Posts Visitors Security & Risk Analysis
wordpress.org/plugins/posts-visitorsA plugin allows you to display how many times the post had been visited.
Is Posts Visitors Safe to Use in 2026?
Generally Safe
Score 85/100Posts Visitors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "posts-visitors" plugin v1.0.0 demonstrates a strong adherence to secure coding practices based on the provided static analysis. The complete absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and output escaping issues is commendable. The plugin also shows no history of known vulnerabilities, indicating a potentially mature and well-maintained codebase. Furthermore, the limited attack surface, consisting solely of a shortcode with no identified unprotected entry points, further strengthens its security posture.
However, the analysis does reveal a critical weakness: the complete absence of nonce checks and capability checks. While the current attack surface is small, this oversight means that if any new entry points are introduced or the existing shortcode's functionality evolves to include sensitive operations, it could be vulnerable to CSRF attacks or unauthorized access by users without the necessary permissions. The lack of taint analysis also means that complex data flow vulnerabilities might not have been detected.
In conclusion, the plugin exhibits excellent fundamental security practices in its current iteration. The developers have done well to avoid common pitfalls. The primary concern lies in the lack of robust authorization and security token checks, which represents a potential future risk if the plugin's functionality expands or if its entry points become more complex. Addressing this oversight would significantly enhance its overall security.
Key Concerns
- Missing nonce checks
- Missing capability checks
Posts Visitors Security Vulnerabilities
Posts Visitors Code Analysis
Output Escaping
Posts Visitors Attack Surface
Shortcodes 1
WordPress Hooks 8
Maintenance & Trust
Posts Visitors Maintenance & Trust
Maintenance Signals
Community Trust
Posts Visitors Alternatives
WP Views Counter
wpecounter
Fast, lightweight post views counter. Display views in admin, blocks or shortcodes — no tracking scripts required.
Light Views Counter – Fast, Scalable View Counter for High-Traffic Sites
light-views-counter
Lightweight and fast post view counter with smart tracking, built for high-traffic sites and large post databases.
Post Views Stats Counter
post-views-stats-counter
This plugin will display how many times post and page viewed. It shows total view of access per day, week, month, and all days.
Init View Count – AI-Powered, Trending, REST API
init-view-count
Count post views accurately via REST API with customizable display. Lightweight, fast, and extensible. Includes shortcode with multiple layouts.
Posts and Products Views for WooCommerce
posts-and-products-views
Track and display the view counts of WordPress posts and WooCommerce products in the admin panel and via shortcode.
Posts Visitors Developer Profile
1 plugin · 40 total installs
How We Detect Posts Visitors
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/posts-visitors/admin/css/posts-visitors-admin.css/wp-content/plugins/posts-visitors/admin/js/posts-visitors-admin.js/wp-content/plugins/posts-visitors/admin/js/posts-visitors-admin.jsposts-visitors/admin/js/posts-visitors-admin.js?ver=HTML / DOM Fingerprints
site-visitorsvisitors-labelvisitors-counterdashicons-visibilitydata-post-visitors-count<div class="site-visitors"><span class="dashicons dashicons-visibility"></span><span class="visitors-label"></span><span class="visitors-counter" style="font-size: