
Post Word Count Security & Risk Analysis
wordpress.org/plugins/post-word-countCounts the total number of words in all posts or the number of words in a single post.
Is Post Word Count Safe to Use in 2026?
Generally Safe
Score 85/100Post Word Count has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "post-word-count" plugin v1.2 exhibits a generally positive security posture based on the static analysis provided. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with or without authentication significantly limits the attack surface. Furthermore, the plugin does not utilize dangerous functions, perform file operations, or make external HTTP requests, which are common vectors for exploits. The use of prepared statements for all SQL queries is a strong indication of secure database interaction practices.
However, a significant concern arises from the "Output escaping" signal, which shows that 100% of the total outputs are not properly escaped. This presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious code could be injected into the WordPress site and executed by users. While the taint analysis shows no identified flows with unsanitized paths, this is likely due to the lack of any analyzed flows to begin with, rather than a proven absence of such issues. The plugin also has no recorded vulnerability history, which is a positive indicator, but does not negate the risk posed by the unescaped output.
In conclusion, the plugin demonstrates good practices in terms of limiting its attack surface and handling database queries securely. The complete lack of identified vulnerabilities in its history is also reassuring. Nevertheless, the critical issue of unescaped output must be addressed as it represents a direct and exploitable security risk. Addressing this single vulnerability would significantly improve the plugin's overall security.
Key Concerns
- Unescaped output detected
Post Word Count Security Vulnerabilities
Post Word Count Release Timeline
Post Word Count Code Analysis
SQL Query Safety
Output Escaping
Post Word Count Attack Surface
Maintenance & Trust
Post Word Count Maintenance & Trust
Maintenance Signals
Community Trust
Post Word Count Alternatives
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress
custom-facebook-feed
Formerly "Custom Facebook Feed". Display completely customizable Facebook feeds of a Facebook page. Supports Facebook oEmbeds.
Reading Time WP
reading-time-wp
Reading Time WP creates an estimated reading time of your posts that is inserted above the content or by using a shortcode.
Password Strength Settings for WooCommerce
wc-password-strength-settings
Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.
Auto Affiliate Links
wp-auto-affiliate-links
Automatically display affiliate links in your website content so you can make more money. It is also working well for internal linking.
Article Word Count
article-word-count-column
Displays the word count for each post and page in the WordPress admin panel.
Post Word Count Developer Profile
12 plugins · 3K total installs
How We Detect Post Word Count
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
[post_word_count][post_word_count single=true]