Does WP.org Plugin Stats have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP.org Plugin Stats compatible with WordPress 6.3.8?

According to WordPress.org data, WP.org Plugin Stats 1.0.6 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is WP.org Plugin Stats compatible with PHP 5.6+?

WP.org Plugin Stats requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP.org Plugin Stats updated?

WP.org Plugin Stats was last updated on Aug 21, 2023. Frequent updates are generally a positive security signal.

What is WP.org Plugin Stats's security score?

WP.org Plugin Stats has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP.org Plugin Stats Security & Risk Analysis

wordpress.org/plugins/wp-org-plugin-stats

WordPress.org Plugin Stats will be shown by Plugin API. You can use anywhere on your website

10 active installs v1.0.6 PHP 5.6+ WP 4.0+ Updated Aug 21, 2023

plugin-dataplugin-directoryplugin-listwordpress-plugin-datawordpress-plugin-directory

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP.org Plugin Stats Safe to Use in 2026?

Generally Safe

Score 85/100

WP.org Plugin Stats has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The plugin "wp-org-plugin-stats" v1.0.6 exhibits a generally strong security posture with good practices observed in several areas. The absence of known CVEs and unpatched vulnerabilities is a significant positive. Furthermore, the plugin demonstrates excellent use of prepared statements for all SQL queries and a good rate of output escaping (79%). The presence of nonce and capability checks on most entry points (6 out of 7 total, with 0 unprotected) is also commendable. However, the use of the `unserialize` function is a notable concern, as it can be a vector for remote code execution if not properly handled and if the serialized data can be influenced by an attacker. While the taint analysis did not reveal critical or high severity flows, the two flows with unsanitized paths warrant further investigation to ensure no sensitive data is exposed or manipulated.

Key Concerns

Use of unserialize function
Flows with unsanitized paths found

Vulnerabilities

None known

WP.org Plugin Stats Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP.org Plugin Stats Release Timeline

v1.0.6Current

v1.0.5

v1.0.2

v1.0.1

Code Analysis

Analyzed Mar 17, 2026

WP.org Plugin Stats Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

153 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$response = unserialize( $response['body'] );Inc\Classes\Shortcode.php:134

Output Escaping

79% escaped194 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

notification_action (Inc\Classes\Notifications\Notifications.php:48)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP.org Plugin Stats Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 6

authwp_ajax_jltwporgst_deactivation_surveyInc\Classes\Feedback.php:29

authwp_ajax_jltwporgst_notification_actionInc\Classes\Notifications\Notifications.php:40

authwp_ajax_jltwporgst_subscribeInc\Classes\Notifications\Subscribe.php:26

authwp_ajax_jltwporgst_allow_collectInc\Classes\Notifications\What_We_Collect.php:27

authwp_ajax_jltwporgst_recommended_upgrade_pluginLibs\Recommended.php:43

authwp_ajax_jltwporgst_recommended_activate_pluginLibs\Recommended.php:44

Shortcodes 1

[wpops] Inc\Classes\Shortcode.php:21

WordPress Hooks 20

actionplugins_loadedclass-wp-org-plugin-stats.php:48

filteradmin_body_classclass-wp-org-plugin-stats.php:50

actionadmin_enqueue_scriptsInc\Classes\Feedback.php:27

actionadmin_footerInc\Classes\Feedback.php:28

actionadmin_noticesInc\Classes\Notifications\Notifications.php:35

actionjltwporgst_display_noticeInc\Classes\Notifications\Notifications.php:37

actionjltwporgst_display_popupInc\Classes\Notifications\Notifications.php:38

actionjltwporgst_sheet_promo_data_resetInc\Classes\Notifications\Upgrade_Notice.php:26

actionadmin_footerInc\Classes\Pro_Upgrade.php:47

actionwp_dashboard_setupInc\Classes\Pro_Upgrade.php:49

actioncron_save_org_downloadsInc\Classes\Shortcode.php:12

filterwidget_textInc\Classes\Shortcode.php:24

actionadmin_headInc\Classes\Shortcode.php:28

filtermce_external_pluginsInc\Classes\Shortcode.php:47

filtermce_buttonsInc\Classes\Shortcode.php:48

actionadmin_enqueue_scriptsLibs\Assets.php:25

actionadmin_print_scriptsLibs\Assets.php:26

filterinstall_plugins_table_api_args_featuredLibs\Featured.php:23

filterplugins_api_resultLibs\Featured.php:33

actionadmin_menuLibs\Recommended.php:42

Scheduled Events 1

cron_save_org_downloads

Maintenance & Trust

WP.org Plugin Stats Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedAug 21, 2023

PHP min version5.6

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP.org Plugin Stats Alternatives

Extension Info Exporter

extension-info-exporter

100

Professional WordPress plugin export tool for plugin inventory management and audit reports.

100 No CVEs

I Make Plugins

i-make-plugins

For plugin authors. Showcase your plugins on your WordPress site. You only update your readme.txt files!

10 No CVEs

My Plugin Information – Fetch Data from WordPress.org

my-plugin-information

100

Fetch plugin data from WordPress.org using a simple shortcode. Shows version, installs, ratings, and more. Cached for speed, auto-updated hourly.

10 No CVEs

Plugin Information Card

plugin-information-card

This plugin adds the functionality to output information about plugins in the WordPress plugin directory.

0 No CVEs

Developer Profile

WP.org Plugin Stats Developer Profile

Liton Arefin

49 plugins · 43K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

63 days

View full developer profile

Detection Fingerprints

How We Detect WP.org Plugin Stats

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-org-plugin-stats/assets/css/plugin-survey.css

HTML / DOM Fingerprints

CSS Classes

jltwporgst-deactivate-survey-overlayjltwporgst-deactivate-survey-modaljltwporgst-deactivate-survey-headerjltwporgst-deactivate-infojltwporgst-deactivate-content-wrapperjltwporgst-deactivate-form-wrapperjltwporgst-deactivate-input-wrapperjltwporgst-deactivate-feedback-dialog-input+2 more

Data Attributes

id="jltwporgst-deactivate-survey-overlay"id="jltwporgst-deactivate-survey-modal"id="jltwporgst-deactivate-feedback-no_longer_needed"id="jltwporgst-deactivate-feedback-found_a_better_plugin"id="jltwporgst-deactivate-feedback-couldnt_get_the_plugin_to_work"id="jltwporgst-deactivate-feedback-temporary_deactivation"+5 more

JS Globals

JLTWPORGST

REST Endpoints

/wp-json/jltwporgst/v1/deactivation-survey

FAQ