Does Visitor Stats Widget have any unpatched vulnerabilities?

Yes — Visitor Stats Widget currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Visitor Stats Widget compatible with WordPress 3.2.0?

According to WordPress.org data, Visitor Stats Widget 1.5.0 has been tested up to WordPress 3.2.0. Check the plugin's changelog for the latest compatibility information.

How often is Visitor Stats Widget updated?

Visitor Stats Widget was last updated on Feb 7, 2012. Frequent updates are generally a positive security signal.

What is Visitor Stats Widget's security score?

Visitor Stats Widget has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Visitor Stats Widget Security & Risk Analysis

wordpress.org/plugins/visitor-stats-widget

Real-time stats for your wordpress site.

50 active installs v1.5.0 PHP + WP 2.0.2+ Updated Feb 7, 2012

linkspagepostpostswidget

C · Use Caution

CVEs total1

Unpatched1

Last CVEDec 29, 2025

Plugin page Download

Safety Verdict

Is Visitor Stats Widget Safe to Use in 2026?

Use With Caution

Score 63/100

Visitor Stats Widget has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 29, 2025Updated 14yr ago

Risk Assessment

The "visitor-stats-widget" v1.5.0 plugin exhibits a mixed security posture. While the static analysis indicates a positive absence of critical vulnerabilities such as dangerous functions, raw SQL queries, and unprotected entry points, significant concerns arise from output escaping and historical vulnerability data. The fact that 100% of the identified output points are not properly escaped presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website. Furthermore, the plugin has a known medium severity vulnerability related to XSS that is currently unpatched, dating from December 29, 2025. This pattern of XSS vulnerabilities, coupled with the lack of proper output escaping in the current version, suggests a recurring weakness in how the plugin handles user-supplied data for display, making it a target for script injection attacks.

Key Concerns

Unescaped output
Unpatched CVE (medium severity)

Vulnerabilities

Visitor Stats Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-68874medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Visitor Stats Widget <= 1.5.0 - Reflected Cross-Site Scripting

Dec 29, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Visitor Stats Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

vsw_options (visitor-stats-widget.php:27)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Visitor Stats Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_menuvisitor-stats-widget.php:167

actionwp_headvisitor-stats-widget.php:168

Maintenance & Trust

Visitor Stats Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.0

Last updatedFeb 7, 2012

PHP min version

Downloads39K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Visitor Stats Widget Alternatives

WebberZone Top 10 — Popular Posts

top-10

Track post views and page views, and display popular posts and trending content on your WordPress site.

20K 10 CVEs

Essential Widgets

essential-widgets

Essential Widgets is a WordPress plugin for widgets that allows you to create and add amazing widgets with high customization option

10K 2 CVEs

RaraTheme Companion

raratheme-companion

100

23 extremely useful custom widgets to create an engaging website.

10K No CVEs

Per Page Sidebars

per-page-sidebars

The Per Page Sidebars (PPS) plugin allows blog administrators to create a unique sidebar for each Page. No template editing is required.

1K No CVEs

Widget Box Lite

widget-box-lite

A toolbox of great widgets for your daily blogging. Display recent posts, social links, and much more. Designed for Theme4Press themes

1K No CVEs

Developer Profile

Visitor Stats Widget Developer Profile

Shahjada

6 plugins · 116K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

769 days

View full developer profile

Detection Fingerprints

How We Detect Visitor Stats Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/visitor-stats-widget/images/

Script Paths

http://widgets.amung.us/tab.js

HTML / DOM Fingerprints

CSS Classes

optionsoptioncontainerLoptioncontainerBoptioncontainerR

HTML Comments

//-->

Data Attributes

id="gencontent"name="t"value="left-upper"value="left-middle"value="left-lower"value="bottom-left"+5 more

JS Globals

WAU_tabjQuery

FAQ