion of output potentially vulnerable to cross-site scripting (XSS) attacks.\n\nThe plugin's vulnerability history is spotless, with no known CVEs recorded. This is a positive indicator, suggesting that the plugin has either been well-maintained or has not yet been a target for widespread exploitation. However, the absence of past vulnerabilities does not guarantee future security, especially given the identified taint flow and output escaping issues.  In conclusion, while the plugin scores well on several critical security fronts like SQL injection prevention and controlled attack surface, the high-severity taint flow and the substantial percentage of unescaped output represent tangible risks that require attention. The lack of a history of vulnerabilities is a strength, but it should not overshadow the need to address the identified code-level concerns.",[337,340],{"reason":338,"points":339},"High severity taint flow with unsanitized path",12,{"reason":341,"points":342},"Significant percentage of unescaped output",8,"2026-03-16T19:22:20.674Z",{"wat":345,"direct":354},{"assetPaths":346,"generatorPatterns":349,"scriptPaths":350,"versionParams":351},[347,348],"\u002Fwp-content\u002Fplugins\u002Fpost-views-stats-counter\u002Fjs\u002Fpvscounter.js","\u002Fwp-content\u002Fplugins\u002Fpost-views-stats-counter\u002Fcss\u002Fpvscounter.css",[],[347],[352,353],"post-views-stats-counter\u002Fjs\u002Fpvscounter.js?ver=","post-views-stats-counter\u002Fcss\u002Fpvscounter.css?ver=",{"cssClasses":355,"htmlComments":356,"htmlAttributes":357,"restEndpoints":358,"jsGlobals":359,"shortcodeOutput":360},[],[],[],[],[],[]]