User stats WP Security & Risk Analysis
wordpress.org/plugins/user-stats-wpStores and displays user generated events, like logins and post edits.
Is User stats WP Safe to Use in 2026?
Generally Safe
Score 85/100User stats WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "user-stats-wp" v1.0.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of identified dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, and particularly the lack of any taint analysis findings suggest a well-written and secure codebase. The plugin also shows no recorded vulnerability history, further reinforcing its current security strength.
However, the analysis reveals a complete lack of security checks on its entry points. With zero AJAX handlers, REST API routes, shortcodes, and cron events, the plugin's attack surface is effectively zero. While this means there are no immediately exploitable vulnerabilities due to missing checks, it also means there are no authentication or authorization checks implemented at all. This absence of capability checks and nonce checks on potential entry points, if any were to be introduced in future versions, represents a significant oversight in standard WordPress security practices.
In conclusion, the plugin is currently secure due to its lack of functionality and therefore attack surface. The code itself appears to follow secure coding principles. The primary weakness lies in the absence of any security mechanisms, which, while not an issue now, could become a critical vulnerability if functionality is added without corresponding security controls. The bundled DataTables library also warrants attention for potential out-of-date issues.
Key Concerns
- Bundled outdated library: DataTables v1.10.25
- 0 Nonce checks on potential entry points
- 0 Capability checks on potential entry points
User stats WP Security Vulnerabilities
User stats WP Release Timeline
User stats WP Code Analysis
Bundled Libraries
User stats WP Attack Surface
WordPress Hooks 2
Maintenance & Trust
User stats WP Maintenance & Trust
Maintenance Signals
Community Trust
User stats WP Alternatives
Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)
burst-statistics
Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.
Statify
statify
Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.
Koko Analytics – Privacy Friendly Statistics for WordPress
koko-analytics
Koko Analytics is a privacy-friendly statistics plugin for WordPress that is an easy to use alternative to Google Analytics.
Connect Matomo – Analytics Dashboard for WordPress
wp-piwik
Adds Matomo (former Piwik) statistics to your WordPress dashboard and is also able to add the Matomo Tracking Code to your blog.
Visitor Traffic Real Time Statistics
visitors-traffic-real-time-statistics
This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.
User stats WP Developer Profile
1 plugin · 0 total installs
How We Detect User stats WP
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/user-stats-wp/assets/css/backend.css/wp-content/plugins/user-stats-wp/assets/js/backend.js/wp-content/plugins/user-stats-wp/assets/css/frontend.css/wp-content/plugins/user-stats-wp/assets/js/frontend.js/wp-content/plugins/user-stats-wp/assets/js/backend.js/wp-content/plugins/user-stats-wp/assets/js/frontend.jsuser-stats-wp/assets/css/backend.css?ver=user-stats-wp/assets/js/backend.js?ver=user-stats-wp/assets/css/frontend.css?ver=user-stats-wp/assets/js/frontend.js?ver=HTML / DOM Fingerprints
user-stats-wp-dashboard-wrapperuser-stats-wp-event-listdata-user-stats-wp-nonceuserstatswpworbee[user_stats_wp_dashboard][user_stats_wp_frontend]