Multisite Theme Statistics Security & Risk Analysis
wordpress.org/plugins/wordpress-mu-theme-statsAdds theme usage statistics within your network, shows themes by user and most popular themes.
Is Multisite Theme Statistics Safe to Use in 2026?
Generally Safe
Score 85/100Multisite Theme Statistics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "wordpress-mu-theme-stats" v2.8.3 plugin demonstrates a generally strong security posture, particularly in its handling of entry points and SQL queries. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events significantly reduces the potential attack surface. Furthermore, the plugin correctly utilizes prepared statements for its single SQL query, a crucial practice for preventing SQL injection vulnerabilities. The lack of reported CVEs and historical vulnerabilities also suggests a history of responsible development and security awareness.
However, a significant concern arises from the output escaping. With 10 total outputs and 0% properly escaped, this presents a considerable risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from user input or external sources without proper sanitization and escaping could be exploited to inject malicious scripts. While the taint analysis shows no unsanitized flows, this is likely due to the limited scope of the analysis (0 flows analyzed). The absence of nonce checks and the single capability check on a critical function without further context also warrant caution, as they could represent missed opportunities for robust access control.
In conclusion, while the plugin excels in minimizing its attack surface and secure database interactions, the complete lack of output escaping is a critical weakness that needs immediate attention. The vulnerability history is a positive indicator, but the current code analysis reveals a glaring security flaw. Addressing the output escaping issue should be the highest priority to mitigate XSS risks.
Key Concerns
- 0% output escaping
- No nonce checks on potential sensitive actions
- Single capability check on a potentially sensitive action
Multisite Theme Statistics Security Vulnerabilities
Multisite Theme Statistics Release Timeline
Multisite Theme Statistics Code Analysis
SQL Query Safety
Output Escaping
Multisite Theme Statistics Attack Surface
WordPress Hooks 5
Maintenance & Trust
Multisite Theme Statistics Maintenance & Trust
Maintenance Signals
Community Trust
Multisite Theme Statistics Alternatives
Network Plugin Auditor
network-plugin-auditor
For multisite/network installations only. Adds columns to your network admin to show which sites are using each plugin and theme.
Hyper Admins
hyper-admins
Simplify administration tasks for super-admins.
Mission Control
mission-control
Effortlessly take control of all the sites on your network. Assign levels to your sites and manage the features available to each level.
Multisite Administration Tools
multisite-administration-tools
Adds information to the network admin sites, plugins and themes page. Allows you to easily see what theme and plugins are enabled on a site.
Redistats – Multisite stats
redistats
Web stats especially made for WordPress Multisite with a large number of blogs but also works on a single blog. No additional load on your server.
Multisite Theme Statistics Developer Profile
13 plugins · 1K total installs
How We Detect Multisite Theme Statistics
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
ra-hide<!--
function ra_show(id, newclass)
{
var el = document.getElementById(id);
if(el) {
if(newclass) {
if(el.className==newclass) el.className="ra-hide";
else el.className=newclass;
} else {
if(el.className=="") el.className="ra-hide";
else el.className="";
}
}
}
-->onclickra_show