PostViews Count & Popular Posts Widgets Security & Risk Analysis
wordpress.org/plugins/tp-postviews-count-popular-posts-widgetsTP WordPress Post Views Counter and Popular Posts Widget based on Post Views Plugin (TP WP Post Views) will help sites to add post views and show Popu …
Is PostViews Count & Popular Posts Widgets Safe to Use in 2026?
Generally Safe
Score 85/100PostViews Count & Popular Posts Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The tp-postviews-count-popular-posts-widgets plugin v1.1.1 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerabilities or CVEs, suggesting a generally stable codebase in terms of known exploits.
However, significant security concerns arise from the static analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This represents a substantial attack surface that could be exploited by unauthenticated users. Furthermore, a considerable percentage of output (92%) is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of the `create_function` dangerous function is also a red flag, as it can be exploited for code injection if used with user-supplied data.
The lack of historical vulnerabilities, while seemingly positive, combined with the current code quality issues, might indicate a lack of thorough security auditing or a recent shift in development practices. The plugin's strengths lie in its SQL practices and lack of known exploits, but these are overshadowed by the critical risks of unauthenticated AJAX endpoints and potential XSS due to unescaped output.
Key Concerns
- Unprotected AJAX handlers
- High percentage of unescaped output
- Dangerous function used (create_function)
- No capability checks on entry points
PostViews Count & Popular Posts Widgets Security Vulnerabilities
PostViews Count & Popular Posts Widgets Code Analysis
Dangerous Functions Found
Output Escaping
PostViews Count & Popular Posts Widgets Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 7
Maintenance & Trust
PostViews Count & Popular Posts Widgets Maintenance & Trust
Maintenance Signals
Community Trust
PostViews Count & Popular Posts Widgets Alternatives
Wp Post Views – WordPress Post views counter
wp-post-views
Wordpress Post views counter
Easy Post Views Count
easy-post-views-count
Add an easy post views count plugin into your site and get count views of your posts and custom post types posts like articles, news, movies etc.
Wp Post Views Counter
wp-post-views-counter
Used to post views for a single post type in wordpress it collects both unique and all returning visits for a single post as a post meta .
WP Mega
wp-mega
WP Mega is a light but powerful plugin that can replace many plugins and make your site securer, faster, and smoother. Core features: Post Views Count …
Simple Post View Count
simple-post-view-count
Track and display post view counts. Includes shortcode support, customizable settings, and view logs with CSV export.
PostViews Count & Popular Posts Widgets Developer Profile
3 plugins · 10K total installs
How We Detect PostViews Count & Popular Posts Widgets
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/tp-postviews-count-popular-posts-widgets/public/css/tppviews.css/wp-content/plugins/tp-postviews-count-popular-posts-widgets/public/js/tp_pviews.jstp_pviews_js?ver=tppviews?ver=HTML / DOM Fingerprints
tpacific-pviews-wraptp_popular_sb-tabs-wraptp_popular_sb-tabs-wrap-litp_popular_sb-post-thumbnailtp_postviewstp_postviews/wp-json/tp_postviews/[tp_postviews]