[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_M2dmAtaVj5k4QMHd2gk3N7qYN7DtMAcpvID123QTnM":3,"$fHghfq6T8Pf76CoQmHdpQ_bC8W8lrKekQ5lvewEc1vaA":300,"$fjafLWMeetL-rzYoy0jvFHgwf_QY2g1jdrRn53UroGXw":304},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":49,"crawl_stats":37,"alternatives":56,"analysis":152,"fingerprints":269},"wps-visitor-counter","WPS Visitor Counter","1.4.9","techmix","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechmix\u002F","\u003Cp>WPS Visitor Counter plugin is one of the best visitor counter plugin in wordpress. This plugin will help you to display the number of visitor your website have and its traffic statistics for your WordPress website. We have tried to include all the available data you needed to show in the visitor counter. Here are the items we are showing on our visitor counter:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users Today\u003C\u002Fli>\n\u003Cli>Users Yesterday\u003C\u002Fli>\n\u003Cli>Users Last 7 days\u003C\u002Fli>\n\u003Cli>Users Last 30 days\u003C\u002Fli>\n\u003Cli>Users This Month\u003C\u002Fli>\n\u003Cli>Users This Year\u003C\u002Fli>\n\u003Cli>Total Users\u003C\u002Fli>\n\u003Cli>Views Today\u003C\u002Fli>\n\u003Cli>Views Yesterday\u003C\u002Fli>\n\u003Cli>Views Last 7 days\u003C\u002Fli>\n\u003Cli>Views Last 30 days\u003C\u002Fli>\n\u003Cli>Views This Month\u003C\u002Fli>\n\u003Cli>Views This Year\u003C\u002Fli>\n\u003Cli>Total Views\u003C\u002Fli>\n\u003Cli>Who’s Online\u003C\u002Fli>\n\u003Cli>Your IP Address\u003C\u002Fli>\n\u003Cli>Server Time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You will find all the data authentic and this will help you to get your website traffic stats. Just install the plugin. It will take effect just after you install it on your website. Our plugin is compatible for all types of websites and able to run in all versions of WordPress.\u003C\u002Fp>\n\u003Ch4>WPS Visitor Counter shortcode\u003C\u002Fh4>\n\u003Cp>Use this [wps_visitor_counter] Shortcode anywhere in your website where you want to show visitor counter.\u003C\u002Fp>\n\u003Ch3>gutenberg block supported\u003C\u002Fh3>\n\u003Ch4>Translation Support\u003C\u002Fh4>\n\u003Cp>The plugin is fully internationalized and supports multiple languages. Translation files are located in the \u002Flanguages\u002F directory.\u003C\u002Fp>\n\u003Cp>Currently available languages:\u003Cbr \u002F>\n* English (default)\u003Cbr \u002F>\n* Spanish (es_ES) – Complete translation included\u003C\u002Fp>\n\u003Cp>To create translations for other languages:\u003Cbr \u002F>\n1. Use the wps-visitor-counter.pot file as a template\u003Cbr \u002F>\n2. Create a .po file for your language (e.g., wps-visitor-counter-fr_FR.po)\u003Cbr \u002F>\n3. Translate the strings and compile to .mo format\u003Cbr \u002F>\n4. WordPress will automatically load the appropriate translation file\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Refer Installation and FAQ section for all required information\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and feature requests, please visit our website at https:\u002F\u002Ftechmix.xyz\u002F\u003C\u002Fp>\n","Display website visitor statistics with widget, shortcode, and Gutenberg block support.",10000,120263,78,8,"2026-01-21T19:29:00.000Z","6.9.4","5.0","7.4",[20,21,22,23,24],"blog-stats","hit-counter","traffic-statistics","visitor-counter","website-counter","https:\u002F\u002Ftechmix.xyz\u002Fdownloads\u002Fwps-visitor-counter-plugin-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-visitor-counter.1.4.9.zip",1,"2025-11-21 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":37,"research_verified":47,"research_rounds_completed":48,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":47,"poc_model_used":37,"poc_verification_depth":37},"CVE-2025-9116","wps-visitor-counter-reflected-cross-site-scripting","WPS Visitor Counter \u003C= 1.4.8 - Reflected Cross-Site Scripting","The WPS Visitor Counter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.4.8","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-12-19 17:27:58",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F298c6338-167f-499d-b4f2-852db2392b34?source=api-prod",[],false,0,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},3,10510,83,30,82,"2026-05-19T20:42:42.463Z",[57,78,96,115,134],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":63,"tags":72,"homepage":75,"download_link":76,"security_score":77,"vuln_count":48,"unpatched_count":48,"last_vuln_date":37,"fetched_at":29},"mechanic-visitor-counter","Mechanic Visitor Counter","3.3.3","Aditya Subawa","https:\u002F\u002Fprofiles.wordpress.org\u002Fadityasubawa\u002F","","Mechanic Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include …",8000,223044,72,15,"2021-01-02T07:20:00.000Z","5.5.18","4.5.3",[20,73,22,23,74],"traffic-counter","visitor-traffic","https:\u002F\u002Fwww.adityasubawa.com\u002Fmechanic-visitor-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmechanic-visitor-counter.zip",85,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":63,"tags":93,"homepage":94,"download_link":95,"security_score":77,"vuln_count":48,"unpatched_count":48,"last_vuln_date":37,"fetched_at":29},"xt-visitor-counter","XT Visitor Counter","1.4.3","xtrsyz","https:\u002F\u002Fprofiles.wordpress.org\u002Fxtrsyz\u002F","\u003Cp>XT Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress.Some of the features offered include Today Visitor, Today Hits, Total Hits, Total Visit, Who’s Online and IP Address Visitors.\u003C\u002Fp>\n\u003Cp>Upload and Install XT Visitor Counter Plugins, Activate and Drag the Widgets in to your WordPress Sidebar. And this plugins will useless for a thousands of websites. If you were here, download and install it, you’ll like it.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Refer Installation and FAQ section for all required information\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Most simple plugin available so far\u003C\u002Fli>\n\u003Cli>Do not remove developer plugins link\u003C\u002Fli>\n\u003C\u002Fol>\n","XT Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include Today …",7000,106833,84,5,"2023-01-31T15:01:00.000Z","6.1.10","3.0.1",[20,73,22,23,74],"http:\u002F\u002Fxtrsyz.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxt-visitor-counter.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":48,"num_ratings":48,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":113,"download_link":114,"security_score":104,"vuln_count":48,"unpatched_count":48,"last_vuln_date":37,"fetched_at":29},"mc-visitor-tally","MC Visitor Tally","2.8.3","Mike Hickcox","https:\u002F\u002Fprofiles.wordpress.org\u002Fmike-hickcox\u002F","\u003Cp>Easy-to-use visitor counter designed for the website admin. With a clean look appropriate for a professional website. Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unique site visitor counts in these time frames: Today, Yesterday, Past 7 Days, Current Month, Current Year.\u003C\u002Fli>\n\u003Cli>Counts are shown in an admin dashboard widget which appears when the plugin is activated.\u003C\u002Fli>\n\u003Cli>The admin dashboard widget has an optional table of monthly totals for comparisons.\u003C\u002Fli>\n\u003Cli>The dashboard widget tells when the plugin was installed so you know when the counts on your website began.\u003C\u002Fli>\n\u003Cli>Use the front-end WIDGET (MC Visitor Tally) to place the tallies on website pages, sidebars, and\u002For footer.\u003C\u002Fli>\n\u003Cli>Use the SHORTCODE [mcvt-visitor-tally] to place the tallies in sidebars, pages, and other locations on the website.\u003C\u002Fli>\n\u003Cli>Use any of several styles of visitor tables on your website with the shortcode and widget.\u003C\u002Fli>\n\u003Cli>The year-to-date count on the shortcode and widget can be turned off if you don’t want to show the YTD numbers at this time.\u003C\u002Fli>\n\u003Cli>Visitor data more than one year old are automatically deleted from the plugin’s database table, removing unneeded records.\u003C\u002Fli>\n\u003Cli>Counts are real people, as most bots and crawlers will not be counted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings and Use\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>SETTINGS LINK: Find “MC Visitor Tally” under “Settings” in the left menu. Also found under the plugin name in the list of installed plugins.\u003C\u002Fli>\n\u003Cli>MONTHLY COMPARISONS: Decide if you want month-to-month totals shown in the admin dashboard widget for comparisons. Also shows the total for the past 12 months.\u003C\u002Fli>\n\u003Cli>ONLINE TABLE STYLES: Choose a style for online tables. Experiment with this – themes and page builders display these tables very differently.\u003C\u002Fli>\n\u003Cli>YEAR-TO-DATE TOTALS: On the settings page, you can turn off the year-to-date counts on your website pages.\u003C\u002Fli>\n\u003Cli>WIDGET: Use the widget (MC Visitor Tally) to add the counter to sidebars or other widget-enabled areas of the website.\u003C\u002Fli>\n\u003Cli>SHORTCODE: Use the shortcode [mcvt-visitor-tally] to add the counter to any page, sidebar, or the footer.\u003C\u002Fli>\n\u003Cli>ON PLUGIN REMOVAL: On the settings page, you can decide not to delete the database table when removing the plugin – if you intend to re-install it later.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays unique daily visits. Web page tables. Dashboard widget with monthly comparisons.",100,4935,"2025-11-25T21:41:00.000Z","6.6.5","4.7","7.0",[21,73,111,23,112],"traffic-stats","visitor-stats","https:\u002F\u002Fmid-coast.com\u002Fmc-visitor-tally","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmc-visitor-tally.2.8.3.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":27,"last_updated":126,"tested_up_to":16,"requires_at_least":127,"requires_php":18,"tags":128,"homepage":132,"download_link":133,"security_score":104,"vuln_count":48,"unpatched_count":48,"last_vuln_date":37,"fetched_at":29},"personal-hit-counter","Personal Hit Counter","2.0","Dear","https:\u002F\u002Fprofiles.wordpress.org\u002Ftawhidurrahmandear\u002F","\u003Cp>\u003Cstrong>Inform the visitor, below the main content, how many times a specific Page, Post, or WooCommerce Product has been viewed by that visitor.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Welcome! It’s your first time on this product, and we are glad to have you.\u003C\u002Fli>\n\u003Cli>You have visited this product 1 time. Welcome back!\u003C\u002Fli>\n\u003Cli>You have visited this product 7 times. Welcome back!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Yes, It can track if it is a Page, or Post, or Product. It will track each visitor’s browsing history for your website in visitor’s own browser using cookies. When any visitor visits or re-visits any specific webpage, the PlugIn will show this message at the bottom of the main content.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The PlugIn will automatically match with your Theme’s color, button, style. Visitor will think it as the part of your theme. If you use this PlugIn in different themes, you will feel the change\u003C\u002Fli>\n\u003Cli>Whether you are on a desktop, laptop, tablet, or smartphone, this PlugIn works smoothly with almost every leading browser, including Chrome, Firefox, Edge, Safari, Opera, and Brave\u003C\u002Fli>\n\u003Cli>Tested to work with commonly used Themes and PlugIns\u003C\u002Fli>\n\u003Cli>The PlugIn takes very low space in hosting, and optimized to load quickly and use minimal server resources\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Live Preview\u003C\u002Fh3>\n\u003Cp>\u003C\u002Fp>\n\u003Cp>Check the Live Preview of \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fstore.devilhunter.net\u002Fwordpress-plugin\u002Fphc\u002F\" rel=\"noopener nofollow ugc\">Personal Hit Counter for WordPress\u003C\u002Fa>\u003C\u002Fstrong> first, then Install. Remember, the preview will be different at different themes as the PlugIn automatically match with Theme’s color, font, style\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Ch3>Looking for more advanced PlugIn?\u003C\u002Fh3>\n\u003Cp>Pro version “Receptionist” will also mention the specific time of the visitor’s last visit.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Welcome! It’s your first time on this product, and we are glad to have you.\u003C\u002Fli>\n\u003Cli>You have visited this product 1 time. Welcome back! Your last visit was on Saturday, 14 December 2024 at 4:28 PM. \u003C\u002Fli>\n\u003Cli>You have visited this product 7 times. Welcome back! Your last visit was on Wednesday, 8 January 2025 at 9:27 PM. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Buy Pro version with advanced features: \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Freceptionist-plugin-your-last-visit-was-on-\u002F19311719\" rel=\"noopener nofollow ugc\"> “Your last visit was on …” – by Receptionist PlugIn for Post, Page, Product\u003C\u002Fa>\u003C\u002Fstrong> from \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Freceptionist-plugin-your-last-visit-was-on-\u002F19311719\" rel=\"noopener nofollow ugc\"> CodeCanyon\u003C\u002Fa>\u003C\u002Fstrong> and you can see the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fstore.devilhunter.net\u002Fwordpress-plugin\u002Freceptionist\u002F\" rel=\"noopener nofollow ugc\"> Live Preview\u003C\u002Fa>\u003C\u002Fstrong> of Receptionist here.\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Ch3>Are you happy?\u003C\u002Fh3>\n\u003Cp>\u003C\u002Fp>\n\u003Cp>You are requested to provide positive review in WordPress.org with some extra clicks to share this PlugIn in your social network\u003C\u002Fp>\n\u003Cp>\u003C\u002Fp>\n\u003Cp>Thank you\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tawhidur Rahman Dear\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fitsolution.devilhunter.net\" rel=\"nofollow ugc\">Dear IT Solution\u003C\u002Fa>  : IT Consultancy, Web and App Development, AdSense, SEO, Graphic Design, Password Recovery and Security, Online Marketing, Corporate Services\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fstore.devilhunter.net\" rel=\"nofollow ugc\">Dear Store\u003C\u002Fa>  : WordPress PlugIn, JavaScript, CSS Code, Blogger Theme, Desktop Software for Windows\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapps.devilhunter.net\" rel=\"nofollow ugc\">Dear Apps Corner\u003C\u002Fa>  : More than 75 Android Apps to make your life beautiful\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","Inform the visitor, below the main content, how many times a specific Page, Post, or WooCommerce Product has been viewed by that visitor",40,7693,60,"2025-12-07T23:38:00.000Z","5.5",[21,129,23,130,131],"traffic-insights","visitor-tracking","woocommerce","https:\u002F\u002Fstore.devilhunter.net\u002Fwordpress-plugin\u002Fphc\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpersonal-hit-counter.2.0.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":86,"downloaded":142,"rating":104,"num_ratings":89,"last_updated":143,"tested_up_to":16,"requires_at_least":144,"requires_php":17,"tags":145,"homepage":63,"download_link":149,"security_score":150,"vuln_count":27,"unpatched_count":48,"last_vuln_date":151,"fetched_at":29},"counter-visitor-for-woocommerce","Counter live visitors for WooCommerce","1.4.0","DanielRiera","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielriera\u002F","\u003Cp>🎉+1.000 Active installations!!🎉\u003C\u002Fp>\n\u003Cblockquote>\n\u003Ch3>Important NOTE\u003C\u002Fh3>\n\u003Cp>If your website uses a cache plugin, you can activate the option ‘Your site use cache system?’, This option will enable an additional call to show the block of active users 🙂\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>It is not a simple visitor counter, this counter is shown on each product with the number of users who are currently viewing that same product\u003C\u002Fp>\n\u003Cp>Navigate to Woocommerce -> Visitor Counter in the administration menu for configure\u003C\u002Fp>\n\u003Cp>You use Elementor or other page builder?\u003C\u002Fp>\n\u003Cp>Try [wcvisitor] shortcode, available from 1.1.2 version\u003C\u002Fp>\n\u003Cp>Since version 1.2.0 the \u003Cstrong>\u003Cem>msgone\u003C\u002Fem>\u003C\u002Fstrong> and \u003Cstrong>\u003Cem>msgmore\u003C\u002Fem>\u003C\u002Fstrong> parameters are included (optionals) to customize the message for each shortcode, example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>[wcvisitor msgOne=”Only One” msgMore=”Now %n users on this product”]\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>Español (Spanish), English (English US)\u003C\u002Fp>\n","Show user count on product",35840,"2026-03-15T01:02:00.000Z","4.3",[146,147,148,23,131],"counter","live","visitor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcounter-visitor-for-woocommerce.1.4.0.zip",98,"2025-07-15 18:17:09",{"attackSurface":153,"codeSignals":191,"taintFlows":218,"riskAssessment":259,"analyzedAt":268},{"hooks":154,"ajaxHandlers":177,"restRoutes":184,"shortcodes":185,"cronEvents":190,"entryPointCount":50,"unprotectedCount":48},[155,161,164,169,173],{"type":156,"name":157,"callback":158,"priority":104,"file":159,"line":160},"action","wp_enqueue_scripts","wps_enqueue_scripts","wps-visitor-counter-count.php",17,{"type":156,"name":162,"callback":158,"priority":104,"file":159,"line":163},"admin_enqueue_scripts",18,{"type":156,"name":165,"callback":166,"file":167,"line":168},"widgets_init","wps_visitor_counter_widgets_init","wps-visitor-counter.php",118,{"type":156,"name":170,"callback":171,"file":167,"line":172},"admin_menu","wps_visitor_counter_admin_menu",119,{"type":156,"name":174,"callback":175,"file":167,"line":176},"init","wps_visitor_init",154,[178,182],{"action":179,"nopriv":47,"callback":179,"hasNonce":180,"hasCapCheck":47,"file":159,"line":181},"wps_count_page_visit",true,22,{"action":179,"nopriv":180,"callback":179,"hasNonce":180,"hasCapCheck":47,"file":159,"line":183},23,[],[186],{"tag":187,"callback":188,"file":167,"line":189},"wps_visitor_counter","wps_add_visitor_counter",129,[],{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":196,"fileOperations":48,"externalRequests":48,"nonceChecks":216,"capabilityChecks":89,"bundledLibraries":217},[],{"prepared":194,"raw":48,"locations":195},39,[],{"escaped":197,"rawEcho":198,"locations":199},35,7,[200,204,206,208,210,212,214],{"file":201,"line":202,"context":203},"wps-visitor-counter-options-general.php",41,"raw output",{"file":201,"line":205,"context":203},99,{"file":201,"line":207,"context":203},111,{"file":201,"line":209,"context":203},115,{"file":201,"line":211,"context":203},136,{"file":201,"line":213,"context":203},204,{"file":215,"line":68,"context":203},"wps-visitor-counter-widgets.php",2,[],[219],{"entryPoint":220,"graph":221,"unsanitizedCount":216,"severity":258},"\u003Cwps_wp_query> (wps_wp_query.php:0)",{"nodes":222,"edges":253},[223,229,235,237,242,246,250],{"id":224,"type":225,"label":226,"file":227,"line":228},"n0","source","$_POST","wps_wp_query.php",57,{"id":230,"type":231,"label":232,"file":227,"line":233,"wp_function":234},"n1","sink","get_results() [SQLi]",194,"get_results",{"id":236,"type":225,"label":226,"file":227,"line":228},"n2",{"id":238,"type":231,"label":239,"file":227,"line":240,"wp_function":241},"n3","query() [SQLi]",235,"query",{"id":243,"type":225,"label":244,"file":227,"line":245},"n4","$_POST (x2)",45,{"id":247,"type":248,"label":249,"file":227,"line":245},"n5","transform","→ wps_update_query()",{"id":251,"type":231,"label":239,"file":227,"line":252,"wp_function":241},"n6",177,[254,255,256,257],{"from":224,"to":230,"sanitized":180},{"from":236,"to":238,"sanitized":180},{"from":243,"to":247,"sanitized":47},{"from":247,"to":251,"sanitized":47},"high",{"summary":260,"deductions":261},"The wps-visitor-counter plugin v1.4.9 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices by exclusively using prepared statements for all SQL queries and implementing capability checks for its entry points. There are no detected dangerous functions, file operations, or external HTTP requests, which significantly reduces the potential for common web vulnerabilities. The output escaping is also generally good, with 83% of outputs properly escaped.\n\nHowever, the static analysis reveals a critical taint flow with an unsanitized path, indicating a potential for high-severity vulnerabilities like cross-site scripting (XSS) or arbitrary file read\u002Fwrite, despite the absence of documented critical or high vulnerabilities in its history. The presence of one unpatched medium severity vulnerability from November 21, 2025, specifically an XSS, is a significant concern. While the vulnerability history shows only one medium CVE, the fact that it remains unpatched and the taint analysis identifying a critical issue warrants caution. This suggests that although the developers have implemented several security best practices, there might be overlooked vulnerabilities or inadequate sanitization in specific code paths.\n\nIn conclusion, while wps-visitor-counter has strengths in its use of prepared statements and capability checks, the identified critical taint flow and the unpatched medium XSS vulnerability represent notable weaknesses. These issues, coupled with the fact that there is only one documented CVE but a concerning taint analysis result, suggest that the plugin's security is not entirely robust and requires immediate attention to address the identified risks.",[262,264,266],{"reason":263,"points":68},"Unpatched CVE (Medium Severity)",{"reason":265,"points":68},"Critical severity taint flow with unsanitized path",{"reason":267,"points":89},"Output escaping (17% not properly escaped)","2026-03-16T17:40:49.257Z",{"wat":270,"direct":281},{"assetPaths":271,"generatorPatterns":275,"scriptPaths":276,"versionParams":277},[272,273,274],"\u002Fwp-content\u002Fplugins\u002Fwps-visitor-counter\u002Fstyles\u002Fjs\u002Fcustom.js","\u002Fwp-content\u002Fplugins\u002Fwps-visitor-counter\u002Fstyles\u002Fcss\u002Fdefault.css","\u002Fwp-content\u002Fplugins\u002Fwps-visitor-counter\u002Fwps-gutenberg-block.js",[],[272,274],[278,279,280],"wps-visitor-counter\u002Fstyles\u002Fjs\u002Fcustom.js?ver=1.4.9","wps-visitor-counter\u002Fstyles\u002Fcss\u002Fdefault.css?ver=1.4.9","wps-visitor-counter\u002Fwps-gutenberg-block.js?ver=1.4.9",{"cssClasses":282,"htmlComments":287,"htmlAttributes":293,"restEndpoints":295,"jsGlobals":296,"shortcodeOutput":298},[283,284,285,286],"wpsvc_plugins_wrap","wpsvc_right_sidebar","wpsvc_plugins_text","wpsvc_option_wrap",[288,289,290,291,292],"\u003C!-- start mvc wrap -->","\u003C!-- start right sidebar -->","\u003C!-- Support Banner -->","\u003C!----fastcomet----->","\u003C!----fastcomet end----->",[294],"data-block=\"wps\u002Fwps-visitor-counter\"",[],[297],"wpspagevisit",[299],"[wps_visitor_counter]",{"error":180,"url":301,"statusCode":302,"statusMessage":303,"message":303},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwps-visitor-counter\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":89,"versions":305},[306,312,320,328,336],{"version":6,"download_url":26,"svn_tag_url":307,"released_at":37,"has_diff":47,"diff_files_changed":308,"diff_lines":37,"trac_diff_url":309,"vulnerabilities":310,"is_current":180},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwps-visitor-counter\u002Ftags\u002F1.4.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwps-visitor-counter%2Ftags%2F1.4.8&new_path=%2Fwps-visitor-counter%2Ftags%2F1.4.9",[311],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":313,"download_url":314,"svn_tag_url":315,"released_at":37,"has_diff":47,"diff_files_changed":316,"diff_lines":37,"trac_diff_url":317,"vulnerabilities":318,"is_current":47},"1.4.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-visitor-counter.1.4.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwps-visitor-counter\u002Ftags\u002F1.4.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwps-visitor-counter%2Ftags%2F1.4.7&new_path=%2Fwps-visitor-counter%2Ftags%2F1.4.8",[319],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":321,"download_url":322,"svn_tag_url":323,"released_at":37,"has_diff":47,"diff_files_changed":324,"diff_lines":37,"trac_diff_url":325,"vulnerabilities":326,"is_current":47},"1.4.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-visitor-counter.1.4.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwps-visitor-counter\u002Ftags\u002F1.4.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwps-visitor-counter%2Ftags%2F1.4.6&new_path=%2Fwps-visitor-counter%2Ftags%2F1.4.7",[327],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":329,"download_url":330,"svn_tag_url":331,"released_at":37,"has_diff":47,"diff_files_changed":332,"diff_lines":37,"trac_diff_url":333,"vulnerabilities":334,"is_current":47},"1.4.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-visitor-counter.1.4.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwps-visitor-counter\u002Ftags\u002F1.4.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwps-visitor-counter%2Ftags%2F1.4.5&new_path=%2Fwps-visitor-counter%2Ftags%2F1.4.6",[335],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":337,"download_url":338,"svn_tag_url":339,"released_at":37,"has_diff":47,"diff_files_changed":340,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":341,"is_current":47},"1.4.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-visitor-counter.1.4.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwps-visitor-counter\u002Ftags\u002F1.4.5\u002F",[],[342],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37}]