Visitors Online by BestWebSoft Security & Risk Analysis
wordpress.org/plugins/visitors-onlineDisplay live count of online visitors who are currently browsing your WordPress website.
Is Visitors Online by BestWebSoft Safe to Use in 2026?
Generally Safe
Score 98/100Visitors Online by BestWebSoft has a strong security track record. Known vulnerabilities have been patched promptly.
The 'visitors-online' plugin v1.1.6 presents a moderate security risk. While it demonstrates good practices like high output escaping (97%) and a significant percentage of prepared SQL statements (51%), there are notable areas of concern. The presence of 2 unprotected entry points, specifically AJAX handlers, is a significant vulnerability, as is a critical taint flow indicating unsanitized user input that could lead to severe security issues like Cross-Site Scripting or SQL Injection. The plugin's vulnerability history, with 2 known CVEs including one critical and one medium, further underscores these risks, even though they are currently patched. The historical pattern of XSS and SQLi vulnerabilities suggests a recurring need for robust input validation and output sanitization, which is further validated by the critical taint flow. Overall, the plugin has strengths in its output handling but weaknesses in its input sanitization and authentication for certain entry points.
Key Concerns
- Unprotected AJAX handlers
- Critical severity taint flow found
- One critical unpatched CVE historically
- One medium unpatched CVE historically
- 59 total SQL queries, only 51% prepared
Visitors Online by BestWebSoft Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Visitors Online by BestWebSoft < 1.0.0 - Reflected Cross-Site Scripting
Visitors Online by BestWebSoft <= 0.3 - SQL Injection
Visitors Online by BestWebSoft Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Visitors Online by BestWebSoft Attack Surface
AJAX Handlers 5
Shortcodes 1
WordPress Hooks 23
Scheduled Events 5
Maintenance & Trust
Visitors Online by BestWebSoft Maintenance & Trust
Maintenance Signals
Community Trust
Visitors Online by BestWebSoft Alternatives
Seriously Simple Speakers
seriously-simple-speakers
Add speakers to your Seriously Simple Podcasting episodes.
Simple Visitor Counter
simple-visitor-counter-widget
The Simple Visitor Counter widget displays a daily, weekly and monthly visitor count. Count your up to date traffic safely and show your current visit …
Awesome Visitor Counter
awesome-visitor-counter
Visitor Counter Plugin to display daily, weekly and monthly visitor count. Count your traffic safely and show your visitors.
Wedding Party RSVP
wedding-party-rsvp
A simple and secure Wedding RSVP management system. Manage unlimited guests and adult meal choices.
RSVP Manager
rsvp-manager
Enhance your event management with RSVP tracking, attendee relationships and customizable labels. Perfect for managing guest lists seamlessly.
Visitors Online by BestWebSoft Developer Profile
32 plugins · 17K total installs
How We Detect Visitors Online by BestWebSoft
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/visitors-online/assets/css/visitors-online.css/wp-content/plugins/visitors-online/assets/js/visitors-online.js/wp-content/plugins/visitors-online/assets/js/visitors-online-admin.js/wp-content/plugins/visitors-online/assets/js/visitors-online.js/wp-content/plugins/visitors-online/assets/js/visitors-online-admin.jsvisitors-online/assets/css/visitors-online.css?ver=visitors-online/assets/js/visitors-online.js?ver=visitors-online/assets/js/visitors-online-admin.js?ver=HTML / DOM Fingerprints
vstrsnln-visitors-onlinedata-totaldata-usersdata-guestsdata-botsdata-max-datedata-max-total+5 morevstrsnln_settings[visitors-online][visitors-online display_settings_notice='1'][visitors-online display_settings_notice='0'][visitors-online suggest_feature_banner='1']