Does WP-PostViews have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-PostViews have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-PostViews compatible with WordPress 6.8.5?

According to WordPress.org data, WP-PostViews 1.78 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP-PostViews updated?

WP-PostViews was last updated on Aug 31, 2025. Frequent updates are generally a positive security signal.

What is WP-PostViews's security score?

WP-PostViews has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-PostViews Security & Risk Analysis

wordpress.org/plugins/wp-postviews

Enables you to display how many times a post/page had been viewed.

100K active installs v1.78 PHP + WP 4.0+ Updated Aug 31, 2025

counterhitspostviewsviews

A · Safe

CVEs total1

Unpatched0

Last CVEMay 8, 2013

Plugin page Download

Safety Verdict

Is WP-PostViews Safe to Use in 2026?

Generally Safe

Score 99/100

WP-PostViews has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 8, 2013Updated 7mo ago

Risk Assessment

The "wp-postviews" plugin version 1.78 exhibits a mixed security posture. While it boasts a small attack surface with only 3 entry points and no unprotected AJAX handlers or REST API routes, it has significant concerns in its code implementation. A substantial portion of output is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities. Furthermore, the plugin uses raw SQL queries without prepared statements, which is a known vector for SQL injection attacks. The vulnerability history, though dated, reveals a past high-severity Cross-Site Request Forgery (CSRF) vulnerability, indicating that the plugin has had exploitable weaknesses in the past. While there are no current unpatched vulnerabilities and the taint analysis shows no immediate critical or high risks, the lack of proper output escaping and raw SQL queries are significant weaknesses that require attention to improve the plugin's overall security.

Key Concerns

Raw SQL queries without prepared statements
Low percentage of properly escaped output
Historical high severity CVE (CSRF)

Vulnerabilities

WP-PostViews Security Vulnerabilities

CVEs by Year

1 CVE in 2013

2013

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2013-3252high · 8.8Cross-Site Request Forgery (CSRF)

WP-PostViews < 1.63 - Cross-Site Request Forgery

May 8, 2013 Patched in 1.63 (3912d)

Code Analysis

Analyzed Mar 16, 2026

WP-PostViews Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

36% escaped61 total outputs

Attack Surface

WP-PostViews Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_postviewswp-postviews.php:798

noprivwp_ajax_postviewswp-postviews.php:799

Shortcodes 1

[views] wp-postviews.php:229

WordPress Hooks 26

actionplugins_loadedwp-postviews.php:35

actionadmin_menuwp-postviews.php:42

actionwp_headwp-postviews.php:51

actionwp_enqueue_scriptswp-postviews.php:135

actionpublish_postwp-postviews.php:688

actionpublish_pagewp-postviews.php:689

filterquery_varswp-postviews.php:699

actionpre_get_postswp-postviews.php:708

filterposts_fieldswp-postviews.php:711

filterposts_joinwp-postviews.php:712

filterposts_wherewp-postviews.php:713

filterposts_orderbywp-postviews.php:714

actionplugins_loadedwp-postviews.php:725

filterwp_stats_page_admin_pluginswp-postviews.php:727

filterwp_stats_page_admin_mostwp-postviews.php:728

filterwp_stats_page_pluginswp-postviews.php:729

filterwp_stats_page_mostwp-postviews.php:730

actionmanage_posts_custom_columnwp-postviews.php:834

filtermanage_posts_columnswp-postviews.php:835

actionmanage_pages_custom_columnwp-postviews.php:836

filtermanage_pages_columnswp-postviews.php:837

filtermanage_edit-post_sortable_columnswp-postviews.php:855

filtermanage_edit-page_sortable_columnswp-postviews.php:856

actionpre_get_postswp-postviews.php:861

actionwidgets_initwp-postviews.php:997

actionrest_api_initwp-postviews.php:1045

Maintenance & Trust

WP-PostViews Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 31, 2025

PHP min version

Downloads3.4M

Community Trust

Rating88/100

Number of ratings65

Active installs100K

Alternatives

WP-PostViews Alternatives

Post Views Stats Counter

post-views-stats-counter

This plugin will display how many times post and page viewed. It shows total view of access per day, week, month, and all days.

700 No CVEs

WP-PostViews Plus

wp-postviews-plus

Enables You To Display How Many Times A Post Had Been Viewed By User Or Bot.

400 No CVEs

Easy Post View Counter

easy-post-view-counter

With this plugin you can see how many views a single post has.

100 No CVEs

WP-PostViews Plus widget

wp-postviews-plus-widget

100

This is a widget based on WP-PostViews Plus plugin by Richer Yang (http://wordpress.org/extend/plugins/wp-postviews-plus).

20 No CVEs

myCred for WP-PostViews

mycred-for-wp-postviews

100

📢🚨 Important Notice: myCred for WP-PostViews is now part of the myCred Toolkit and will no longer receive updates here. Only security fixes will be pr …

10 No CVEs

Developer Profile

WP-PostViews Developer Profile

Lester Chan

20 plugins · 889K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

1377 days

View full developer profile

Detection Fingerprints

How We Detect WP-PostViews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-postviews/postviews-cache.js

Script Paths