
User Login Statistics Security & Risk Analysis
wordpress.org/plugins/user-login-statTrack registered users login activity
Is User Login Statistics Safe to Use in 2026?
Generally Safe
Score 85/100User Login Statistics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "user-login-stat" plugin version 0.1 presents a mixed security profile. On the positive side, the static analysis indicates a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed. Furthermore, there are no identified dangerous functions, file operations, external HTTP requests, or bundled libraries, which are all good signs of a secure codebase. The plugin also has no known historical vulnerabilities (CVEs), which suggests a relatively clean past.
However, significant concerns arise from the lack of security checks in the code. The absence of nonce checks and capability checks is particularly worrying, especially considering that there are SQL queries being executed. Although 40% of SQL queries use prepared statements, this still leaves a portion that may not, and without proper capability checks, an authenticated user could potentially execute these queries. Moreover, only 25% of output is properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be reflected in the output without adequate sanitization.
In conclusion, while the plugin benefits from a minimal attack surface and a clean vulnerability history, the lack of fundamental security mechanisms like nonce and capability checks, coupled with insufficient output escaping, introduces notable risks. The presence of SQL queries without guaranteed authorization mechanisms is a critical weakness. Future development should prioritize implementing robust access controls and proper output sanitization to mitigate these identified vulnerabilities.
Key Concerns
- Missing nonce checks on entry points
- Missing capability checks on entry points
- Insufficient output escaping (75% unescaped)
- SQL queries not using prepared statements (60%)
User Login Statistics Security Vulnerabilities
User Login Statistics Release Timeline
User Login Statistics Code Analysis
SQL Query Safety
Output Escaping
User Login Statistics Attack Surface
WordPress Hooks 3
Maintenance & Trust
User Login Statistics Maintenance & Trust
Maintenance Signals
Community Trust
User Login Statistics Alternatives
CM Custom Reports – Flexible reporting to track what matters most
cm-custom-reports
Generate custom reports and get efficient analytics for your site with the custom reports plugin. Filter data and create tailored reports.
Smart Click Tracker
smart-click-tracker
Track clicks on any element of your WordPress site and view detailed statistics with beautiful charts.
User Stats
user-stats
User Stats provides an easy way to see at a glance stats about your users, including: post count, post views, article costs, costs per 1000 views and …
Mini Statistics
mini-statistics
This plugin is a small and simple Users Statistics and Comments Statistics plugin for WordPress.
User Registration Stats
user-registration-stats
Track and visualize your WordPress user registration statistics with daily, monthly, and yearly insights, including graphical charts and CSV export.
User Login Statistics Developer Profile
10 plugins · 420 total installs
How We Detect User Login Statistics
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
wrapwidefat