WP-PostViews Plus widget Security & Risk Analysis
wordpress.org/plugins/wp-postviews-plus-widgetThis is a widget based on WP-PostViews Plus plugin by Richer Yang (http://wordpress.org/extend/plugins/wp-postviews-plus).
Is WP-PostViews Plus widget Safe to Use in 2026?
Generally Safe
Score 100/100WP-PostViews Plus widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'wp-postviews-plus-widget' v1.0 plugin exhibits a generally good security posture based on the provided static analysis. There are no detected AJAX handlers, REST API routes, shortcodes, or cron events that could serve as entry points, and importantly, no unprotected entry points were identified. The code also shows no usage of dangerous functions, no unescaped file operations, and no external HTTP requests. The complete absence of known CVEs and a history clear of vulnerabilities further suggests a commitment to security in its development. However, a significant concern arises from the output escaping analysis, where 100% of the identified outputs are not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing malicious scripts to be injected and executed within the WordPress admin or frontend, depending on where the widget's output is rendered. While the plugin appears to have a small attack surface and avoids common pitfalls like raw SQL queries or missing capability checks, the lack of output sanitization is a critical oversight that needs immediate attention.
Key Concerns
- Unescaped output detected
WP-PostViews Plus widget Security Vulnerabilities
WP-PostViews Plus widget Code Analysis
Output Escaping
WP-PostViews Plus widget Attack Surface
WordPress Hooks 1
Maintenance & Trust
WP-PostViews Plus widget Maintenance & Trust
Maintenance Signals
Community Trust
WP-PostViews Plus widget Alternatives
WP-PostViews Plus
wp-postviews-plus
Enables You To Display How Many Times A Post Had Been Viewed By User Or Bot.
WP-PostViews
wp-postviews
Enables you to display how many times a post/page had been viewed.
Post Views Stats Counter
post-views-stats-counter
This plugin will display how many times post and page viewed. It shows total view of access per day, week, month, and all days.
Easy Post View Counter
easy-post-view-counter
With this plugin you can see how many views a single post has.
myCred for WP-PostViews
mycred-for-wp-postviews
📢🚨 Important Notice: myCred for WP-PostViews is now part of the myCred Toolkit and will no longer receive updates here. Only security fixes will be pr …
WP-PostViews Plus widget Developer Profile
1 plugin · 20 total installs
How We Detect WP-PostViews Plus widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-postviews-plus-widget/postviews_plus_widget.phpHTML / DOM Fingerprints
<!--
* WP-PostViews-Plus-Widget
* Copyright (C) 2007-2009 flyaga li
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
--><!-- We're putting the plugin's functions in one big function we then
// call at 'plugins_loaded' (add_action() at bottom) to ensure the
// required Sidebar Widget functions are available. --><!-- Check to see required Widget API functions are defined... --><!-- ...and if not, exit gracefully from the script. -->+12 more