Does WP ourSTATS Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in WP ourSTATS Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP ourSTATS Widget compatible with WordPress 3.7.41?

According to WordPress.org data, WP ourSTATS Widget 2.1 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is WP ourSTATS Widget updated?

WP ourSTATS Widget was last updated on Dec 17, 2013. Frequent updates are generally a positive security signal.

What is WP ourSTATS Widget's security score?

WP ourSTATS Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP ourSTATS Widget Security & Risk Analysis

wordpress.org/plugins/wp-ourstats-widget

STATS.de - the free statistics counter without registration. This plugin create a widget for the ourstats.de counter service

10 active installs v2.1 PHP + WP 3.0+ Updated Dec 17, 2013

counterourstatsourstats-widgetstatisticvisitors

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP ourSTATS Widget Safe to Use in 2026?

Generally Safe

Score 85/100

WP ourSTATS Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The plugin "wp-ourstats-widget" v2.1 exhibits a mixed security posture. On one hand, the absence of known vulnerabilities and a complete reliance on prepared statements for SQL queries are positive indicators. The plugin also demonstrates awareness of capability checks, suggesting an attempt at access control.

However, significant concerns arise from the static analysis. The presence of the `create_function` call is a notable risk, as it can be exploited for code injection if any user-supplied input is passed to it without proper sanitization, though the taint analysis currently shows no such flows. More critically, 100% of output is not properly escaped, indicating a high probability of Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks across its (albeit zero) entry points is also a weakness that could be exploited if entry points were introduced or if the plugin's usage of internal functions isn't robust.

The plugin's vulnerability history being entirely clear is a strength, but it should not be relied upon as a sole indicator of security, especially given the identified code quality issues. The absence of reported vulnerabilities could simply mean they haven't been discovered or exploited yet. In conclusion, while the plugin has avoided historical vulnerabilities and uses prepared statements, the unescaped output and the use of `create_function` present substantial risks that require immediate attention.

Key Concerns

Unescaped output
Dangerous function: create_function
Missing nonce checks

Vulnerabilities

None known

WP ourSTATS Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP ourSTATS Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function('', 'return register_widget("wp_ourstats");') );init.php:100

Output Escaping

0% escaped37 total outputs

Attack Surface

WP ourSTATS Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initinit.php:100

Maintenance & Trust

WP ourSTATS Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedDec 17, 2013

PHP min version

Downloads2K

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

WP ourSTATS Widget Alternatives

Post Views Counter

post-views-counter

Post Views Counter allows you to collect and display how many times a post, page, or other content has been viewed in a simple, fast and reliable way.

200K 2 CVEs

StatCounter – Free Real Time Visitor Stats

official-statcounter-plugin-for-wordpress

StatCounter.com powered real-time detailed stats about the visitors to your blog.

70K 2 CVEs

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

40K 8 CVEs

WPS Visitor Counter

wps-visitor-counter

Display website visitor statistics with widget, shortcode, and Gutenberg block support.

10K 1 unpatched

Mechanic Visitor Counter

mechanic-visitor-counter

Mechanic Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include …

8K No CVEs

Developer Profile

WP ourSTATS Widget Developer Profile

Pankaj Jha

4 plugins · 300 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP ourSTATS Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-ourstats-widget/ourstats.js

Script Paths

http://logging.ourstats.de/js.php

HTML / DOM Fingerprints

CSS Classes

wp_ourstatsourstats-widget

Data Attributes

id="wp_ourstats-widget-widget-title"name="wp_ourstats-widget-widget-title"id="wp_ourstats-widget-ourstats_id"name="wp_ourstats-widget-ourstats_id"name="wp_ourstats-widget-hide_is_admin"name="wp_ourstats-widget-ourstats_color"+1 more

Shortcode Output

<script src="http://logging.ourstats.de/js.php?ID=&style=" type="text/javascript"></script><noscript><a href="http://stats.ourstats.de/?ID=

FAQ