WP-Safety

Weblix – Online Users Security & Risk Analysis

wordpress.org/plugins/weblix

Display online users and page views in the last 30 minutes, just like Google Analytics, but without slowing down your website.

80 active installs v1.4.1 PHP 7.2+ WP 5.3+ Updated Feb 6, 2025
google-analyticsinsightsonline-userspage-viewsstats
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Weblix – Online Users Safe to Use in 2026?

Generally Safe

Score 92/100

Weblix – Online Users has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The plugin 'weblix' v1.4.1 exhibits a generally strong security posture based on the static analysis provided. The plugin demonstrates good practices by employing prepared statements for nearly all SQL queries and properly escaping most output. It also has a very small attack surface with no unprotected entry points, no file operations, and no external HTTP requests. The absence of known vulnerabilities, including critical or high severity ones, further contributes to a positive security assessment.

However, there are a few areas that warrant attention. The lack of nonce checks across any of the entry points (AJAX handlers, REST API routes, or shortcodes, although none are directly exposed in this analysis) is a significant concern. While no critical taint flows were identified, the presence of capability checks on only 2 entry points suggests that the plugin might not be comprehensively protecting all sensitive actions from unauthorized access.

Overall, 'weblix' v1.4.1 appears to be a well-developed plugin from a security perspective, with a clean vulnerability history and good adherence to secure coding practices. The primary weakness lies in the absence of nonce checks, which, in conjunction with limited capability checks, could potentially expose the plugin to CSRF or unauthorized action vulnerabilities if the attack surface were to expand or be exploited in unexpected ways.

Key Concerns

  • Missing nonce checks across entry points
  • Limited capability checks on entry points
Vulnerabilities
None known

Weblix – Online Users Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Weblix – Online Users Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
28 prepared
Unescaped Output
1
31 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

97% prepared29 total queries

Output Escaping

97% escaped32 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
weblix_track_page_view (weblix.php:93)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Weblix – Online Users Attack Surface

Entry Points2
Unprotected0

REST API Routes 2

POST/wp-json/weblix/v1/trackweblix.php:82
GET/wp-json/weblix/v1/dashboard-dataweblix.php:392
WordPress Hooks 8
actionrest_api_initweblix.php:90
actionwp_enqueue_scriptsweblix.php:185
actionadmin_menuweblix.php:198
actionwp_dashboard_setupweblix.php:357
actionrest_api_initweblix.php:400
actionadmin_enqueue_scriptsweblix.php:477
actioninitweblix.php:504
actionweblix_cleanup_old_visitorsweblix.php:507

Scheduled Events 1

weblix_cleanup_old_visitors
Maintenance & Trust

Weblix – Online Users Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 6, 2025
PHP min version7.2
Downloads957

Community Trust

Rating0/100
Number of ratings0
Active installs80
Alternatives

Weblix – Online Users Alternatives

WP Statistics – Simple, privacy-friendly Google Analytics alternative

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

B
81

Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.

600K 35 CVEs
WP Visitor Statistics (Real Time Traffic)

WP Visitor Statistics (Real Time Traffic)

wp-stats-manager

D
42

This plugin will help you to track your visitors & visits, browsers, operating systems, GEO locations and much more, easy to install and working fine.

20K 1 unpatched
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

google-analytics-dashboard-for-wp

A
90

Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!

300K 5 CVEs
Koko Analytics – Privacy Friendly Statistics for WordPress

Koko Analytics – Privacy Friendly Statistics for WordPress

koko-analytics

A
96

Koko Analytics is a privacy-friendly statistics plugin for WordPress that is an easy to use alternative to Google Analytics.

60K 2 CVEs
Fathom Analytics for WP

Fathom Analytics for WP

fathom-analytics

A
99

Fathom is a simple, GDPR compliant Google Analytics alternative.

10K 2 CVEs
Developer Profile

Weblix – Online Users Developer Profile

Vahid Behnam

1 plugin · 80 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Weblix – Online Users

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/weblix/assets/js/weblix-tracker.js
Script Paths
/wp-content/plugins/weblix/assets/js/weblix-tracker.js
Version Parameters
time()filemtime(

HTML / DOM Fingerprints

Data Attributes
data-weblix-user-ipdata-weblix-page-urldata-weblix-visit-timedata-weblix-device-typedata-weblix-page-titledata-weblix-is-bot
JS Globals
weblix_ajax
REST Endpoints
/weblix/v1/track
FAQ

Frequently Asked Questions about Weblix – Online Users