[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLHXqORFf0Pe22j7JskV84ECCEe8CrvrDyilw3pu4x7Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":156,"crawl_stats":38,"alternatives":164,"analysis":266,"fingerprints":853},"top-10","WebberZone Top 10 — Popular Posts","4.2.1","Ajay","https:\u002F\u002Fprofiles.wordpress.org\u002Fajay\u002F","\u003Cp>WordPress lacks built-in page view tracking or a popular posts feature. \u003Ca href=\"https:\u002F\u002Fwebberzone.com\u002Fplugins\u002Ftop-10\u002F\" rel=\"nofollow ugc\">Top 10\u003C\u002Fa> solves this by counting views across posts, pages, and custom post types, then letting you showcase your most popular content.\u003C\u002Fp>\n\u003Cp>Top 10 provides blocks, widgets, shortcodes, and template functions for displaying popular posts and view counts across your site. All tracking data is stored locally in your WordPress database, with no external services involved.\u003C\u002Fp>\n\u003Cp>Top 10 includes comprehensive features such as thumbnail support, flexible display options, custom post type support, and developer-friendly extensibility. A built-in caching layer reduces server load, while AJAX-based tracking avoids page cache interference and works with most popular caching plugins.\u003C\u002Fp>\n\u003Cp>Top 10 also exposes a powerful API with WordPress actions and filters, allowing developers to customise queries, tracking behaviour, and output rendering without modifying core plugin files.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Page Counter\u003C\u002Fstrong>: Tracks hourly post views on posts, pages, and custom post types. Display counts automatically using blocks, shortcodes, or template functions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Popular Posts\u003C\u002Fstrong>: Display most viewed posts by total counts or within custom time periods\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg Support\u003C\u002Fstrong>: Dedicated “Popular Posts [Top 10]” block with configurable display options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite Dashboard\u003C\u002Fstrong>: Network-wide aggregated statistics across all sites in a multisite installation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widgets\u003C\u002Fstrong>: Sidebar widgets for daily and overall popular posts with extensive customisation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes\u003C\u002Fstrong>: Use \u003Ccode>[tptn_list]\u003C\u002Fcode> to display popular post lists and \u003Ccode>[tptn_views]\u003C\u002Fcode> to show view counts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Thumbnails\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>WordPress post thumbnail support with custom \u003Ccode>tptn_thumbnail\u003C\u002Fcode> image size\u003C\u002Fli>\n\u003Cli>Automatic extraction of the first image from post content\u003C\u002Fli>\n\u003Cli>Manual thumbnail URLs via Edit Post screens\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exclusions\u003C\u002Fstrong>: Exclude posts by category or post ID from popular post lists\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Styling\u003C\u002Fstrong>: Output wrapped in semantic CSS classes. Add custom CSS via settings or use included styles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Interface\u003C\u002Fstrong>: View daily and overall popular posts from the dashboard. Adds sortable view-count columns to post and page lists\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export\u002FImport\u003C\u002Fstrong>: Export count tables and settings, and restore them on the same site or other installs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caching Compatibility\u003C\u002Fstrong>: Works with WP Super Cache, W3 Total Cache, Quick Cache, and similar plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Friendly\u003C\u002Fstrong>: Extensive filters and actions to customise queries, tracking behaviour, and output rendering\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features in Top 10 Pro\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enhanced Tracking and Performance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fast and High-Traffic Trackers\u003C\u002Fstrong>: Alternative tracking methods for improved performance on busy sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Query Optimisation\u003C\u002Fstrong>: MySQL \u003Ccode>MAX_EXECUTION_TIME\u003C\u002Fcode> directive to prevent long-running queries, configurable via settings and the \u003Ccode>top_ten_query_max_execution_time\u003C\u002Fcode> filter\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Retention Override\u003C\u002Fstrong>: Customizable data retention period (default 180 days via \u003Ccode>TOP_TEN_STORE_DATA\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Advanced Blocks and Widgets\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Top 10 Query Block\u003C\u002Fstrong>: Query and display popular posts directly from the block or site editor\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Top 10 Featured Image Block\u003C\u002Fstrong>: Support for multiple image sources with fallbacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Popular Posts Block Enhancements\u003C\u002Fstrong>:\u003C\u002Fli>\n\u003Cli>Save and clear default block settings with a single click\u003C\u002Fli>\n\u003Cli>Auto-insert default and global settings attributes with an option to disable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enhanced Admin Tools\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Admin Bar Integration\u003C\u002Fstrong>: Admin bar menu item to view daily, total, and overall post counts, access admin pages, and clear cache\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable Admin Bar menu\u003C\u002Fstrong>: Setting to disable the Admin Bar menu\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard Access Control\u003C\u002Fstrong>: Setting to control which user roles can view the Top 10 dashboard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display Settings\u003C\u002Fstrong>: Setting to choose which post type screens display admin columns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mini “Top 10 Views Overview” widget\u003C\u002Fstrong>: Compact views-over-time chart on the WordPress Dashboard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite Settings Copy\u003C\u002Fstrong>: Tool to copy settings between sites in a multisite network\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Display Options\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Taxonomy-Specific Displays\u003C\u002Fstrong>: \u003Ccode>display_only_on_tax_ids\u003C\u002Fcode> parameter to restrict popular post displays to specific taxonomy terms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Category Inclusion\u003C\u002Fstrong>: Edit Post meta box option to include popular posts from specific categories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Filtering\u003C\u002Fstrong>: Filter RSS feeds by category or post type via settings or URL parameters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Developer-Friendly Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Post Type Sortable Columns\u003C\u002Fstrong>: Admin columns on supported custom post types with sortable functionality\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>GDPR\u003C\u002Fh4>\n\u003Cp>Top 10 does not collect personal visitor data out of the box. Tracking data is stored locally in the \u003Ccode>wp_top_ten\u003C\u002Fcode> and \u003Ccode>wp_top_ten_daily\u003C\u002Fcode> database tables (table prefix may vary).\u003C\u002Fp>\n\u003Cp>You are responsible for ensuring GDPR compliance on your website.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Top 10 is available for translation on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Ftop-10\" rel=\"nofollow ugc\">WordPress.org\u003C\u002Fa>.\u003Cbr \u002F>\nSee the \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fpolyglots\u002Fhandbook\u002Frosetta\u002Ftheme-plugin-directories\u002F\" rel=\"nofollow ugc\">Translator Handbook\u003C\u002Fa> to contribute.\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>Top 10 is developed openly on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebberzone\u002Ftop-10\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003Cbr \u002F>\nFork the project and submit pull requests for bug fixes or improvements. Please do not use GitHub for support requests.\u003C\u002Fp>\n\u003Ch3>Other WebberZone Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontextual-related-posts\u002F\" rel=\"ugc\">Contextual Related Posts\u003C\u002Fa> – Display related posts on your WordPress site and feeds\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-search\u002F\" rel=\"ugc\">Better Search\u003C\u002Fa> – Enhance WordPress search with relevance-based results\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fknowledgebase\u002F\" rel=\"ugc\">Knowledge Base\u003C\u002Fa> – Create a knowledge base or FAQ section\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadd-to-all\u002F\" rel=\"ugc\">WebberZone Snippetz\u003C\u002Fa> – Manage custom HTML, CSS, and JavaScript snippets\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautoclose\u002F\" rel=\"ugc\">Auto-Close\u003C\u002Fa> – Automatically close comments, pingbacks, and trackbacks\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpopular-authors\u002F\" rel=\"ugc\">Popular Authors\u003C\u002Fa> – Display popular authors widgets. Addon for Top 10.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwhere-did-they-go-from-here\u002F\" rel=\"ugc\">Followed Posts\u003C\u002Fa> – Show related posts based on reader journeys\u003C\u002Fli>\n\u003C\u002Ful>\n","Track post views and page views, and display popular posts and trending content on your WordPress site.",20000,1219295,92,100,"2026-02-21T11:06:00.000Z","6.9.4","6.6","7.4",[20,21,22,23,24],"most-viewed-posts","page-views","popular-posts","popular-posts-widget","post-views","https:\u002F\u002Fwebberzone.com\u002Fplugins\u002Ftop-10\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-10.4.2.1.zip",94,10,0,"2025-05-07 00:00:00","2026-03-15T15:16:48.613Z",[33,49,64,78,87,99,106,117,128,143],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-47509","top-10-authenticated-contributor-stored-cross-site-scripting","Top 10 \u003C= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Top 10 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=4.1.0","4.1.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-05-13 14:32:20",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1e08ab05-748a-440f-b4ce-b58554cbc9e4?source=api-prod",7,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2023-47238","top-10-cross-site-request-forgery-via-editcountajax","Top 10 \u003C= 3.3.2 - Cross-Site Request Forgery via edit_count_ajax","The Top 10  – WordPress Popular posts by WebberZone plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the 'edit_count_ajax' function. This makes it possible for unauthenticated attackers to edit post counts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=3.3.2","3.3.3",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-11-03 00:00:00","2024-08-06 13:56:43",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e7d3bf0-1860-45b0-b928-2291b0f98902?source=api-prod",278,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":41,"cvss_score":56,"cvss_vector":71,"vuln_type":72,"published_date":73,"updated_date":74,"references":75,"days_to_patch":77},"WF-cbff7ec1-535d-43bf-be61-83a1e7625c77-top-10","top-10-popular-posts-plugin-for-wordpress-missing-authorization-on-tptnchartdata","Top 10 – Popular posts plugin for WordPress \u003C= 3.2.4 - Missing Authorization on tptn_chart_data","The Top 10 – Popular posts plugin for WordPress is vulnerable to insufficient access control in the 'tptn_chart_data' AJAX action in versions up to, and including, 3.2.4. This allows authenticated attackers to access chart data granted they can access the admin dashboard and retrieve the nonce used for access control.","\u003C=3.2.4","3.2.5","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Missing Authorization","2023-02-22 00:00:00","2024-01-22 19:56:02",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcbff7ec1-535d-43bf-be61-83a1e7625c77?source=api-prod",335,{"id":79,"url_slug":80,"title":81,"description":82,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":41,"cvss_score":83,"cvss_vector":84,"vuln_type":44,"published_date":73,"updated_date":74,"references":85,"days_to_patch":77},"CVE-2023-26008","top-10-popular-posts-plugin-authenticatedadmin-stored-cross-site-scripting","Top 10 – Popular posts plugin - \u003C= 3.2.4 - Authenticated(Admin+) Stored Cross-Site Scripting","The Top 10 – Popular posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N",[86],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff50f1e64-5015-4e40-912e-92a4f16e1398?source=api-prod",{"id":88,"url_slug":89,"title":90,"description":91,"plugin_slug":4,"theme_slug":38,"affected_versions":92,"patched_in_version":93,"severity":41,"cvss_score":56,"cvss_vector":94,"vuln_type":72,"published_date":95,"updated_date":74,"references":96,"days_to_patch":98},"CVE-2023-25993","top-10-popular-posts-plugin-for-wordpress-missing-authorization-on-tptnajaxclearcache","Top 10 – Popular posts plugin for WordPress \u003C= 3.2.3 - Missing Authorization on tptn_ajax_clearcache","The Top 10 – Popular posts plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the tptn_ajax_clearcache function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.","\u003C=3.2.3","3.2.4","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2023-02-20 00:00:00",[97],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F14e832ec-7181-44d9-8d26-2f77e6111763?source=api-prod",337,{"id":100,"url_slug":101,"title":102,"description":103,"plugin_slug":4,"theme_slug":38,"affected_versions":92,"patched_in_version":93,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":95,"updated_date":74,"references":104,"days_to_patch":98},"WF-5c7edfad-b45b-4297-876d-a063e02af0bf-top-10","top-10-popular-posts-plugin-for-wordpress-cross-site-request-forgery-via-tptnajaxclearcache","Top 10 – Popular posts plugin for WordPress \u003C= 3.2.3 - Cross-Site Request Forgery via tptn_ajax_clearcache","The Top 10 – Popular posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on the tptn_ajax_clearcache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",[105],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5c7edfad-b45b-4297-876d-a063e02af0bf?source=api-prod",{"id":107,"url_slug":108,"title":109,"description":110,"plugin_slug":4,"theme_slug":38,"affected_versions":111,"patched_in_version":112,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":113,"updated_date":74,"references":114,"days_to_patch":116},"CVE-2022-4570","top-10-popular-posts-plugin-for-wordpress-authenticated-contributor-stored-cross-site-scripting-via-blocks","Top 10 – Popular posts plugin for WordPress \u003C= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks","The Top 10 – Popular posts plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page","\u003C=3.2.2","3.2.3","2022-12-29 00:00:00",[115],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffa23a535-f290-4517-b203-86e0331f55e4?source=api-prod",390,{"id":118,"url_slug":119,"title":120,"description":121,"plugin_slug":4,"theme_slug":38,"affected_versions":122,"patched_in_version":123,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":124,"updated_date":74,"references":125,"days_to_patch":127},"CVE-2020-36761","top-10-cross-site-request-forgery-bypass","Top 10  \u003C= 2.9.4 - Cross-Site Request Forgery Bypass","The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an export of the top 10 table via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C2.9.5","2.9.5","2020-09-16 00:00:00",[126],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff0af86e4-c30b-49e2-ad6a-97a415a74d18?source=api-prod",1224,{"id":129,"url_slug":130,"title":131,"description":132,"plugin_slug":4,"theme_slug":38,"affected_versions":133,"patched_in_version":134,"severity":135,"cvss_score":136,"cvss_vector":137,"vuln_type":138,"published_date":139,"updated_date":74,"references":140,"days_to_patch":142},"WF-9b320755-1255-4331-8176-ee67d8d4873e-top-10","top-10-popular-posts-plugin-for-wordpress-sql-injection","Top 10 – Popular posts plugin for WordPress \u003C= 2.4.3 - SQL Injection","The Top 10 – Popular posts plugin for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the ‘get_results’ parameter in versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with admin level access to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C2.4.4","2.4.4","high",7.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:L","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2017-12-13 00:00:00",[141],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9b320755-1255-4331-8176-ee67d8d4873e?source=api-prod",2232,{"id":144,"url_slug":145,"title":146,"description":147,"plugin_slug":4,"theme_slug":38,"affected_versions":148,"patched_in_version":149,"severity":41,"cvss_score":150,"cvss_vector":151,"vuln_type":44,"published_date":152,"updated_date":74,"references":153,"days_to_patch":155},"WF-81437db2-252e-4031-884e-34112bc7b179-top-10","top-10-popular-posts-plugin-for-wordpress-cross-site-scripting","Top 10 – Popular posts plugin for WordPress \u003C 2.3.1 - Cross-Site Scripting","The Top 10 – Popular posts plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Scripting via the 'page' parameter in versions before 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.","\u003C2.3.1","2.3.1",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2016-07-15 00:00:00",[154],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F81437db2-252e-4031-884e-34112bc7b179?source=api-prod",2748,{"slug":157,"display_name":7,"profile_url":8,"plugin_count":158,"total_installs":159,"avg_security_score":160,"avg_patch_time_days":161,"trust_score":162,"computed_at":163},"ajay",31,89380,91,825,73,"2026-04-04T01:06:38.225Z",[165,187,205,223,245],{"slug":166,"name":167,"version":168,"author":169,"author_profile":170,"description":171,"short_description":172,"active_installs":173,"downloaded":174,"rating":175,"num_ratings":176,"last_updated":177,"tested_up_to":178,"requires_at_least":179,"requires_php":180,"tags":181,"homepage":184,"download_link":185,"security_score":186,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-most-popular","WP Most Popular","0.3.1","MattGeri","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattgeri\u002F","\u003Cp>WP Most Popular was born out of frustration in finding a decent plugin which performs one simple task and that is to rank your most popular blog posts.\u003C\u002Fp>\n\u003Cp>The plugin keeps a log of your most popular posts based on views and lets you display them in your blog theme with custom styling. You can display popular posts from the last day, 7 days, 30 days or all time.\u003C\u002Fp>\n\u003Cp>It also comes with a sidebar widget to let you display your popular posts on your blogs sidebar.\u003C\u002Fp>\n\u003Cp>If you are a developer and integrate the plugin in to a theme, you will get a lot more flexibility out of the plugin including the ability to show the most popular custom post types etc.\u003C\u002Fp>\n\u003Cp>This plugin was built and is maintained by \u003Ca href=\"https:\u002F\u002Fwpgeeks.com\" rel=\"nofollow ugc\">WP Geeks\u003C\u002Fa>. For extra documentation, videos, snippets and support, visit the \u003Ca href=\"https:\u002F\u002Fwpgeeks.com\u002Fproduct\u002Fwp-most-popular\u002F\" rel=\"nofollow ugc\">WP Most Popular\u003C\u002Fa> product page.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>There are two ways in which you can use this plugin.\u003C\u002Fp>\n\u003Col>\n\u003Cli>As a sidebar widget\u003C\u002Fli>\n\u003Cli>Custom function in your theme files\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Using the widget is the easiest way and recommended for most users. If you are a developer and want to integrate the plugin in to your existing theme, then read the information below.\u003C\u002Fp>\n\u003Cp>Firstly, the main function which you will need to include in your theme to fetch the popular posts is called \u003Ccode>wp_most_popular_get_popular()\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>You can pass that function the following parameters in array form:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>limit\u003C\u002Fstrong> (integer)\n\u003Cul>\n\u003Cli>The number of posts you would like to display i.e. 5\u003C\u002Fli>\n\u003Cli>Default: 5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>post_type\u003C\u002Fstrong> (string) \u002F (array)\n\u003Cul>\n\u003Cli>The post type you would like to display\u003C\u002Fli>\n\u003Cli>Example: post\u003C\u002Fli>\n\u003Cli>Default: All post types\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>range\u003C\u002Fstrong> (string)\n\u003Cul>\n\u003Cli>In what date range would you like to display popular posts in\u003C\u002Fli>\n\u003Cli>Accepted: all_time, monthly, weekly, daily\u003C\u002Fli>\n\u003Cli>Default: all_time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Those are the current parameters that the plugin supports. Let’s look at an example of how to display the most recent popular posts in a unordered list.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\necho '\u003Cul>';\n$posts = wp_most_popular_get_popular( array( 'limit' => 10, 'post_type' => 'post', 'range' => 'all_time' ) );\nglobal $post;\nif ( count( $posts ) > 0 ): foreach ( $posts as $post ):\n    setup_postdata( $post );\n    ?>\n    \u003Cli>\u003Ca href=\"\u003C?php the_permalink() ?>\" title=\"\u003C?php echo esc_attr(get_the_title() ? get_the_title() : get_the_ID()); ?>\">\u003C?php if ( get_the_title() ) the_title(); else the_ID(); ?>\u003C\u002Fa>\u003C\u002Fli>\n    \u003C?php\nendforeach; endif;\necho '\u003C\u002Ful>';\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>The following filters are available to you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>wp_most_popular_list_before\u003C\u002Fstrong> – used to filter the \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cul> element of the outputted widget list\u003Cbr \u002F>\n* **wp_most_popular_list_after** – used to filter the \u003C\u002Ful>\n\u003Cp>element of the outputted widget list\u003Cbr \u002F>\n* \u003Cstrong>wp_most_popular_list_item_single\u003C\u002Fstrong> – filters for a the list item generated by the widget\u003C\u002Fp>\n\u003Ch4>Actions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>wp_most_popular_list_item\u003C\u002Fstrong> – used for modifying the list output\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Most Popular is a simple plugin which tracks your most popular blog posts based on views and lets you display them in your theme or blog sidebar.",2000,80861,98,11,"2018-08-07T11:57:00.000Z","4.9.29","3.0","5.2.4",[20,182,183,22,23],"most-viewed","popular","https:\u002F\u002Fwpgeeks.com\u002Fproduct\u002Fwp-most-popular\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-most-popular.0.3.1.zip",85,{"slug":188,"name":189,"version":190,"author":191,"author_profile":192,"description":193,"short_description":194,"active_installs":195,"downloaded":196,"rating":29,"num_ratings":29,"last_updated":197,"tested_up_to":198,"requires_at_least":199,"requires_php":200,"tags":201,"homepage":200,"download_link":204,"security_score":14,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"simple-post-view-counter","Simple Post View Counter – Clean and Fast Post View Analytics","1.0.1","Sadhan Pal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsadhanpal\u002F","\u003Cp>\u003Cstrong>Simple Post View Counter\u003C\u002Fstrong> is a lightweight yet powerful plugin to track how many times your WordPress posts are viewed.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ Automatic post view tracking (AJAX-based, works even in incognito mode)\u003C\u002Fli>\n\u003Cli>✅ Prevents double-counting on refresh\u003C\u002Fli>\n\u003Cli>✅ Built-in bot detection\u003C\u002Fli>\n\u003Cli>✅ Display views before content, after content, beside meta, or manually\u003C\u002Fli>\n\u003Cli>✅ “Most Viewed Posts” widget with customizable display\u003C\u002Fli>\n\u003Cli>✅ Shortcodes for displaying most viewed posts and individual post views\u003C\u002Fli>\n\u003Cli>✅ Admin settings page with statistics (total views, average views, top posts, etc.)\u003C\u002Fli>\n\u003Cli>✅ Views column in admin post list (sortable by views)\u003C\u002Fli>\n\u003Cli>✅ Exclude admin views from tracking\u003C\u002Fli>\n\u003Cli>✅ Works with caching plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>[post_views]\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Display view count for current post\u003Cbr \u002F>\nOptions: \u003Ccode>post_id\u003C\u002Fcode>, \u003Ccode>format=\"%s views\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[most_viewed_posts]\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Display a list of most viewed posts\u003Cbr \u002F>\nOptions: \u003Ccode>limit=\"5\"\u003C\u002Fcode>, \u003Ccode>show_count=\"yes\"\u003C\u002Fcode>, \u003Ccode>show_excerpt=\"no\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Example Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>[most_viewed_posts]\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Show top 5 posts\u003C\u002Fli>\n\u003Cli>\u003Ccode>[most_viewed_posts limit=\"10\" show_count=\"yes\"]\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Show 10 posts with view counts\u003C\u002Fli>\n\u003Cli>\u003Ccode>[post_views]\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Show current post’s view count\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Widgets\u003C\u002Fh3>\n\u003Cp>Go to \u003Cstrong>Appearance \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Widgets\u003C\u002Fstrong> and add the \u003Cstrong>Most Viewed Posts\u003C\u002Fstrong> widget to your sidebar.\u003C\u002Fp>\n\u003Ch3>Video Tutorial\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F10d_wyQn-Lk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Theme Function\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>`php\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Sadhan Pal\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n","Lightweight post view counter with a widget and shortcodes. Track post views automatically, stop double-counting, and display popular content easily.",20,876,"2025-09-14T09:25:00.000Z","6.8.5","6.7","",[20,22,202,24,203],"post-counter","view-counter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-post-view-counter.1.0.0.zip",{"slug":206,"name":207,"version":208,"author":209,"author_profile":210,"description":211,"short_description":212,"active_installs":28,"downloaded":213,"rating":14,"num_ratings":214,"last_updated":200,"tested_up_to":215,"requires_at_least":216,"requires_php":200,"tags":217,"homepage":220,"download_link":221,"security_score":14,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":222},"wp-xperts-popular-posts","WP-xPerts Popular Posts","1.2","sajid hussain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpxperts15\u002F","\u003Cp>Display Most popular posts or most viewed posts on your blog using widget in sidebar.\u003Cbr \u002F>\nPlugin offers a wide range of settings to customize the layout of your widget.\u003Cbr \u002F>\nPlugin also supports custom post types\u003C\u002Fp>\n\u003Cp>Layout Options\u003C\u002Fp>\n\u003Cul>\n\u003Cli>select post type \u003C\u002Fli>\n\u003Cli>give number of posts to show\u003C\u002Fli>\n\u003Cli>show\u002Fhide thumbnail\u003C\u002Fli>\n\u003Cli>thumbnail position top\u002Fleft\u003C\u002Fli>\n\u003Cli>show\u002Fhide post author\u003C\u002Fli>\n\u003Cli>show\u002Fhide post date\u003C\u002Fli>\n\u003Cli>show\u002Fhide post tags\u003C\u002Fli>\n\u003Cli>show\u002Fhide post categories\u003C\u002Fli>\n\u003Cli>show\u002Fhide post number of views\u003C\u002Fli>\n\u003Cli>show\u002Fhide number of views\u003C\u002Fli>\n\u003Cli>editable VIEWS text\u003C\u002Fli>\n\u003C\u002Ful>\n","Display Most popular posts or most viewed posts on your blog using widget in sidebar, it also supports custom post types",1757,1,"4.7.32","3.2",[20,218,22,23,219],"most-viewed-posts-widget","wp-most-popular-posts-widget","#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-xperts-popular-posts.zip","2026-03-15T10:48:56.248Z",{"slug":224,"name":225,"version":226,"author":227,"author_profile":228,"description":229,"short_description":230,"active_installs":173,"downloaded":231,"rating":232,"num_ratings":233,"last_updated":234,"tested_up_to":16,"requires_at_least":235,"requires_php":200,"tags":236,"homepage":242,"download_link":243,"security_score":14,"vuln_count":214,"unpatched_count":29,"last_vuln_date":244,"fetched_at":31},"wp-trending-post-slider-and-widget","Trending\u002FPopular Post Slider and Widget","1.8.6","Essential Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fessentialplugin\u002F","\u003Cp>✅ Now that you have your website ready why don’t you \u003Cstrong>download\u003C\u002Fstrong> and try out this Trending\u002FPopular Post slider to give it better functionality.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Now\u003C\u002Fstrong> and WP Trending Post Slider and Widget allow you to display the most popular posts\u002Ftrending posts on your blog by posts views or posts comments. Display your popular post in a page by shortcode or in a sidebar by widget with desired time range.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Now\u003C\u002Fstrong> this Trending\u002FPopular Post slider because It is proven that Trending Post sliders have been a powerful tool to present your content in a very neat manner with the help of fancy sliders and customized designs.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.essentialplugin.com\u002Ftrending-post-demo\u002F?utm_source=WP&utm_medium=Trending-Popular&utm_campaign=Read-Me\" rel=\"nofollow ugc\">FREE DEMO\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdemo.essentialplugin.com\u002Fprodemo\u002Fpro-featured-and-trending-post\u002F?utm_source=WP&utm_medium=Trending-Popular&utm_campaign=Read-Me\" rel=\"nofollow ugc\">PRO DEMO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Your customer might like the professional and fancy vibe of your site with Trending Post sliders\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✅ This plugin displays your trending posts using :\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trending Slider (1 design)\u003C\u002Fli>\n\u003Cli>Trending Carousel (1 design)\u003C\u002Fli>\n\u003Cli>Trending Gridbox (1 design)\u003C\u002Fli>\n\u003Cli>Trending widget (1 design)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Download Now\u003C\u002Fstrong> it today and explore all the features.\u003C\u002Fp>\n\u003Cp>When you want to makeover your WordPress website theme with something extraordinary and creative, you must consider the Trending post slider.\u003C\u002Fp>\n\u003Cp>Help your website get a slide-wise display to show the custom posts. Not just eye appealing, it is also loved by visitors as they find it quite easy to locate custom posts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> After inserting shortcode or widget to site, if you are not seeing any post list then kindly visit blog\u002Fpost section on frontend. It will store the post count on the database**\u003C\u002Fp>\n\u003Cp>WP Trending Post Slider and Widget will list post based on your post views or Comment Count. Once you visit post page then plugin will automatic take that post into list.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Also added Gutenberg block support.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>✅ Here is the plugin shortcode example\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Trending Slider\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wtpsw_popular_post]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Trending Carousel\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wtpsw_carousel]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Trending gridbox\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wtpsw_gridbox]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>To display only Trending 4 post:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wtpsw_popular_post limit=\"4\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Where limit define the number of posts to display. You can use same parameter with all shortcode.\u003C\u002Fp>\n\u003Ch4>✅ Here is Template code\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php echo do_shortcode('[wtpsw_popular_post]'); ?> \n\u003C?php echo do_shortcode('[wtpsw_carousel]'); ?> \n\u003C?php echo do_shortcode('[wtpsw_gridbox]'); ?> \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>✅ Use Following Trending Slider parameters with shortcode\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[wtpsw_popular_post]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit\u003C\u002Fstrong> : [wtpsw_popular_post limit=”10″] (Display no of post in a slider)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Type\u003C\u002Fstrong> : [wtpsw_popular_post post_type=”post,page”] ( Display post list of your desired post type. )\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post List By\u003C\u002Fstrong> : [wtpsw_popular_post view_by=”views”] (Display Post list by Views or Comment count. You can use “views” OR “comment”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order\u003C\u002Fstrong> : [wtpsw_popular_post order=”DESC”] (Display post in a ascending or descending way. You can use “ASC” OR “DESC”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Date\u003C\u002Fstrong> : [wtpsw_popular_post showdate=”true”] (Display post date. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author\u003C\u002Fstrong> : [wtpsw_popular_post showauthor=”true”] (Display post author. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Content\u003C\u002Fstrong> : [wtpsw_popular_post showcontent=”true”] (Display post content. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post content words limit\u003C\u002Fstrong> : [wtpsw_popular_post words_limit=”title”] (Display number of words in a post content.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show Comment Count\u003C\u002Fstrong> : [wtpsw_popular_post show_comment_count=”true”] (Display comment count. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide empty comment count\u003C\u002Fstrong> : [wtpsw_popular_post hide_empty_comment_count=”true”] (Display comment that having 0 count. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slider Dots\u003C\u002Fstrong> : [wtpsw_popular_post dots=”true”] (Display slider dots. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slider Arrows\u003C\u002Fstrong> : [wtpsw_popular_post arrows=”true”] (Display slider arrows. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slider Speed\u003C\u002Fstrong> : [wtpsw_popular_post speed=”300″] (Controls slider speed.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Autoplay\u003C\u002Fstrong> : [wtpsw_popular_post autoplay=”false”]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Autoplay Interval\u003C\u002Fstrong> : [wtpsw_popular_post autoplayinterval=”3000″]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>extra_class\u003C\u002Fstrong> : [wtpsw_popular_post extra_class=””] (Enter extra CSS class for design customization ).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>✅ Use Following Trending Carousel parameters with shortcode\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[wtpsw_carousel]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit\u003C\u002Fstrong> : [wtpsw_carousel limit=”10″] (Display no of post in a slider)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Type\u003C\u002Fstrong> : [wtpsw_carousel post_type=”post,page”] ( Display post list of your desired post type. )\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post List By\u003C\u002Fstrong> : [wtpsw_carousel view_by=”views”] (Display Post list by Views or Comment count. You can use “views” OR “comment”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order\u003C\u002Fstrong> : [wtpsw_carousel order=”DESC”] (Display post in a ascending or descending way. You can use “ASC” OR “DESC”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Date\u003C\u002Fstrong> : [wtpsw_carousel showdate=”true”] (Display post date. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author\u003C\u002Fstrong> : [wtpsw_carousel showauthor=”true”] (Display post author. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Content\u003C\u002Fstrong> : [wtpsw_carousel showcontent=”true”] (Display post content. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post content words limit\u003C\u002Fstrong> : [wtpsw_carousel words_limit=”title”] (Display number of words in a post content.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_comment_count\u003C\u002Fstrong> : [wtpsw_carousel show_comment_count=”true”] (Display comment count. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide empty comment count\u003C\u002Fstrong> : [wtpsw_carousel hide_empty_comment_count=”true”] (Display comment that having 0 count. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>** slides to show at a time** : [wtpsw_carousel slides_to_show=”3″] (You can use 1,2,3,4,5 etc)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slides to scroll at a time\u003C\u002Fstrong> : [wtpsw_carousel slides_to_scroll=”1″] (You can use 1,2,3,4,5 etc)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slider Dots\u003C\u002Fstrong> : [wtpsw_carousel dots=”true”] (Display slider dots. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slider Arrows\u003C\u002Fstrong> : [wtpsw_carousel arrows=”true”] (Display slider arrows. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slider Speed\u003C\u002Fstrong> : [wtpsw_carousel speed=”300″] (Controls slider speed.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Autoplay\u003C\u002Fstrong> : [wtpsw_carousel autoplay=”false”]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Autoplay Interval\u003C\u002Fstrong> : [wtpsw_carousel autoplayinterval=”3000″]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>extra_class\u003C\u002Fstrong> : [wtpsw_carousel extra_class=””] (Enter extra CSS class for design customization ).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>✅ Use Following Trending Gridbox parameters with shortcode\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[wtpsw_gridbox]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit\u003C\u002Fstrong> : [wtpsw_gridbox limit=”5″] (Display no of post in a grid)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Type\u003C\u002Fstrong> : [wtpsw_gridbox post_type=”post,page”] ( Display post list of your desired post type. )\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post List By\u003C\u002Fstrong> : [wtpsw_gridbox view_by=”views”] (Display Post list by Views or Comment count. You can use “views” OR “comment”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order\u003C\u002Fstrong> : [wtpsw_gridbox order=”DESC”] (Display post in a ascending or descending way. You can use “ASC” OR “DESC”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Date\u003C\u002Fstrong> : [wtpsw_gridbox showdate=”true”] (Display post date. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author\u003C\u002Fstrong> : [wtpsw_gridbox showauthor=”true”] (Display post author. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Content Limit\u003C\u002Fstrong> : [wtpsw_gridbox words_limit=”title”] (Display number of words in a post content.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_comment_count\u003C\u002Fstrong> : [wtpsw_gridbox show_comment_count=”true”] (Display comment count. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide empty comment count\u003C\u002Fstrong> : [wtpsw_gridbox hide_empty_comment_count=”true”] (Display comment that having 0 count. You can use “true” OR “false”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>extra_class\u003C\u002Fstrong> : [wtpsw_gridbox extra_class=””] (Enter extra CSS class for design customization ).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>✅ \u003Cstrong>Checkout demo for better understanding\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.essentialplugin.com\u002Ftrending-post-demo\u002F?utm_source=WP&utm_medium=Trending-Popular&utm_campaign=Read-Me\" rel=\"nofollow ugc\">FREE DEMO\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdemo.essentialplugin.com\u002Fprodemo\u002Fpro-featured-and-trending-post\u002F?utm_source=WP&utm_medium=Trending-Popular&utm_campaign=Read-Me\" rel=\"nofollow ugc\">PRO DEMO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Essential Plugin Bundle Deal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.essentialplugin.com\u002Fpricing\u002F?utm_source=WP&utm_medium=Trending-Popular&utm_campaign=Read-Me\" rel=\"nofollow ugc\">Annual or Lifetime Bundle Deal\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Why Use WP Trending Post Slider and Widget Plugin?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Also work with Gutenberg shortcode block.\u003C\u002Fli>\n\u003Cli>WP Trending Post Slider and Widget Plugin is made with WordPress standard.\u003C\u002Fli>\n\u003Cli>This plugin helps you to display popular post, trending post, what’s hot on your site in a easy way.\u003C\u002Fli>\n\u003Cli>WP Trending Post Slider and Widget Plugin, when used effectively, is a great tool to attract your blogs visitors!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>✅ Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added Gutenberg block support.\u003C\u002Fli>\n\u003Cli>Trending post slider\u003C\u002Fli>\n\u003Cli>Trending post carousel\u003C\u002Fli>\n\u003Cli>Trending post gridbox\u003C\u002Fli>\n\u003Cli>Trending post Widget\u003C\u002Fli>\n\u003Cli>Easy to add.\u003C\u002Fli>\n\u003Cli>Also work with Gutenberg shortcode block. \u003C\u002Fli>\n\u003Cli>Elementor, Beaver and SiteOrigin Page Builder Native Support (New).\u003C\u002Fli>\n\u003Cli>Divi Page Builder Native Support (New).\u003C\u002Fli>\n\u003Cli>Fusion Page Builder (Avada) Native Support (New).\u003C\u002Fli>\n\u003Cli>Responsive.\u003C\u002Fli>\n\u003Cli>You can create multiple testimonial slider with different options at single page or post.\u003C\u002Fli>\n\u003Cli>Fully responsive. Scales with its container.\u003C\u002Fli>\n\u003Cli>100% Multi Language.\u003C\u002Fli>\n\u003C\u002Ful>\n","A quick, easy way to add Popular\u002FTrending posts slider, grid block and widget. Also work with Gutenberg shortcode block.",146164,84,24,"2026-02-20T19:39:00.000Z","4.0",[237,238,239,240,241],"daily-popular-post-views","popular-posts-slider","popular-trending-posts-carousel","popular-trending-posts-widget","trending-posts-slider","https:\u002F\u002Fessentialplugin.com\u002Fwordpress-plugin\u002Ftrending-post-slider-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-trending-post-slider-and-widget.1.8.6.zip","2023-03-30 00:00:00",{"slug":246,"name":247,"version":248,"author":249,"author_profile":250,"description":251,"short_description":252,"active_installs":173,"downloaded":253,"rating":14,"num_ratings":254,"last_updated":255,"tested_up_to":16,"requires_at_least":256,"requires_php":257,"tags":258,"homepage":262,"download_link":263,"security_score":175,"vuln_count":264,"unpatched_count":29,"last_vuln_date":265,"fetched_at":31},"wpecounter","WP Views Counter","2.1.3","etruel","https:\u002F\u002Fprofiles.wordpress.org\u002Fetruel\u002F","\u003Cp>\u003Cstrong>WP Views Counter\u003C\u002Fstrong> is a lightweight, high-performance plugin that accurately tracks and displays post, page, and custom post type views — directly in the WordPress admin, via shortcode, or with a Gutenberg block.\u003C\u002Fp>\n\u003Cp>Built for bloggers, marketers, store owners, and developers, it works seamlessly across all post types — including WooCommerce and Easy Digital Downloads — with minimal impact on your site’s speed. No external scripts. No unnecessary bloat.\u003C\u002Fp>\n\u003Cp>This plugin does one job and does it exceptionally well: it tells you which content is getting the most attention.\u003C\u002Fp>\n\u003Ch4>Key Benefits\u003C\u002Fh4>\n\u003Cp>✅ \u003Cstrong>Accurate view counts\u003C\u002Fstrong> in admin columns, shortcode, or block\u003Cbr \u002F>\n✅ \u003Cstrong>Metabox per post\u003C\u002Fstrong> with real-time views and reset button\u003Cbr \u002F>\n✅ \u003Cstrong>Exclude views from logged-in users or specific roles\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Fully AJAX-powered\u003C\u002Fstrong> — no page reloads or slowdowns\u003Cbr \u002F>\n✅ \u003Cstrong>Works with all post types\u003C\u002Fstrong>, including EDD and WooCommerce\u003Cbr \u002F>\n✅ \u003Cstrong>Block to display popular posts\u003C\u002Fstrong> — no legacy widgets required\u003Cbr \u002F>\n✅ \u003Cstrong>Developer-friendly and fully translatable\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Import views from other plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Whether you’re optimizing your content strategy or simply want to know what’s working, \u003Cstrong>WP Views Counter\u003C\u002Fstrong> is the simple and effective alternative to bloated analytics plugins.\u003C\u002Fp>\n\u003Cp>📦 Start tracking your most popular content today — with clarity, speed and control.\u003C\u002Fp>\n\u003Cp>💡 Developer-friendly: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FEtruel-Developments\u002Fwpecounter\u002Fissues\" rel=\"nofollow ugc\">Contribute on GitHub\u003C\u002Fa> — forks and pull requests welcome.\u003C\u002Fp>\n","Fast, lightweight post views counter. Display views in admin, blocks or shortcodes — no tracking scripts required.",41916,5,"2025-12-19T18:09:00.000Z","3.1","7.0",[259,260,22,24,261],"ajax-counter","analytics","views-counter","https:\u002F\u002Fetruel.com\u002Fdownloads\u002Fwpecounter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpecounter.2.1.3.zip",2,"2025-12-14 00:00:00",{"attackSurface":267,"codeSignals":417,"taintFlows":626,"riskAssessment":842,"analyzedAt":852},{"hooks":268,"ajaxHandlers":381,"restRoutes":401,"shortcodes":402,"cronEvents":410,"entryPointCount":48,"unprotectedCount":29},[269,274,277,282,286,289,294,298,303,307,310,315,317,319,321,324,327,329,332,334,337,339,341,343,347,352,357,362,367,370,374,378],{"type":270,"name":271,"callback":271,"file":272,"line":273},"filter","wp_dashboard_setup","includes\\admin\\class-dashboard-widgets.php",29,{"type":270,"name":275,"callback":275,"file":272,"line":276},"wp_network_dashboard_setup",30,{"type":278,"name":279,"callback":279,"file":280,"line":281},"action","admin_menu","includes\\admin\\class-dashboard.php",39,{"type":278,"name":283,"callback":283,"priority":284,"file":280,"line":285},"network_admin_menu",9,40,{"type":278,"name":287,"callback":287,"file":280,"line":288},"admin_enqueue_scripts",41,{"type":278,"name":290,"callback":291,"file":292,"line":293},"tptn_activate","trigger_wizard_on_activation","includes\\admin\\class-settings-wizard.php",56,{"type":278,"name":295,"callback":296,"file":292,"line":297},"admin_init","register_wizard_notice",57,{"type":278,"name":299,"callback":300,"file":301,"line":302},"tptn_admin_import_export_tab_content","render_page","includes\\admin\\class-wpp-importer.php",32,{"type":278,"name":304,"callback":305,"file":301,"line":306},"admin_post_top_ten_import_wpp","handle_import_request",34,{"type":278,"name":287,"callback":287,"file":308,"line":309},"includes\\admin\\network\\class-admin.php",66,{"type":270,"name":311,"callback":312,"priority":28,"file":313,"line":314},"set-screen-option","set_screen","includes\\admin\\network\\class-statistics.php",43,{"type":278,"name":283,"callback":283,"file":313,"line":316},44,{"type":278,"name":287,"callback":287,"file":313,"line":318},45,{"type":278,"name":287,"callback":287,"file":320,"line":175},"includes\\admin\\settings\\class-metabox-api.php",{"type":278,"name":322,"callback":322,"file":320,"line":323},"add_meta_boxes",99,{"type":278,"name":279,"callback":279,"priority":176,"file":325,"line":326},"includes\\admin\\settings\\class-settings-api.php",178,{"type":278,"name":295,"callback":295,"file":325,"line":328},179,{"type":270,"name":330,"callback":330,"file":325,"line":331},"admin_footer_text",180,{"type":278,"name":287,"callback":287,"file":325,"line":333},181,{"type":270,"name":335,"callback":335,"file":325,"line":336},"admin_body_class",182,{"type":278,"name":279,"callback":279,"file":338,"line":331},"includes\\admin\\settings\\class-settings-wizard-api.php",{"type":278,"name":295,"callback":340,"file":338,"line":333},"process_step",{"type":278,"name":287,"callback":342,"file":338,"line":336},"enqueue_scripts",{"type":278,"name":344,"callback":345,"file":338,"line":346},"admin_head","hide_completed_wizard_submenu",242,{"type":278,"name":348,"callback":349,"file":350,"line":351},"init","init_admin","includes\\class-main.php",171,{"type":278,"name":353,"callback":354,"file":355,"line":356},"switch_blog","wz_switch_site_rewrite","includes\\frontend\\class-display.php",164,{"type":270,"name":358,"callback":359,"file":360,"line":361},"cron_schedules","wz_more_recurrences","includes\\wz-pluggables.php",36,{"type":270,"name":363,"callback":364,"file":365,"line":366},"plugin_icon","anonymous","load-freemius.php",48,{"type":270,"name":368,"callback":364,"file":365,"line":369},"after_uninstall",49,{"type":278,"name":371,"callback":364,"priority":28,"file":372,"line":373},"activated_plugin","top-10.php",127,{"type":278,"name":375,"callback":376,"file":372,"line":377},"admin_notices","closure",132,{"type":278,"name":379,"callback":364,"file":372,"line":380},"plugins_loaded",193,[382,388,392,396,399],{"action":383,"nopriv":384,"callback":385,"hasNonce":386,"hasCapCheck":386,"file":280,"line":387},"tptn_chart_data",false,"get_chart_data",true,42,{"action":389,"nopriv":384,"callback":390,"hasNonce":386,"hasCapCheck":386,"file":301,"line":391},"top_ten_import_wpp","process_ajax_import",33,{"action":393,"nopriv":384,"callback":393,"hasNonce":384,"hasCapCheck":386,"file":394,"line":395},"tptn_tags_search","includes\\options-api.php",353,{"action":397,"nopriv":384,"callback":397,"hasNonce":384,"hasCapCheck":386,"file":360,"line":398},"wz_tags_search",216,{"action":397,"nopriv":386,"callback":397,"hasNonce":384,"hasCapCheck":386,"file":360,"line":400},217,[],[403,407],{"tag":404,"callback":404,"file":405,"line":406},"tptn_list","includes\\frontend\\class-shortcodes.php",27,{"tag":408,"callback":408,"file":405,"line":409},"tptn_views",28,[411,415],{"hook":412,"callback":412,"file":413,"line":414},"tptn_cron_hook","includes\\admin\\class-cron.php",69,{"hook":412,"callback":412,"file":413,"line":416},72,{"dangerousFunctions":418,"sqlUsage":419,"outputEscaping":485,"fileOperations":618,"externalRequests":214,"nonceChecks":619,"capabilityChecks":620,"bundledLibraries":621},[],{"prepared":420,"raw":158,"locations":421},118,[422,426,430,432,434,436,437,439,441,443,444,446,447,449,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,483,484],{"file":423,"line":424,"context":425},"includes\\admin\\class-statistics-table.php",225,"$wpdb->get_var() with variable interpolation",{"file":427,"line":428,"context":429},"includes\\admin\\class-tools-page.php",298,"$wpdb->query() with variable interpolation",{"file":427,"line":431,"context":429},301,{"file":427,"line":433,"context":429},304,{"file":427,"line":435,"context":429},305,{"file":427,"line":395,"context":429},{"file":427,"line":438,"context":429},354,{"file":427,"line":440,"context":429},357,{"file":427,"line":442,"context":429},358,{"file":427,"line":116,"context":429},{"file":427,"line":445,"context":429},391,{"file":301,"line":428,"context":425},{"file":301,"line":448,"context":425},299,{"file":450,"line":451,"context":425},"includes\\class-database.php",266,{"file":450,"line":453,"context":425},294,{"file":450,"line":455,"context":425},314,{"file":450,"line":457,"context":425},342,{"file":450,"line":459,"context":425},591,{"file":450,"line":461,"context":425},595,{"file":450,"line":463,"context":425},614,{"file":450,"line":465,"context":425},616,{"file":450,"line":467,"context":429},706,{"file":450,"line":469,"context":429},708,{"file":450,"line":471,"context":429},714,{"file":450,"line":473,"context":429},718,{"file":450,"line":475,"context":429},725,{"file":450,"line":477,"context":429},734,{"file":450,"line":479,"context":429},791,{"file":481,"line":482,"context":429},"uninstaller.php",23,{"file":481,"line":233,"context":429},{"file":481,"line":309,"context":429},{"escaped":486,"rawEcho":487,"locations":488},611,62,[489,492,494,496,498,500,502,504,506,509,511,513,515,516,518,520,522,524,526,528,530,533,535,537,539,541,543,545,547,549,551,553,555,557,559,561,563,565,567,570,572,575,577,579,582,584,585,587,589,590,593,596,599,601,603,606,608,609,611,613,615,617],{"file":272,"line":490,"context":491},231,"raw output",{"file":272,"line":493,"context":491},241,{"file":272,"line":495,"context":491},250,{"file":272,"line":497,"context":491},259,{"file":272,"line":499,"context":491},295,{"file":280,"line":501,"context":491},130,{"file":280,"line":503,"context":491},186,{"file":280,"line":505,"context":491},362,{"file":507,"line":508,"context":491},"includes\\admin\\class-import-export.php",255,{"file":507,"line":510,"context":491},603,{"file":423,"line":512,"context":491},644,{"file":427,"line":514,"context":491},184,{"file":427,"line":398,"context":491},{"file":427,"line":517,"context":491},281,{"file":427,"line":519,"context":491},512,{"file":427,"line":521,"context":491},541,{"file":320,"line":523,"context":491},258,{"file":325,"line":525,"context":491},986,{"file":325,"line":527,"context":491},1022,{"file":325,"line":529,"context":491},1089,{"file":531,"line":532,"context":491},"includes\\admin\\settings\\class-settings-form.php",166,{"file":531,"line":534,"context":491},214,{"file":531,"line":536,"context":491},292,{"file":531,"line":538,"context":491},346,{"file":531,"line":540,"context":491},400,{"file":531,"line":542,"context":491},440,{"file":531,"line":544,"context":491},483,{"file":531,"line":546,"context":491},535,{"file":531,"line":548,"context":491},575,{"file":531,"line":550,"context":491},619,{"file":531,"line":552,"context":491},676,{"file":531,"line":554,"context":491},730,{"file":531,"line":556,"context":491},765,{"file":531,"line":558,"context":491},793,{"file":531,"line":560,"context":491},820,{"file":531,"line":562,"context":491},845,{"file":531,"line":564,"context":491},945,{"file":338,"line":566,"context":491},854,{"file":568,"line":569,"context":491},"includes\\class-counter.php",155,{"file":568,"line":571,"context":491},433,{"file":573,"line":574,"context":491},"includes\\class-tracker.php",226,{"file":355,"line":576,"context":491},495,{"file":578,"line":316,"context":491},"includes\\frontend\\class-styles-handler.php",{"file":580,"line":581,"context":491},"includes\\frontend\\feed-rss2-popular-posts.php",63,{"file":580,"line":583,"context":491},77,{"file":580,"line":13,"context":491},{"file":580,"line":586,"context":491},112,{"file":580,"line":588,"context":491},123,{"file":580,"line":501,"context":491},{"file":591,"line":592,"context":491},"includes\\frontend\\widgets\\class-count-widget.php",114,{"file":594,"line":595,"context":491},"includes\\frontend\\widgets\\class-posts-widget.php",324,{"file":597,"line":598,"context":491},"includes\\functions.php",124,{"file":394,"line":600,"context":491},350,{"file":360,"line":602,"context":491},213,{"file":604,"line":605,"context":491},"test-tools\\class-tracker-benchmark.php",137,{"file":604,"line":607,"context":491},264,{"file":604,"line":517,"context":491},{"file":604,"line":610,"context":491},474,{"file":604,"line":612,"context":491},477,{"file":604,"line":614,"context":491},526,{"file":604,"line":616,"context":491},528,{"file":604,"line":521,"context":491},3,22,35,[622],{"name":623,"version":624,"knownCves":625},"Freemius","1.0",[],[627,644,661,671,680,689,702,714,725,733,744,752,761,777,789,797,807,816,824,834],{"entryPoint":628,"graph":629,"unsanitizedCount":264,"severity":41},"extra_tablenav (includes\\admin\\class-statistics-table.php:595)",{"nodes":630,"edges":642},[631,636],{"id":632,"type":633,"label":634,"file":423,"line":635},"n0","source","$_REQUEST (x2)",605,{"id":637,"type":638,"label":639,"file":423,"line":640,"wp_function":641},"n1","sink","echo() [XSS]",606,"echo",[643],{"from":632,"to":637,"sanitized":384},{"entryPoint":645,"graph":646,"unsanitizedCount":264,"severity":41},"hidden_inputs (includes\\admin\\network\\class-statistics.php:149)",{"nodes":647,"edges":658},[648,651,652,656],{"id":632,"type":633,"label":649,"file":313,"line":650},"$_REQUEST['orderby']",151,{"id":637,"type":638,"label":639,"file":313,"line":650,"wp_function":641},{"id":653,"type":633,"label":654,"file":313,"line":655},"n2","$_REQUEST['order']",154,{"id":657,"type":638,"label":639,"file":313,"line":655,"wp_function":641},"n3",[659,660],{"from":632,"to":637,"sanitized":384},{"from":653,"to":657,"sanitized":384},{"entryPoint":662,"graph":663,"unsanitizedCount":29,"severity":670},"render_page (includes\\admin\\class-dashboard.php:50)",{"nodes":664,"edges":668},[665,666],{"id":632,"type":633,"label":634,"file":280,"line":297},{"id":637,"type":638,"label":639,"file":280,"line":667,"wp_function":641},75,[669],{"from":632,"to":637,"sanitized":386},"low",{"entryPoint":672,"graph":673,"unsanitizedCount":29,"severity":670},"get_chart_data (includes\\admin\\class-dashboard.php:343)",{"nodes":674,"edges":678},[675,677],{"id":632,"type":633,"label":676,"file":280,"line":395},"$_REQUEST",{"id":637,"type":638,"label":639,"file":280,"line":505,"wp_function":641},[679],{"from":632,"to":637,"sanitized":386},{"entryPoint":681,"graph":682,"unsanitizedCount":29,"severity":670},"\u003Cclass-dashboard> (includes\\admin\\class-dashboard.php:0)",{"nodes":683,"edges":687},[684,686],{"id":632,"type":633,"label":685,"file":280,"line":297},"$_REQUEST (x3)",{"id":637,"type":638,"label":639,"file":280,"line":667,"wp_function":641},[688],{"from":632,"to":637,"sanitized":386},{"entryPoint":690,"graph":691,"unsanitizedCount":29,"severity":670},"import_tables (includes\\admin\\class-import-export.php:400)",{"nodes":692,"edges":700},[693,696],{"id":632,"type":633,"label":694,"file":507,"line":695},"$_FILES",461,{"id":637,"type":638,"label":697,"file":507,"line":698,"wp_function":699},"fopen() [File Access]",472,"fopen",[701],{"from":632,"to":637,"sanitized":386},{"entryPoint":703,"graph":704,"unsanitizedCount":29,"severity":670},"process_settings_import (includes\\admin\\class-import-export.php:612)",{"nodes":705,"edges":712},[706,708],{"id":632,"type":633,"label":694,"file":507,"line":707},633,{"id":637,"type":638,"label":709,"file":507,"line":710,"wp_function":711},"file_get_contents() [SSRF\u002FLFI]",640,"file_get_contents",[713],{"from":632,"to":637,"sanitized":386},{"entryPoint":715,"graph":716,"unsanitizedCount":29,"severity":670},"\u003Cclass-import-export> (includes\\admin\\class-import-export.php:0)",{"nodes":717,"edges":722},[718,719,720,721],{"id":632,"type":633,"label":694,"file":507,"line":695},{"id":637,"type":638,"label":697,"file":507,"line":698,"wp_function":699},{"id":653,"type":633,"label":694,"file":507,"line":707},{"id":657,"type":638,"label":709,"file":507,"line":710,"wp_function":711},[723,724],{"from":632,"to":637,"sanitized":386},{"from":653,"to":657,"sanitized":386},{"entryPoint":726,"graph":727,"unsanitizedCount":29,"severity":670},"\u003Cclass-statistics-table> (includes\\admin\\class-statistics-table.php:0)",{"nodes":728,"edges":731},[729,730],{"id":632,"type":633,"label":634,"file":423,"line":635},{"id":637,"type":638,"label":639,"file":423,"line":640,"wp_function":641},[732],{"from":632,"to":637,"sanitized":386},{"entryPoint":734,"graph":735,"unsanitizedCount":29,"severity":670},"render_page (includes\\admin\\class-statistics.php:105)",{"nodes":736,"edges":742},[737,740],{"id":632,"type":633,"label":676,"file":738,"line":739},"includes\\admin\\class-statistics.php",109,{"id":637,"type":638,"label":639,"file":738,"line":741,"wp_function":641},121,[743],{"from":632,"to":637,"sanitized":386},{"entryPoint":745,"graph":746,"unsanitizedCount":29,"severity":670},"\u003Cclass-statistics> (includes\\admin\\class-statistics.php:0)",{"nodes":747,"edges":750},[748,749],{"id":632,"type":633,"label":676,"file":738,"line":739},{"id":637,"type":638,"label":639,"file":738,"line":741,"wp_function":641},[751],{"from":632,"to":637,"sanitized":386},{"entryPoint":753,"graph":754,"unsanitizedCount":29,"severity":670},"render_page (includes\\admin\\network\\class-statistics.php:95)",{"nodes":755,"edges":759},[756,757],{"id":632,"type":633,"label":676,"file":313,"line":323},{"id":637,"type":638,"label":639,"file":313,"line":758,"wp_function":641},111,[760],{"from":632,"to":637,"sanitized":386},{"entryPoint":762,"graph":763,"unsanitizedCount":264,"severity":670},"\u003Cclass-statistics> (includes\\admin\\network\\class-statistics.php:0)",{"nodes":764,"edges":773},[765,766,767,768,769,771],{"id":632,"type":633,"label":676,"file":313,"line":323},{"id":637,"type":638,"label":639,"file":313,"line":758,"wp_function":641},{"id":653,"type":633,"label":649,"file":313,"line":650},{"id":657,"type":638,"label":639,"file":313,"line":650,"wp_function":641},{"id":770,"type":633,"label":654,"file":313,"line":655},"n4",{"id":772,"type":638,"label":639,"file":313,"line":655,"wp_function":641},"n5",[774,775,776],{"from":632,"to":637,"sanitized":386},{"from":653,"to":657,"sanitized":384},{"from":770,"to":772,"sanitized":384},{"entryPoint":778,"graph":779,"unsanitizedCount":29,"severity":670},"save (includes\\admin\\settings\\class-metabox-api.php:148)",{"nodes":780,"edges":787},[781,783],{"id":632,"type":633,"label":782,"file":320,"line":326},"$_POST",{"id":637,"type":638,"label":784,"file":320,"line":785,"wp_function":786},"call_user_func() [RCE]",198,"call_user_func",[788],{"from":632,"to":637,"sanitized":386},{"entryPoint":790,"graph":791,"unsanitizedCount":29,"severity":670},"\u003Cclass-metabox-api> (includes\\admin\\settings\\class-metabox-api.php:0)",{"nodes":792,"edges":795},[793,794],{"id":632,"type":633,"label":782,"file":320,"line":326},{"id":637,"type":638,"label":784,"file":320,"line":785,"wp_function":786},[796],{"from":632,"to":637,"sanitized":386},{"entryPoint":798,"graph":799,"unsanitizedCount":29,"severity":670},"\u003Cclass-settings-wizard-api> (includes\\admin\\settings\\class-settings-wizard-api.php:0)",{"nodes":800,"edges":805},[801,803],{"id":632,"type":633,"label":782,"file":338,"line":802},394,{"id":637,"type":638,"label":784,"file":338,"line":804,"wp_function":786},427,[806],{"from":632,"to":637,"sanitized":386},{"entryPoint":808,"graph":809,"unsanitizedCount":29,"severity":670},"edit_count_ajax (includes\\class-counter.php:389)",{"nodes":810,"edges":814},[811,813],{"id":632,"type":633,"label":676,"file":568,"line":812},399,{"id":637,"type":638,"label":639,"file":568,"line":571,"wp_function":641},[815],{"from":632,"to":637,"sanitized":386},{"entryPoint":817,"graph":818,"unsanitizedCount":29,"severity":670},"\u003Cclass-counter> (includes\\class-counter.php:0)",{"nodes":819,"edges":822},[820,821],{"id":632,"type":633,"label":676,"file":568,"line":812},{"id":637,"type":638,"label":639,"file":568,"line":571,"wp_function":641},[823],{"from":632,"to":637,"sanitized":386},{"entryPoint":825,"graph":826,"unsanitizedCount":29,"severity":670},"tracker_parser (includes\\class-tracker.php:241)",{"nodes":827,"edges":832},[828,830],{"id":632,"type":633,"label":782,"file":573,"line":829},243,{"id":637,"type":638,"label":639,"file":573,"line":831,"wp_function":641},252,[833],{"from":632,"to":637,"sanitized":386},{"entryPoint":835,"graph":836,"unsanitizedCount":29,"severity":670},"\u003Cclass-tracker> (includes\\class-tracker.php:0)",{"nodes":837,"edges":840},[838,839],{"id":632,"type":633,"label":782,"file":573,"line":829},{"id":637,"type":638,"label":639,"file":573,"line":831,"wp_function":641},[841],{"from":632,"to":637,"sanitized":386},{"summary":843,"deductions":844},"The 'top-10' plugin v4.2.1 demonstrates a generally strong security posture with a significant majority of SQL queries utilizing prepared statements and a high percentage of properly escaped output. The static analysis shows a robust implementation of security checks, with all identified entry points (AJAX handlers, REST API routes, shortcodes, cron events) protected by authentication or permission callbacks.  The absence of dangerous functions and critical or high severity taint flows further contributes to this positive assessment.\n\nHowever, a notable concern arises from the plugin's historical vulnerability data, which indicates a pattern of past security issues, including Cross-site Scripting (XSS), Missing Authorization, Cross-Site Request Forgery (CSRF), and SQL Injection. While there are currently no unpatched CVEs, the sheer volume and variety of past vulnerabilities (10 total) suggest a recurring need for rigorous security auditing and prompt patching. The presence of 3 flows with unsanitized paths, although not classified as critical or high severity in the current analysis, warrants attention as potential precursors to future vulnerabilities, especially given the plugin's history.\n\nIn conclusion, the 'top-10' plugin v4.2.1 has made strides in implementing secure coding practices, particularly in its handling of SQL and output. Nevertheless, its history of past vulnerabilities should not be overlooked. Continuous monitoring and timely updates remain crucial to mitigate the risks stemming from its past security incidents and to ensure the ongoing integrity of sites using this plugin.",[845,847,849],{"reason":846,"points":195},"History of 10 CVEs (1 high, 9 medium)",{"reason":848,"points":284},"3 flows with unsanitized paths",{"reason":850,"points":851},"Bundled Freemius v1.0 (outdated library likely)",4,"2026-03-16T17:34:42.348Z",{"wat":854,"direct":869},{"assetPaths":855,"generatorPatterns":861,"scriptPaths":862,"versionParams":863},[856,857,858,859,860],"\u002Fwp-content\u002Fplugins\u002Ftop-10\u002Fcss\u002Fadmin-bar.css","\u002Fwp-content\u002Fplugins\u002Ftop-10\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Ftop-10\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Ftop-10\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Ftop-10\u002Fjs\u002Fwidget.js",[],[859,860],[864,865,866,867,868],"top-10\u002Fcss\u002Fadmin-bar.css?ver=","top-10\u002Fcss\u002Fadmin.css?ver=","top-10\u002Fcss\u002Fstyles.css?ver=","top-10\u002Fjs\u002Fadmin.js?ver=","top-10\u002Fjs\u002Fwidget.js?ver=",{"cssClasses":870,"htmlComments":876,"htmlAttributes":880,"restEndpoints":884,"jsGlobals":885,"shortcodeOutput":888},[871,872,873,874,875],"tptn-widget-title","tptn-widget-post-title","tptn-posts-list","tptn-post-count","wz-admin-banner",[877,878,879],"\u003C!-- Top 10 widget -->","\u003C!-- End Top 10 widget -->","\u003C!-- end Top 10 widget -->",[881,882,883],"data-tptn-id","data-tptn-order","data-tptn-orderby",[],[886,887],"tptn_admin_ajax","tptn_admin_object",[889,890],"\u003Cdiv class=\"tptn_posts_widget\">","\u003Cdiv class=\"tptn-widget-title\">"]