Does Visitor Traffic Real Time Statistics have any unpatched vulnerabilities?

No. All known vulnerabilities in Visitor Traffic Real Time Statistics have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Visitor Traffic Real Time Statistics compatible with WordPress 6.9.4?

According to WordPress.org data, Visitor Traffic Real Time Statistics 8.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Visitor Traffic Real Time Statistics updated?

Visitor Traffic Real Time Statistics was last updated on Feb 21, 2026. Frequent updates are generally a positive security signal.

What is Visitor Traffic Real Time Statistics's security score?

Visitor Traffic Real Time Statistics has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Visitor Traffic Real Time Statistics Security & Risk Analysis

wordpress.org/plugins/visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

40K active installs v8.5 PHP + WP 3.0.1+ Updated Feb 21, 2026

hits-counterstatisticsstats-analyticstrafficvisitor

A · Safe

CVEs total7

Unpatched0

Last CVENov 7, 2023

Download

Safety Verdict

Is Visitor Traffic Real Time Statistics Safe to Use in 2026?

Generally Safe

Score 97/100

Visitor Traffic Real Time Statistics has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Nov 7, 2023Updated 1mo ago

Risk Assessment

The "visitors-traffic-real-time-statistics" plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling (94% prepared statements) and output escaping (79%), significant concerns arise from its attack surface and historical vulnerability patterns. The presence of 4 unprotected AJAX handlers and 3 taint flows with unsanitized paths are critical weaknesses that could be exploited by attackers. The plugin's history of 7 known CVEs, with 5 high and 2 medium severity vulnerabilities, strongly indicates a recurring pattern of security oversights, particularly related to authorization and SQL injection. Although there are currently no unpatched vulnerabilities, this history suggests a potential for future exploits if these underlying issues are not addressed comprehensively. The bundled libraries, DataTables and Select2, could also pose a risk if they are outdated and contain known vulnerabilities.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Bundled libraries
Vulnerability history (high severity)
Vulnerability history (medium severity)

Vulnerabilities

Visitor Traffic Real Time Statistics Security Vulnerabilities

CVEs by Year

2 CVEs in 2019

2019

3 CVEs in 2021

2021

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

7 total CVEs

CVE-2023-47557medium · 4.3Missing Authorization

Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions

Nov 7, 2023 Patched in 7.3 (126d)

WF-c7ab5a00-ce1c-4d74-9192-c9834e2d702d-visitors-traffic-real-time-statisticsmedium · 4.3Missing Authorization

Visitor Traffic Real Time Statistics <= 6.7 - Missing Authorization to Information Disclosure

Jun 5, 2023 Patched in 6.9 (232d)

CVE-2021-24829high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Visitor Traffic Real Time Statistics <= 3.8 - Subscriber+ SQL Injection

Oct 6, 2021 Patched in 3.9 (839d)

CVE-2021-24193high · 8.8Improper Authorization

Visitor Traffic Real Time Statistics <= 2.11 - Missing Authorization to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 2.12 (1006d)

WF-ea4e9263-36f7-490c-9dad-d3b806bcfdf4-visitors-traffic-real-time-statisticshigh · 8.8Cross-Site Request Forgery (CSRF)

Visitor Traffic Real Time Statistics <= 2.13 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 3.1 (1006d)

CVE-2019-15831high · 8.8Cross-Site Request Forgery (CSRF)

Visitor Traffic Real Time Statistics <= 1.12 - Cross-Site Request Forgery

Jul 3, 2019 Patched in 1.13 (1665d)

CVE-2019-15832high · 8.8Cross-Site Request Forgery (CSRF)

Visitor Traffic Real Time Statistics <= 1.13 - Cross-Site Request Forgery

Jul 3, 2019 Patched in 1.14 (1665d)

Code Analysis

Analyzed Mar 16, 2026

Visitor Traffic Real Time Statistics Code Analysis

Dangerous Functions

Raw SQL Queries

163 prepared

Unescaped Output

271 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2

SQL Query Safety

94% prepared173 total queries

Output Escaping

79% escaped341 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

11 flows3 with unsanitized paths

ahcfree_savesettings (functions.php:654)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Visitor Traffic Real Time Statistics Attack Surface

Entry Points18

Unprotected4

AJAX Handlers 11

authwp_ajax_ahcfree_track_visitorfunctions.php:1124

noprivwp_ajax_ahcfree_track_visitorfunctions.php:1125

authwp_ajax_traffic_by_titlefunctions.php:4187

authwp_ajax_recent_visitor_by_ipfunctions.php:4251

authwp_ajax_ahcfree_get_visitor_infofunctions.php:4572

authwp_ajax_latest_search_wordsfunctions.php:4591

authwp_ajax_today_traffic_indexfunctions.php:4625

authwp_ajax_visits_time_graphfunctions.php:4658

authwp_ajax_ahcfree_get_basic_statsincludes\admin-columns.php:341

authwp_ajax_ahcfree_get_hits_by_custom_durationinit.php:81

authwp_ajax_ahcfree_HideMessageAjaxFunctionVisitors-Traffic-Real-Time-Statistics.php:206

Shortcodes 7

[ahc_stats_widget] functions.php:2

[ahc_today_visitors] functions.php:80

[ahc_today_visits] functions.php:90

[ahc_total_visitors] functions.php:99

[ahc_total_visits] functions.php:108

[ahc_yesterday_total_visits] functions.php:118

[ahc_yesterday_total_visitors] functions.php:126

WordPress Hooks 31

actionadmin_noticesfunctions.php:28

actionadmin_print_scriptsfunctions.php:626

actionwp_initialize_sitefunctions.php:1032

actionadmin_noticesfunctions.php:1092

actionadmin_initfunctions.php:1129

actionwp_enqueue_scriptsfunctions.php:1159

actionwidgets_initfunctions.php:4863

filtermanage_posts_columnsincludes\admin-columns.php:9

filtermanage_pages_columnsincludes\admin-columns.php:10

filtermanage_edit-post_sortable_columnsincludes\admin-columns.php:18

filtermanage_edit-page_sortable_columnsincludes\admin-columns.php:19

actionpre_get_postsincludes\admin-columns.php:32

actionmanage_posts_custom_columnincludes\admin-columns.php:311

actionmanage_pages_custom_columnincludes\admin-columns.php:312

actionadmin_headincludes\admin-columns.php:338

actionadmin_enqueue_scriptsinit.php:67

actionadmin_enqueue_scriptsinit.php:72

actionadmin_menuinit.php:77

actionplugins_loadedVisitors-Traffic-Real-Time-Statistics.php:31

actionplugins_loadedVisitors-Traffic-Real-Time-Statistics.php:86

actionplugins_loadedVisitors-Traffic-Real-Time-Statistics.php:87

actionahc_cleanup_eventVisitors-Traffic-Real-Time-Statistics.php:90

filterplugin_row_metaVisitors-Traffic-Real-Time-Statistics.php:207

actionwp_footerVisitors-Traffic-Real-Time-Statistics.php:214

actionadmin_footerVisitors-Traffic-Real-Time-Statistics.php:215

actionadmin_bar_menuVisitors-Traffic-Real-Time-Statistics.php:216

actionwp_enqueue_scriptsVisitors-Traffic-Real-Time-Statistics.php:217

actionadmin_enqueue_scriptsVisitors-Traffic-Real-Time-Statistics.php:218

actionwp_enqueue_scriptsVisitors-Traffic-Real-Time-Statistics.php:219

actionadmin_enqueue_scriptsVisitors-Traffic-Real-Time-Statistics.php:220

actionadmin_menuVisitors-Traffic-Real-Time-Statistics.php:224

Scheduled Events 1

ahc_cleanup_event

Maintenance & Trust

Visitor Traffic Real Time Statistics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 21, 2026

PHP min version

Downloads1.8M

Community Trust

Rating84/100

Number of ratings233

Active installs40K

Alternatives

Visitor Traffic Real Time Statistics Alternatives

WPS Visitor Counter

wps-visitor-counter

Display website visitor statistics with widget, shortcode, and Gutenberg block support.

10K 1 unpatched

Mechanic Visitor Counter

mechanic-visitor-counter

Mechanic Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include …

8K No CVEs

XT Visitor Counter

xt-visitor-counter

XT Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include Today …

7K No CVEs

WP Post Statistics (Visitors & Visits Counter)

wp-post-real-time-statistics

a simple tool to know your post statistics

2K 1 CVE

Total Views

total-views

100

Count total page views on your WordPress site and display them with a simple shortcode. Customizable label, styles, and editable page views.

0 No CVEs

Developer Profile

Visitor Traffic Real Time Statistics Developer Profile

wp-buy

13 plugins · 355K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

926 days

View full developer profile

Detection Fingerprints

How We Detect Visitor Traffic Real Time Statistics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/visitors-traffic-real-time-statistics/assets/css/heatmap.css/wp-content/plugins/visitors-traffic-real-time-statistics/assets/css/style.css/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/chart.min.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/data.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/dashboard.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/ heatmap.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/users.js

Script Paths

/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/chart.min.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/data.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/dashboard.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/ heatmap.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/users.js

Version Parameters

visitors-traffic-real-time-statistics/assets/css/heatmap.css?ver=visitors-traffic-real-time-statistics/assets/css/style.css?ver=visitors-traffic-real-time-statistics/assets/js/chart.min.js?ver=visitors-traffic-real-time-statistics/assets/js/data.js?ver=visitors-traffic-real-time-statistics/assets/js/dashboard.js?ver=visitors-traffic-real-time-statistics/assets/js/ heatmap.js?ver=visitors-traffic-real-time-statistics/assets/js/users.js?ver=

HTML / DOM Fingerprints

CSS Classes

vtrts-admin-chart-wrapper

HTML Comments

JS Globals

vtrts_chart_datavtrts_users_datavtrts_free_adminbar_chart

REST Endpoints

/wp-json/vtrts/v1/visitors/online

FAQ