Does WP Visit Counter have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

How often is WP Visit Counter updated?

WP Visit Counter was last updated on Jan 6, 2015. Frequent updates are generally a positive security signal.

What is WP Visit Counter's security score?

WP Visit Counter has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Visit Counter Security & Risk Analysis

wordpress.org/plugins/wp-visit-counter

Simply displays one more column in your posts/pages for number of visits.

10 active installs v1.0 PHP + WP + Updated Jan 6, 2015

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Visit Counter Safe to Use in 2026?

Generally Safe

Score 85/100

WP Visit Counter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "wp-visit-counter" v1.0 plugin exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs) and a relatively small attack surface consisting of a single shortcode. It also avoids dangerous functions, file operations, and external HTTP requests, which are common vectors for exploitation. However, significant concerns arise from the static analysis. A concerning 100% of the single output identified is not properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, a critical taint flow with an unsanitized path was detected, indicating a potential for path traversal or arbitrary file access if this flow is exploited in conjunction with user-supplied input. The absence of nonce checks and capability checks on entry points is also a notable weakness, leaving the plugin susceptible to CSRF attacks and unauthorized actions if the shortcode's functionality can be manipulated.

Key Concerns

Unescaped output detected
Taint flow with unsanitized path (critical)
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

WP Visit Counter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Visit Counter Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

WP Visit Counter Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

69% prepared16 total queries

Output Escaping

0% escaped1 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<index> (index.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Visit Counter Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[show_ip] index.php:172

WordPress Hooks 5

actionwp_footerindex.php:193

filtermanage_posts_columnsindex.php:218

actionmanage_posts_custom_columnindex.php:219

filtermanage_pages_columnsindex.php:221

actionmanage_pages_custom_columnindex.php:222

Maintenance & Trust

WP Visit Counter Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedJan 6, 2015

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Visit Counter Alternatives

No alternatives data available yet.

Developer Profile

WP Visit Counter Developer Profile

Faizan Ali

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Visit Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

JS Globals

wp_vistcnt_get_the_user_ip

Shortcode Output

show_ip

FAQ