Does Word Count Wizard have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Word Count Wizard compatible with WordPress 4.5.33?

According to WordPress.org data, Word Count Wizard 1.0.4 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

Is Word Count Wizard compatible with PHP 5.2.4+?

Word Count Wizard requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Word Count Wizard updated?

Word Count Wizard was last updated on Oct 26, 2017. Frequent updates are generally a positive security signal.

What is Word Count Wizard's security score?

Word Count Wizard has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Word Count Wizard Security & Risk Analysis

wordpress.org/plugins/word-count-wizard

Plugin for bloggers who need detailed word count statistics of their blogs.

70 active installs v1.0.4 PHP 5.2.4+ WP 4.0+ Updated Oct 26, 2017

pages-and-custom-post-typesword-count-statistics-for-your-posts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Word Count Wizard Safe to Use in 2026?

Generally Safe

Score 85/100

Word Count Wizard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "word-count-wizard" plugin v1.0.4 exhibits a generally positive security posture, with no known historical vulnerabilities (CVEs) and a clean taint analysis report, indicating no critical or high severity issues were detected in the analyzed code flows. The presence of nonce and capability checks on its single entry point (a shortcode) is a good practice for limiting unauthorized access. However, significant concerns arise from the static analysis of its code. A very low percentage of outputs (3%) are properly escaped, presenting a substantial risk of cross-site scripting (XSS) vulnerabilities. While the plugin has a limited attack surface and uses prepared statements for a majority of its SQL queries, the lack of output sanitization for most outputs is a critical oversight. The absence of bundled libraries is a positive, but the extensive unescaped output means the plugin's overall security is compromised despite its clean vulnerability history and basic authentication measures.

Key Concerns

Low output escaping
Unprotected entry points (though limited)

Vulnerabilities

None known

Word Count Wizard Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Word Count Wizard Release Timeline

v1.0.4Current

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Word Count Wizard Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

63% prepared8 total queries

Output Escaping

3% escaped72 total outputs

Attack Surface

Word Count Wizard Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wcwizard] public\class-wcwizard-public.php:91

WordPress Hooks 9

actionplugins_loadedincludes\class-wcwizard.php:139

actionplugins_loadedincludes\class-wcwizard.php:153

actionadmin_enqueue_scriptsincludes\class-wcwizard.php:155

actionadmin_enqueue_scriptsincludes\class-wcwizard.php:156

actionadmin_menuincludes\class-wcwizard.php:158

filterplugin_row_metaincludes\class-wcwizard.php:159

actionsave_postincludes\class-wcwizard.php:161

actioninitincludes\class-wcwizard.php:175

actionadmin_menuincludes\functions-wcwizard.php:169

Maintenance & Trust

Word Count Wizard Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedOct 26, 2017

PHP min version5.2.4

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs70

Alternatives

Word Count Wizard Alternatives

No alternatives data available yet.

Developer Profile

Word Count Wizard Developer Profile

Juan

1 plugin · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Word Count Wizard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/word-count-wizard/admin/css/wcwizard-admin.css/wp-content/plugins/word-count-wizard/admin/js/wcwizard-admin.js

Script Paths

/wp-content/plugins/word-count-wizard/admin/js/wcwizard-admin.js

Version Parameters

wcwizard-admin.css?ver=wcwizard-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wcwizard-admin-table

HTML Comments

Data Attributes

data-wcwizard-id

JS Globals

wcwizard_admin_params

Shortcode Output

[word_count_wizard_stats]

FAQ