Does WP Views Counter have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Views Counter compatible with WordPress 6.9.4?

According to WordPress.org data, WP Views Counter 2.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Views Counter compatible with PHP 7.0+?

WP Views Counter requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Views Counter updated?

WP Views Counter was last updated on Dec 19, 2025. Frequent updates are generally a positive security signal.

What is WP Views Counter's security score?

WP Views Counter has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Views Counter Security & Risk Analysis

wordpress.org/plugins/wpecounter

Fast, lightweight post views counter. Display views in admin, blocks or shortcodes — no tracking scripts required.

2K active installs v2.1.3 PHP 7.0+ WP 3.1+ Updated Dec 19, 2025

ajax-counteranalyticspopular-postspost-viewsviews-counter

A · Safe

CVEs total2

Unpatched0

Last CVEDec 14, 2025

Plugin page Download

Safety Verdict

Is WP Views Counter Safe to Use in 2026?

Generally Safe

Score 98/100

WP Views Counter has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Dec 14, 2025Updated 5mo ago

Risk Assessment

The wpecounter v2.1.3 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks for its entry points. The static analysis revealed no critical or high-severity taint flows, and there are no file operations or external HTTP requests, which reduces the attack surface. However, a significant concern arises from the output escaping. With only 64% of outputs properly escaped, there is a notable risk of Cross-Site Scripting (XSS) vulnerabilities. This is further underscored by the plugin's vulnerability history, which includes two medium-severity CVEs, with common types being Missing Authorization and Improper Neutralization of Input During Web Page Generation (XSS). Although there are no currently unpatched vulnerabilities, the historical pattern of XSS suggests that output escaping remains a weak point that attackers could potentially exploit.

Key Concerns

Insufficient output escaping
Medium severity historical CVEs

Vulnerabilities

2 published

WP Views Counter Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-66130medium · 5.3Missing Authorization

Views Counter <= 2.1.2 - Missing Authorization

Dec 14, 2025 Patched in 2.1.3 (25d)

CVE-2025-49859medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Views Counter <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 12, 2025 Patched in 2.0.4 (6d)

Version History

WP Views Counter Release Timeline

v2.1.3Current

v2.1.21 CVE

v2.1.11 CVE

v2.11 CVE

v2.0.41 CVE

v1.22 CVEs

CVE-2025-66130 CVE-2025-49859

v1.1.22 CVEs

CVE-2025-66130 CVE-2025-49859

v1.02 CVEs

CVE-2025-66130 CVE-2025-49859

Code Analysis

Analyzed Mar 16, 2026

WP Views Counter Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

48 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared12 total queries

Output Escaping

64% escaped75 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

register_settings (includes\settings.php:78)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Views Counter Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 3

authwp_ajax_entry_viewsincludes\class-views.php:50

noprivwp_ajax_entry_viewsincludes\class-views.php:51

authwp_ajax_wpecounter_reset_viewsincludes\class-views.php:435

Shortcodes 2

[wpecounter] includes\class-views.php:147

[WPeCounter] includes\class-views.php:148

WordPress Hooks 22

actioninitincludes\class-views.php:41

actioninitincludes\class-views.php:44

actiontemplate_redirectincludes\class-views.php:47

actionadmin_initincludes\class-views.php:54

actionadd_meta_boxesincludes\class-views.php:55

filterwidget_textincludes\class-views.php:144

filterwidget_textincludes\class-views.php:145

actionwp_footerincludes\class-views.php:199

actionpre_get_postsincludes\class-views.php:424

actionadmin_headincludes\class-views.php:425

actionadmin_enqueue_scriptsincludes\class-views.php:428

actioninitincludes\plugin-utils.php:18

actionenqueue_block_editor_assetsincludes\plugin-utils.php:21

filterblock_categories_allincludes\plugin-utils.php:24

filterplugin_row_metaincludes\plugin-utils.php:37

actionadmin_print_scriptsincludes\scripts.php:25

actionadmin_print_stylesincludes\scripts.php:26

actionadmin_initincludes\settings.php:39

actionadmin_menuincludes\settings.php:40

actionadmin_initincludes\version.php:6

actionplugins_loadedwpecounter.php:71

actionwidgets_initwpecounter.php:72

Maintenance & Trust

WP Views Counter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 19, 2025

PHP min version7.0

Downloads42K

Community Trust

Rating100/100

Number of ratings5

Active installs2K

Alternatives

WP Views Counter Alternatives

WebberZone Top 10 — Popular Posts

top-10

Track post views and page views, and display popular posts and trending content on your WordPress site.

10K 10 CVEs

Statify Widget

statify-widget

Data privacy conform widget for list popular content (pages, posts, custom post types) – based on Statify plugin.

4K 1 CVE

Trending/Popular Post Slider and Widget

wp-trending-post-slider-and-widget

100

A quick, easy way to add Popular/Trending posts slider, grid block and widget. Also work with Gutenberg shortcode block.

2K 1 CVE

Toplytics

toplytics

100

Displays the most visited posts as a widget using data from Google Analytics. Designed to be used under high-traffic or low server resources.

100 No CVEs

PostViews Count & Popular Posts Widgets

tp-postviews-count-popular-posts-widgets

TP WordPress Post Views Counter and Popular Posts Widget based on Post Views Plugin (TP WP Post Views) will help sites to add post views and show Popu …

50 No CVEs

Developer Profile

WP Views Counter Developer Profile

etruel

12 plugins · 13K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

116 days

View full developer profile

Detection Fingerprints

How We Detect WP Views Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpecounter/assets/css/wpecounter-admin.css/wp-content/plugins/wpecounter/assets/css/wpecounter.css/wp-content/plugins/wpecounter/assets/js/wpecounter-admin.js/wp-content/plugins/wpecounter/assets/js/wpecounter.js

Script Paths

/wp-content/plugins/wpecounter/assets/js/wpecounter.js/wp-content/plugins/wpecounter/assets/js/wpecounter-admin.js

Version Parameters

wpecounter/assets/css/wpecounter-admin.css?ver=wpecounter/assets/css/wpecounter.css?ver=wpecounter/assets/js/wpecounter-admin.js?ver=wpecounter/assets/js/wpecounter.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpecounter-reset-views-btnwpecounter-views-boxwpecounter-views-label

Data Attributes

data-postiddata-nonce

JS Globals

WPeCounter_Settingswpecounter_object

Shortcode Output

[wpecounter][WPeCounter]

FAQ

WP Views Counter Security & Risk Analysis

Is WP Views Counter Safe to Use in 2026?

Generally Safe

Key Concerns

WP Views Counter Security Vulnerabilities

CVEs by Year

Severity Breakdown

WP Views Counter Release Timeline

WP Views Counter Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

WP Views Counter Attack Surface

AJAX Handlers 3

Shortcodes 2

WP Views Counter Maintenance & Trust

Maintenance Signals

Community Trust

WP Views Counter Alternatives

WebberZone Top 10 — Popular Posts

Statify Widget

Trending/Popular Post Slider and Widget

Toplytics

PostViews Count & Popular Posts Widgets

WP Views Counter Developer Profile

How We Detect WP Views Counter

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Views Counter