Does SRS Simple Hits Counter have any unpatched vulnerabilities?

No. All known vulnerabilities in SRS Simple Hits Counter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SRS Simple Hits Counter compatible with WordPress 6.7.5?

According to WordPress.org data, SRS Simple Hits Counter 2.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is SRS Simple Hits Counter updated?

SRS Simple Hits Counter was last updated on Jan 19, 2025. Frequent updates are generally a positive security signal.

What is SRS Simple Hits Counter's security score?

SRS Simple Hits Counter has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SRS Simple Hits Counter Security & Risk Analysis

wordpress.org/plugins/srs-simple-hits-counter

Simple plugin to count and show a total number of hits (Unique visitors or page-views) to the site without using any third party code.

8K active installs v2.1 PHP + WP 3.4+ Updated Jan 19, 2025

analyticscounterhitspage-viewsvisitor

A · Safe

CVEs total2

Unpatched0

Last CVEJan 19, 2023

Plugin page Download

Safety Verdict

Is SRS Simple Hits Counter Safe to Use in 2026?

Generally Safe

Score 91/100

SRS Simple Hits Counter has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 19, 2023Updated 1yr ago

Risk Assessment

The srs-simple-hits-counter plugin v2.1 exhibits a mixed security posture, with some positive security practices offset by significant concerns. While the plugin avoids dangerous functions, external HTTP requests, and file operations, its handling of entry points and data sanitization presents notable risks. The presence of two AJAX handlers without authentication checks, combined with two taint flows showing unsanitized paths of high severity, strongly suggests potential vulnerabilities. The plugin's history of known CVEs, including a high-severity SQL injection vulnerability, further exacerbates these concerns. Although no currently unpatched CVEs are listed and a nonce check is present, the pattern of past vulnerabilities and the identified code signals indicate a need for caution. The plugin's overall security is compromised by its unprotected entry points and the demonstrated lack of robust data sanitization in critical areas.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
SQL queries with limited prepared statements
Output escaping concerns
History of high severity vulnerabilities

Vulnerabilities

SRS Simple Hits Counter Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2023-22709medium · 4.3Cross-Site Request Forgery (CSRF)

SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery

Jan 19, 2023 Patched in 1.1.1 (730d)

CVE-2020-5766high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SRS Simple Hits Counter Plugin for WordPress 1.03 - 1.04 - Unauthenticated SQL Injection

Jul 10, 2020 Patched in 1.1.0 (1292d)

Code Analysis

Analyzed Mar 16, 2026

SRS Simple Hits Counter Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared12 total queries

Output Escaping

48% escaped54 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

srs_hits_counter_graphs (SRS_Simple_Hits_Counter.php:262)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

SRS Simple Hits Counter Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_srs_update_counterSRS_Simple_Hits_Counter.php:67

noprivwp_ajax_srs_update_counterSRS_Simple_Hits_Counter.php:68

Shortcodes 2

[srs_total_pageViews] SRS_Simple_Hits_Counter.php:157

[srs_total_visitors] SRS_Simple_Hits_Counter.php:166

WordPress Hooks 5

actionwp_headSRS_Simple_Hits_Counter.php:44

actionadmin_headSRS_Simple_Hits_Counter.php:45

actionwp_footerSRS_Simple_Hits_Counter.php:57

actionwidgets_initSRS_Simple_Hits_Counter.php:178

actionadmin_menuSRS_Simple_Hits_Counter.php:254

Maintenance & Trust

SRS Simple Hits Counter Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 19, 2025

PHP min version

Downloads104K

Community Trust

Rating84/100

Number of ratings6

Active installs8K

Alternatives

SRS Simple Hits Counter Alternatives

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

40K 7 CVEs

Total Views

total-views

100

Count total page views on your WordPress site and display them with a simple shortcode. Customizable label, styles, and editable page views.

0 No CVEs

WP Post Statistics (Visitors & Visits Counter)

wp-post-real-time-statistics

a simple tool to know your post statistics

2K 1 CVE

Counter-Hits

counter-hits

100

A simple, easy, fast, adaptive, local, objective counter to visit your site.

1K No CVEs

Pageviews

pageviews

A simple and lightweight pageviews counter for your WordPress posts and pages.

1K No CVEs

Developer Profile

SRS Simple Hits Counter Developer Profile

SandyRig

2 plugins · 8K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1011 days

View full developer profile

Detection Fingerprints

How We Detect SRS Simple Hits Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/srs-simple-hits-counter/js/srs_simple_hits_counter_js.js

Script Paths