Does statistX have any unpatched vulnerabilities?

No. All known vulnerabilities in statistX have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is statistX compatible with WordPress 2.9.2?

According to WordPress.org data, statistX 1.0.0 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is statistX updated?

statistX was last updated on Feb 16, 2010. Frequent updates are generally a positive security signal.

What is statistX's security score?

statistX has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

statistX Security & Risk Analysis

wordpress.org/plugins/statistx

statistX adds a configurable hit counter to your WordPress blog. It also includes a web traffic and search/keyword -analysis.

10 active installs v1.0.0 PHP + WP 2.0.2+ Updated Feb 16, 2010

counterhit-counterpluginsstatistics

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is statistX Safe to Use in 2026?

Generally Safe

Score 85/100

statistX has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The plugin 'statistx' v1.0.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the code signals indicate no dangerous functions, no file operations, no external HTTP requests, and all SQL queries are properly prepared. The lack of any recorded vulnerabilities in its history further bolsters its security reputation, suggesting a history of secure development practices or a lack of targeted exploitation.

However, a critical concern arises from the output escaping. With 22 total outputs and 0% properly escaped, this presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed to other users without proper sanitization or escaping could be exploited. While other areas like nonce checks, capability checks, and taint analysis show no immediate issues, the unescaped output is a glaring weakness that needs immediate attention. The plugin's overall strength in other areas is undermined by this single, high-impact deficiency.

Key Concerns

All outputs are unescaped

Vulnerabilities

None known

statistX Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

statistX Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped22 total outputs

Attack Surface

statistX Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initstatistx.php:27

Maintenance & Trust

statistX Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedFeb 16, 2010

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

statistX Alternatives

WPS Visitor Counter

wps-visitor-counter

Display website visitor statistics with widget, shortcode, and Gutenberg block support.

10K 1 unpatched

mzz-stat

Shows the WP site administrator how many visits per page per day to their WP site.

100 No CVEs

Post Views Counter

post-views-counter

Post Views Counter allows you to collect and display how many times a post, page, or other content has been viewed in a simple, fast and reliable way.

200K 2 CVEs

StatCounter – Free Real Time Visitor Stats

official-statcounter-plugin-for-wordpress

StatCounter.com powered real-time detailed stats about the visitors to your blog.

70K 2 CVEs

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

40K 7 CVEs

Developer Profile

statistX Developer Profile

Yatko

6 plugins · 60 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect statistX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

statistx

HTML Comments

Data Attributes

id="statistx-widget"class="widget statistx-widget"

JS Globals

var data = '&r=' + escape(document.referrer)

FAQ