Does Ad Buttons have any unpatched vulnerabilities?

No. All known vulnerabilities in Ad Buttons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ad Buttons compatible with WordPress 4.9.29?

According to WordPress.org data, Ad Buttons 3.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Ad Buttons updated?

Ad Buttons was last updated on Aug 2, 2018. Frequent updates are generally a positive security signal.

What is Ad Buttons's security score?

Ad Buttons has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ad Buttons Security & Risk Analysis

wordpress.org/plugins/ad-buttons

The Ad Buttons plugin displays a number of graphical ads in a sidebar widget.

100 active installs v3.1 PHP + WP 2.8.0+ Updated Aug 2, 2018

adsadsenseadvertisingbuttonsmonetizing

A · Safe

CVEs total1

Unpatched0

Last CVEMay 8, 2015

Plugin page Download

Safety Verdict

Is Ad Buttons Safe to Use in 2026?

Generally Safe

Score 85/100

Ad Buttons has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 8, 2015Updated 7yr ago

Risk Assessment

The "ad-buttons" v3.1 plugin exhibits a generally good security posture, with no detected AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. The code signals also indicate a commitment to secure coding practices, with a high percentage of SQL queries using prepared statements and output being properly escaped. The absence of file operations and external HTTP requests further reduces potential attack vectors. However, the presence of two taint flows with unsanitized paths, even if not rated as critical or high severity by the analysis, warrants attention as these could potentially lead to vulnerabilities if exploited.

The vulnerability history reveals a single medium-severity CVE in the past, which has since been patched. The fact that the last vulnerability was in 2015 suggests a period of relative security stability. While the absence of current unpatched vulnerabilities is positive, the existence of past CSRF vulnerabilities, even if historical, is a reminder that such issues can arise. The plugin's relatively small attack surface and good adherence to core WordPress security practices like nonce and capability checks are strengths. The main concern lies in the two identified taint flows, which could represent latent vulnerabilities that were not fully mitigated or are not detectable by the current static analysis.

Key Concerns

Taint flows with unsanitized paths (High severity)
Significant portion of SQL not using prepared statements
Past medium vulnerability (CSRF)

Vulnerabilities

Ad Buttons Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2017-18553medium · 6.1Cross-Site Request Forgery (CSRF)

Ad Buttons <= 2.3.1 - Cross-Site Request Forgery to Cross-Site Scripting

May 8, 2015 Patched in 2.3.2 (3182d)

Code Analysis

Analyzed Mar 16, 2026

Ad Buttons Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

166 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

65% prepared34 total queries

Output Escaping

90% escaped184 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

<adbuttons> (adbuttons.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Ad Buttons Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menuadbuttons.php:311

actionwidgets_initadbuttons.php:407

actioninitadbuttons.php:409

filterquery_varsadbuttons.php:411

actiontemplate_redirectadbuttons.php:417

Maintenance & Trust

Ad Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedAug 2, 2018

PHP min version

Downloads59K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Ad Buttons Alternatives

In-Post Ads

adsense-in-post-ads-by-oizuled

A plugin to display ads inside your pages or posts.

700 No CVEs

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks

ad-commander

100

Insert image banner ads, Google AdSense, Amazon, affiliate ad networks. Rotate and randomize ad groups. Track impressions and clicks. Create ads.txt.

100 No CVEs

Setupad WP Ads

setupad

Simple and powerful ad insertion tool for WordPress users with a wide range of features to insert, manage, and optimize your ad inventory.

100 No CVEs

Ad Code Manager

ad-code-manager

100

Manage your ad codes through the WordPress admin safely and easily.

50 No CVEs

Ad Commander Tools

ad-commander-tools

Add-on for the Ad Commander plugin that allows you to import, export, and manage ad statistics. This plugin requires Ad Commander.

50 No CVEs

Developer Profile

Ad Buttons Developer Profile

mindnl

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

3182 days

View full developer profile

Detection Fingerprints

How We Detect Ad Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ad-buttons/ab_admin.js/wp-content/plugins/ad-buttons/ad-buttons.css

Script Paths

http://pagead2.googlesyndication.com/pagead/show_ads.js

Version Parameters

ad-buttons/ad-buttons.css?ver=

HTML / DOM Fingerprints

CSS Classes

ab_powerab_adblockab_adsense

HTML Comments

<!--
google_ad_client = "

-->

<!--
-->

Data Attributes

id="ab_power"id="ab_adblock"id="ab_adsense"id="ab_clear"class="ab_power"

JS Globals

google_ad_clientgoogle_ad_widthgoogle_ad_heightgoogle_ad_formatgoogle_ad_typegoogle_ad_channel+6 more

FAQ