Display unique visitor or page-view counts anywhere on your site using widgets or shortcodes — Simple, very lightweight and no third-party code.
Category Scores
Top Issues by Category
security87
maintainability46
i18n6
Issues Details
141 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Detected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it.
Unescaped parameter $table_name used in $wpdb->get_results()\n$table_name assigned unsafely at line 186.
Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "ALTER TABLE $table_name MODIFY srs_id INT UNSIGNED AUTO_INCREMENT NOT NULL, MODIFY srs_post_id INT UNSIGNED, MODIFY srs_visitors_count INT UNSIGNED, MODIFY srs_views_count INT UNSIGNED"
$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Processing form data without nonce verification.
Detected usage of a non-sanitized input variable: $_GET['page']
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
Mismatched text domain. Expected 'srs-simple-hits-counter' but got 'text_domain'.
Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Attempting a database schema change is discouraged.
Tested up to: 7.0.0 The version number should only include major versions 7.0.
Plugin name "SRS Simple Hits Counter" is different from the name declared in plugin header "SRS Simple hits Counter".
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
One or more tags were ignored. Please limit your plugin to 5 tags.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'. | 18 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 16 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 14 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it. | 14 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $table_name used in $wpdb->get_results()\n$table_name assigned unsafely at line 186. | 13 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "ALTER TABLE $table_name MODIFY srs_id INT UNSIGNED AUTO_INCREMENT NOT NULL, MODIFY srs_post_id INT UNSIGNED, MODIFY srs_visitors_count INT UNSIGNED, MODIFY srs_views_count INT UNSIGNED" | 13 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar | 11 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $begin | 6 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 6 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 6 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['page'] | 4 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching. | 4 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'srs-simple-hits-counter' but got 'text_domain'. | 4 |
| WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion | ERROR | Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development. | 3 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 2 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to _e(). | 2 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 1 |
| invalid_tested_upto_minor | ERROR | Tested up to: 7.0.0 The version number should only include major versions 7.0. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "SRS Simple Hits Counter" is different from the name declared in plugin header "SRS Simple hits Counter". | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
| readme_parser_warnings_too_many_tags | WARNING | One or more tags were ignored. Please limit your plugin to 5 tags. | 1 |
Latest Snapshot
Findings
141
Errors
43
Warnings
98
Score History
First score snapshot
First scan completed Jun 20, 2026
v2.2.3 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v2.2.3
38
Latest
- Findings
- 141
- Errors
- 43
- Warnings
- 98
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 38 | 141 | 43 | 98 | v2.2.3 | 2.0.0 | 2026.06-mvp-static-v2 |
