WP-Safety

Visitor Traffic Real Time Statistics Security & Risk Analysis

wordpress.org/plugins/visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

30K active installs v8.6 PHP + WP 3.0.1+ Updated Mar 22, 2026
hits-counterstatisticsstats-analyticstrafficvisitor
90
A · Safe
CVEs total8
Unpatched0
Last CVEApr 3, 2026
Download
Safety Verdict

Is Visitor Traffic Real Time Statistics Safe to Use in 2026?

Generally Safe

Score 90/100

Visitor Traffic Real Time Statistics has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

8 known CVEsLast CVE: Apr 3, 2026Updated 1mo ago
Risk Assessment

The "visitors-traffic-real-time-statistics" plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling (94% prepared statements) and output escaping (79%), significant concerns arise from its attack surface and historical vulnerability patterns. The presence of 4 unprotected AJAX handlers and 3 taint flows with unsanitized paths are critical weaknesses that could be exploited by attackers. The plugin's history of 7 known CVEs, with 5 high and 2 medium severity vulnerabilities, strongly indicates a recurring pattern of security oversights, particularly related to authorization and SQL injection. Although there are currently no unpatched vulnerabilities, this history suggests a potential for future exploits if these underlying issues are not addressed comprehensively. The bundled libraries, DataTables and Select2, could also pose a risk if they are outdated and contain known vulnerabilities.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Bundled libraries
  • Vulnerability history (high severity)
  • Vulnerability history (medium severity)
Vulnerabilities
8 published

Visitor Traffic Real Time Statistics Security Vulnerabilities

CVEs by Year

2 CVEs in 2019
2019
3 CVEs in 2021
2021
2 CVEs in 2023
2023
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
6
Medium
2

8 total CVEs

CVE-2026-2936high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting

Apr 3, 2026 Patched in 8.5 (1d)
CVE-2023-47557medium · 4.3Missing Authorization

Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions

Nov 7, 2023 Patched in 7.3 (126d)
WF-c7ab5a00-ce1c-4d74-9192-c9834e2d702d-visitors-traffic-real-time-statisticsmedium · 4.3Missing Authorization

Visitor Traffic Real Time Statistics <= 6.7 - Missing Authorization to Information Disclosure

Jun 5, 2023 Patched in 6.9 (232d)
CVE-2021-24829high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Visitor Traffic Real Time Statistics <= 3.8 - Subscriber+ SQL Injection

Oct 6, 2021 Patched in 3.9 (839d)
CVE-2021-24193high · 8.8Improper Authorization

Visitor Traffic Real Time Statistics <= 2.11 - Missing Authorization to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 2.12 (1006d)
WF-ea4e9263-36f7-490c-9dad-d3b806bcfdf4-visitors-traffic-real-time-statisticshigh · 8.8Cross-Site Request Forgery (CSRF)

Visitor Traffic Real Time Statistics <= 2.13 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 3.1 (1006d)
CVE-2019-15831high · 8.8Cross-Site Request Forgery (CSRF)

Visitor Traffic Real Time Statistics <= 1.12 - Cross-Site Request Forgery

Jul 3, 2019 Patched in 1.13 (1665d)
CVE-2019-15832high · 8.8Cross-Site Request Forgery (CSRF)

Visitor Traffic Real Time Statistics <= 1.13 - Cross-Site Request Forgery

Jul 3, 2019 Patched in 1.14 (1665d)
Version History

Visitor Traffic Real Time Statistics Release Timeline

v8.6Current
v8.5
v8.41 CVE
CVE-2026-2936
v8.31 CVE
CVE-2026-2936
v8.21 CVE
CVE-2026-2936
v8.11 CVE
CVE-2026-2936
v7.81 CVE
CVE-2026-2936
v7.71 CVE
CVE-2026-2936
v7.61 CVE
CVE-2026-2936
v7.51 CVE
CVE-2026-2936
v7.41 CVE
CVE-2026-2936
v7.31 CVE
CVE-2026-2936
v7.22 CVEs
CVE-2026-2936 CVE-2023-47557
v7.12 CVEs
CVE-2026-2936 CVE-2023-47557
v6.92 CVEs
CVE-2026-2936 CVE-2023-47557
v6.83 CVEs
CVE-2026-2936 WF-c7ab5a00-ce1c-4d74-9192-c9834e2d702d-visitors-traffic-real-time-statistics CVE-2023-47557
v6.73 CVEs
CVE-2026-2936 WF-c7ab5a00-ce1c-4d74-9192-c9834e2d702d-visitors-traffic-real-time-statistics CVE-2023-47557
v6.63 CVEs
CVE-2026-2936 WF-c7ab5a00-ce1c-4d74-9192-c9834e2d702d-visitors-traffic-real-time-statistics CVE-2023-47557
v6.53 CVEs
CVE-2026-2936 WF-c7ab5a00-ce1c-4d74-9192-c9834e2d702d-visitors-traffic-real-time-statistics CVE-2023-47557
v6.43 CVEs
CVE-2026-2936 WF-c7ab5a00-ce1c-4d74-9192-c9834e2d702d-visitors-traffic-real-time-statistics CVE-2023-47557
Code Analysis
Analyzed Mar 16, 2026

Visitor Traffic Real Time Statistics Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
163 prepared
Unescaped Output
70
271 escaped
Nonce Checks
3
Capability Checks
14
File Operations
0
External Requests
2
Bundled Libraries
2

Bundled Libraries

DataTablesSelect2

SQL Query Safety

94% prepared173 total queries

Output Escaping

79% escaped341 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

11 flows3 with unsanitized paths
ahcfree_savesettings (functions.php:654)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Visitor Traffic Real Time Statistics Attack Surface

Entry Points18
Unprotected4

AJAX Handlers 11

authwp_ajax_ahcfree_track_visitorfunctions.php:1124
noprivwp_ajax_ahcfree_track_visitorfunctions.php:1125
authwp_ajax_traffic_by_titlefunctions.php:4187
authwp_ajax_recent_visitor_by_ipfunctions.php:4251
authwp_ajax_ahcfree_get_visitor_infofunctions.php:4572
authwp_ajax_latest_search_wordsfunctions.php:4591
authwp_ajax_today_traffic_indexfunctions.php:4625
authwp_ajax_visits_time_graphfunctions.php:4658
authwp_ajax_ahcfree_get_basic_statsincludes\admin-columns.php:341
authwp_ajax_ahcfree_get_hits_by_custom_durationinit.php:81
authwp_ajax_ahcfree_HideMessageAjaxFunctionVisitors-Traffic-Real-Time-Statistics.php:206

Shortcodes 7

[ahc_stats_widget] functions.php:2
[ahc_today_visitors] functions.php:80
[ahc_today_visits] functions.php:90
[ahc_total_visitors] functions.php:99
[ahc_total_visits] functions.php:108
[ahc_yesterday_total_visits] functions.php:118
[ahc_yesterday_total_visitors] functions.php:126
WordPress Hooks 31
actionadmin_noticesfunctions.php:28
actionadmin_print_scriptsfunctions.php:626
actionwp_initialize_sitefunctions.php:1032
actionadmin_noticesfunctions.php:1092
actionadmin_initfunctions.php:1129
actionwp_enqueue_scriptsfunctions.php:1159
actionwidgets_initfunctions.php:4863
filtermanage_posts_columnsincludes\admin-columns.php:9
filtermanage_pages_columnsincludes\admin-columns.php:10
filtermanage_edit-post_sortable_columnsincludes\admin-columns.php:18
filtermanage_edit-page_sortable_columnsincludes\admin-columns.php:19
actionpre_get_postsincludes\admin-columns.php:32
actionmanage_posts_custom_columnincludes\admin-columns.php:311
actionmanage_pages_custom_columnincludes\admin-columns.php:312
actionadmin_headincludes\admin-columns.php:338
actionadmin_enqueue_scriptsinit.php:67
actionadmin_enqueue_scriptsinit.php:72
actionadmin_menuinit.php:77
actionplugins_loadedVisitors-Traffic-Real-Time-Statistics.php:31
actionplugins_loadedVisitors-Traffic-Real-Time-Statistics.php:86
actionplugins_loadedVisitors-Traffic-Real-Time-Statistics.php:87
actionahc_cleanup_eventVisitors-Traffic-Real-Time-Statistics.php:90
filterplugin_row_metaVisitors-Traffic-Real-Time-Statistics.php:207
actionwp_footerVisitors-Traffic-Real-Time-Statistics.php:214
actionadmin_footerVisitors-Traffic-Real-Time-Statistics.php:215
actionadmin_bar_menuVisitors-Traffic-Real-Time-Statistics.php:216
actionwp_enqueue_scriptsVisitors-Traffic-Real-Time-Statistics.php:217
actionadmin_enqueue_scriptsVisitors-Traffic-Real-Time-Statistics.php:218
actionwp_enqueue_scriptsVisitors-Traffic-Real-Time-Statistics.php:219
actionadmin_enqueue_scriptsVisitors-Traffic-Real-Time-Statistics.php:220
actionadmin_menuVisitors-Traffic-Real-Time-Statistics.php:224

Scheduled Events 1

ahc_cleanup_event
Maintenance & Trust

Visitor Traffic Real Time Statistics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 22, 2026
PHP min version
Downloads1.9M

Community Trust

Rating84/100
Number of ratings234
Active installs30K
Alternatives

Visitor Traffic Real Time Statistics Alternatives

WPS Visitor Counter

WPS Visitor Counter

wps-visitor-counter

B
78

Display website visitor statistics with widget, shortcode, and Gutenberg block support.

10K 1 unpatched
Mechanic Visitor Counter

Mechanic Visitor Counter

mechanic-visitor-counter

A
85

Mechanic Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include &hellip;

8K No CVEs
XT Visitor Counter

XT Visitor Counter

xt-visitor-counter

A
85

XT Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include Today &hellip;

7K No CVEs
Real-Time Post Statistics for WordPress

Real-Time Post Statistics for WordPress

wp-post-real-time-statistics

A
99

A lightweight and simple tool to track your post statistics with real insights.

2K 1 CVE
Total Views

Total Views

total-views

A
100

Count total page views on your WordPress site and display them with a simple shortcode. Customizable label, styles, and editable page views.

10 No CVEs
Developer Profile

Visitor Traffic Real Time Statistics Developer Profile

wp-buy

15 plugins · 345K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
879 days
View full developer profile
Detection Fingerprints

How We Detect Visitor Traffic Real Time Statistics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/visitors-traffic-real-time-statistics/assets/css/heatmap.css/wp-content/plugins/visitors-traffic-real-time-statistics/assets/css/style.css/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/chart.min.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/data.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/dashboard.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/ heatmap.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/users.js
Script Paths
/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/chart.min.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/data.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/dashboard.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/ heatmap.js/wp-content/plugins/visitors-traffic-real-time-statistics/assets/js/users.js
Version Parameters
visitors-traffic-real-time-statistics/assets/css/heatmap.css?ver=visitors-traffic-real-time-statistics/assets/css/style.css?ver=visitors-traffic-real-time-statistics/assets/js/chart.min.js?ver=visitors-traffic-real-time-statistics/assets/js/data.js?ver=visitors-traffic-real-time-statistics/assets/js/dashboard.js?ver=visitors-traffic-real-time-statistics/assets/js/ heatmap.js?ver=visitors-traffic-real-time-statistics/assets/js/users.js?ver=

HTML / DOM Fingerprints

CSS Classes
vtrts-admin-chart-wrapper
HTML Comments
<!-- admin bar --><!-- admin bar for footer -->
JS Globals
vtrts_chart_datavtrts_users_datavtrts_free_adminbar_chart
REST Endpoints
/wp-json/vtrts/v1/visitors/online
FAQ

Frequently Asked Questions about Visitor Traffic Real Time Statistics