Ad Buttons Security & Risk Analysis
wordpress.org/plugins/ad-buttonsThe Ad Buttons plugin displays a number of graphical ads in a sidebar widget.
Is Ad Buttons Safe to Use in 2026?
Generally Safe
Score 85/100Ad Buttons has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The "ad-buttons" v3.1 plugin exhibits a generally good security posture, with no detected AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. The code signals also indicate a commitment to secure coding practices, with a high percentage of SQL queries using prepared statements and output being properly escaped. The absence of file operations and external HTTP requests further reduces potential attack vectors. However, the presence of two taint flows with unsanitized paths, even if not rated as critical or high severity by the analysis, warrants attention as these could potentially lead to vulnerabilities if exploited.
The vulnerability history reveals a single medium-severity CVE in the past, which has since been patched. The fact that the last vulnerability was in 2015 suggests a period of relative security stability. While the absence of current unpatched vulnerabilities is positive, the existence of past CSRF vulnerabilities, even if historical, is a reminder that such issues can arise. The plugin's relatively small attack surface and good adherence to core WordPress security practices like nonce and capability checks are strengths. The main concern lies in the two identified taint flows, which could represent latent vulnerabilities that were not fully mitigated or are not detectable by the current static analysis.
Key Concerns
- Taint flows with unsanitized paths (High severity)
- Significant portion of SQL not using prepared statements
- Past medium vulnerability (CSRF)
Ad Buttons Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Ad Buttons <= 2.3.1 - Cross-Site Request Forgery to Cross-Site Scripting
Ad Buttons Release Timeline
Ad Buttons Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Ad Buttons Attack Surface
WordPress Hooks 5
Maintenance & Trust
Ad Buttons Maintenance & Trust
Maintenance Signals
Community Trust
Ad Buttons Alternatives
In-Post Ads
adsense-in-post-ads-by-oizuled
A plugin to display ads inside your pages or posts.
Ad Commander – Ad Manager for Banners, AdSense, Ad Networks
ad-commander
Insert image banner ads, Google AdSense, Amazon, affiliate ad networks. Rotate and randomize. Manage with AI agents. Track impressions and clicks.
LexonAds: Free Ad Network – Boost Traffic & Get More Visitors
martins-free-and-easy-ad-network-get-more-visitors
The 100% free alternative to Google Ads and Facebook Ads. Join our global ad exchange network to get more website visitors and boost your visibility a …
Setupad WP Ads
setupad
Simple and powerful ad insertion tool for WordPress users with a wide range of features to insert, manage, and optimize your ad inventory.
Listdom Ads Addon – Display Ads on Listing Pages
listdom-ads
Easily monetize your Listdom directory by displaying ads (Google AdSense, affiliate banners, HTML content, shortcodes) on listing detail pages.
Ad Buttons Developer Profile
1 plugin · 100 total installs
How We Detect Ad Buttons
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/ad-buttons/ab_admin.js/wp-content/plugins/ad-buttons/ad-buttons.csshttp://pagead2.googlesyndication.com/pagead/show_ads.jsad-buttons/ad-buttons.css?ver=HTML / DOM Fingerprints
ab_powerab_adblockab_adsense<!--
google_ad_client = "-->
<!--
-->
id="ab_power"id="ab_adblock"id="ab_adsense"id="ab_clear"class="ab_power"google_ad_clientgoogle_ad_widthgoogle_ad_heightgoogle_ad_formatgoogle_ad_typegoogle_ad_channel+6 more