Does Simple Webstats have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Webstats have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Webstats compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Webstats 2.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Webstats compatible with PHP 7.3+?

Simple Webstats requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Webstats updated?

Simple Webstats was last updated on Dec 5, 2025. Frequent updates are generally a positive security signal.

What is Simple Webstats's security score?

Simple Webstats has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Webstats Security & Risk Analysis

wordpress.org/plugins/simple-webstats

Privacy-focused cookie-free web analytics for WordPress.

90 active installs v2.0.2 PHP 7.3+ WP 4.6+ Updated Dec 5, 2025

analyticsprivacystatisticstrackingwebstats

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Simple Webstats Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Webstats has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The 'simple-webstats' plugin version 2.0.2 exhibits a generally good security posture, primarily due to its strict adherence to using prepared statements for all SQL queries and the presence of nonce checks on its AJAX handlers. The absence of any known CVEs in its history also suggests a history of stable and secure development. However, there are areas for improvement.

The static analysis revealed that while 100% of SQL queries are prepared, only 63% of output is properly escaped. This indicates a potential risk for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is displayed without sufficient sanitization. Furthermore, the taint analysis identified two flows with unsanitized paths, which, while not classified as critical or high severity in this analysis, warrant further investigation as they could represent potential local file inclusion or path traversal vectors if not handled carefully by the application logic.

Overall, 'simple-webstats' v2.0.2 demonstrates strong foundational security practices like prepared statements and nonce checks. The main concerns lie in the partial output escaping and the identified unsanitized paths from the taint analysis, which, despite the lack of severe immediate findings, represent exploitable surface areas that could be leveraged in conjunction with other weaknesses or under different conditions.

Key Concerns

Outputs not properly escaped
Unsanitized paths identified in taint analysis

Vulnerabilities

None known

Simple Webstats Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Webstats Code Analysis

Dangerous Functions

Raw SQL Queries

105 prepared

Unescaped Output

69 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared105 total queries

Output Escaping

63% escaped109 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

post_view (inc\collector.php:51)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Webstats Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 5

authwp_ajax_swstats_post_viewinc\collector.php:35

noprivwp_ajax_swstats_post_viewinc\collector.php:36

authwp_ajax_swstats_get_summary_datainc\dashboard.php:44

authwp_ajax_swstats_get_table_datainc\dashboard.php:45

authwp_ajax_swstats_reset_review_promptinc\reviewprompts.php:13

WordPress Hooks 19

filteradmin_footer_textinc\admin.php:73

filterupdate_footerinc\admin.php:79

actionwp_enqueue_scriptsinc\collector.php:23

actionadmin_menuinc\dashboard.php:17

actionload-toplevel_page_swstats_dashinc\dashboard.php:31

actionadmin_enqueue_scriptsinc\dashboard.php:34

actionadmin_menuinc\settings.php:15

actionload-simple-webstats_page_swstats_settingsinc\settings.php:21

actionadmin_enqueue_scriptsinc\settings.php:24

actionadmin_post_swstats_save_settingsinc\settings.php:31

actionplugins_loadedinc\setup.php:15

actionplugins_loadedinc\setup.php:18

actionplugins_loadedinc\setup.php:21

actionwp_dashboard_setupinc\widget.php:15

actionadmin_enqueue_scriptsinc\widget.php:21

filtercron_schedulessimple-webstats.php:48

actionswstats_purge_cronsimple-webstats.php:96

actionswstats_optimise_cronsimple-webstats.php:108

actionswstats_migrate_cronsimple-webstats.php:177

Scheduled Events 4

swstats_migrate_cron

swstats_purge_cron

swstats_optimise_cron

swstats_migrate_cron

Maintenance & Trust

Simple Webstats Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 5, 2025

PHP min version7.3

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs90

Alternatives

Simple Webstats Alternatives

WEBFUL Analytics

webful

100

Ultra-lightweight and privacy-friendly traffic analytics system for your WordPress site.

40 No CVEs

Easy Media Statistics

easy-media-statistics

100

Get detailed insights into visitors behavior when they listen to audio or view videos on your site - privacy-friendly.

30 No CVEs

SFR Analytics

sfr-analytics

100

Lightweight, privacy-focused WordPress analytics. Track pageviews, visitors, campaigns and more — all data stored locally in your own database.

20 No CVEs

Valserv Analytics for SentinelPro

valserv-analytics-for-sentinelpro

100

Connect your site to SentinelPro Analytics with real-time tracking, post-level metrics, and a privacy-focused dashboard.

0 No CVEs

GA Google Analytics – Connect Google Analytics to WordPress

ga-google-analytics

100

Adds Google Analytics tracking code to your WordPress site. Supports many tracking features.

400K No CVEs

Developer Profile

Simple Webstats Developer Profile

Blucube

2 plugins · 290 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Webstats

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-webstats/css/admin.css/wp-content/plugins/simple-webstats/css/dashboard.css/wp-content/plugins/simple-webstats/css/frontend.css/wp-content/plugins/simple-webstats/css/settings.css/wp-content/plugins/simple-webstats/js/admin.js/wp-content/plugins/simple-webstats/js/dashboard.js/wp-content/plugins/simple-webstats/js/frontend.js/wp-content/plugins/simple-webstats/js/settings.js

Version Parameters

simple-webstats/css/admin.css?ver=simple-webstats/css/dashboard.css?ver=simple-webstats/css/frontend.css?ver=simple-webstats/css/settings.css?ver=simple-webstats/js/admin.js?ver=simple-webstats/js/dashboard.js?ver=simple-webstats/js/frontend.js?ver=simple-webstats/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

swstats-widget-visits-todayswstats-widget-visits-last-7-daysswstats-widget-referrers-top-5swstats-widget-browsers-top-5swstats-widget-countries-top-5

Data Attributes

swstats_uid

FAQ