[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMWU-1RSLepqgdKdWF7R2e4wigdhRJkoZn_jmFGZfS2g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":50,"analysis":135,"fingerprints":363},"ad-buttons","Ad Buttons","3.1","mindnl","https:\u002F\u002Fprofiles.wordpress.org\u002Fmindnl\u002F","\u003Cp>The Ad Buttons plugin displays a number of graphical ads in a sidebar widget\u003C\u002Fp>\n\u003Cp>The current version contains the following functionality:\u003C\u002Fp>\n\u003Cp>Add new ad buttons:\u003Cbr \u002F>\nBy entering image URL, link URL and link text a new ad button will be created\u003C\u002Fp>\n\u003Cp>Enable\u002Fdisable individual ad buttons:\u003Cbr \u002F>\nEach ad button can be enabled or disabled from the admin panel\u003C\u002Fp>\n\u003Cp>Select how many ad buttons to display in the sidebar widget.\u003Cbr \u002F>\nDisplaying the ad buttons on your blog is done by randomly selecting ads from your total list of active ads. You can select how many ads are displayed on your blog.\u003C\u002Fp>\n\u003Cp>See how many times each ad button has been displayed and clicked.\u003Cbr \u002F>\nAd performance is an important measurement, especially when your ads link to affiliate programs. The number of views, clicks and CTR (click thru rate) are displayed for each ad button. Views by search engine bots are automatically filtered from the count.\u003C\u002Fp>\n\u003Cp>A Google AdSense 125 x 125 ad unit can be displayed by filling in your AdSense publisher ID. AdSense ad colors can be controlled right from the Ad Buttons admin panel.\u003C\u002Fp>\n","The Ad Buttons plugin displays a number of graphical ads in a sidebar widget.",100,58810,1,"2018-08-02T17:55:00.000Z","4.9.29","2.8.0","",[19,20,21,22,23],"ads","adsense","advertising","buttons","monetizing","http:\u002F\u002Fadbuttons.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fad-buttons.3.1.zip",85,0,"2015-05-08 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2017-18553","ad-buttons-cross-site-request-forgery-to-cross-site-scripting","Ad Buttons \u003C= 2.3.1 - Cross-Site Request Forgery to Cross-Site Scripting","The Ad Buttons plugin for WordPress is vulnerable to Cross-Site Scripting via Cross-Site Request Forgery via the ‘ab_yahurl’ parameter in versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping in addition to missing nonce protection. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C2.3.2","2.3.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd5f36574-b4d0-4b67-baea-f5ef5e6618d1?source=api-prod",3182,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":48,"computed_at":49},69,"2026-04-03T19:21:14.067Z",[51,70,89,107,124],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":6,"requires_php":17,"tags":65,"homepage":68,"download_link":69,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"adsense-in-post-ads-by-oizuled","In-Post Ads","2.0.4","AMP-MODE","https:\u002F\u002Fprofiles.wordpress.org\u002Fampmode\u002F","\u003Cp>The In-Post Ads plugin allows you to save your most used ad codes, and insert them as a shortcode in your pages or posts.\u003C\u002Fp>\n\u003Cp>You may already use a plugin to display your ads in a widgetized area of your page such as the left or right sidebars, or in the header or footer of your page. While this does get the ads on the page, your site visitors are not likely to click on them.\u003C\u002Fp>\n\u003Cp>This plugin creates shortcodes, which you can use inside the body of any page or post to display an advertisement. This is where your reader’s eyes are looking anyway, and it will increase the odds that they will click on the ad.\u003C\u002Fp>\n","A plugin to display ads inside your pages or posts.",700,68319,94,3,"2023-05-03T19:25:00.000Z","6.2.9",[66,19,20,21,67],"ad","google","https:\u002F\u002Famplifyplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadsense-in-post-ads-by-oizuled.2.0.4.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":11,"downloaded":78,"rating":11,"num_ratings":62,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":87,"download_link":88,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"ad-commander","Ad Commander – Ad Manager for Banners, AdSense, Ad Networks","1.1.25","wildoperation","https:\u002F\u002Fprofiles.wordpress.org\u002Fwildoperation\u002F","\u003Cp>Ad Commander is a complete ad management plugin for WordPress. With Ad Commander, users can quickly create custom banner image ads, Google AdSense ads, Amazon Associates ads, and ads for other affiliate ad networks.\u003C\u002Fp>\n\u003Cp>Create groups of rotating banner ads or randomly displaying ads. Insert ads with shortcodes, template tags, blocks, or automatic placements. Inject scripts into the header or footer of your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AdSense users:\u003C\u002Fstrong> Ad Commander integrates directly with your AdSense account to make implementing AdSense and AMP ads quick and easy. Simply connect an account and choose from a searchable, sortable list of ad units. Alternatively, build your ads manually or paste in code.\u003C\u002Fp>\n\u003Cp>Some key features of Ad Commander include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create individual ads or groups of randomizing, rotating, or manually sorted ads\u003C\u002Fli>\n\u003Cli>AdSense ad type with direct AdSense account integration, manually built ad units, or simple code pasting\u003C\u002Fli>\n\u003Cli>Track impressions and clicks and generate reports for ads\u003C\u002Fli>\n\u003Cli>Support for AMP ads with amp-pixel and amp-analytics tracking\u003C\u002Fli>\n\u003Cli>Inject ads or groups using shortcodes, template tags, blocks, or automatic placements\u003C\u002Fli>\n\u003Cli>Conditionally display ads with content targeting options\u003C\u002Fli>\n\u003Cli>Display required labels above ads\u003C\u002Fli>\n\u003Cli>Add custom code before and after ads or groups\u003C\u002Fli>\n\u003Cli>Dynamically create an ads.txt and manage it in the WordPress admin\u003C\u002Fli>\n\u003Cli>Familiar WordPress interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpadcommander.com\u002Fdocumentation\u002F?utm_source=wordpressorg&utm_medium=link&utm_campaign=readme\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpadcommander.com\u002Fsupport\u002F?utm_source=wordpressorg&utm_medium=link&utm_campaign=readme\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Demo Video\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FdCQHwTIxfjM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Connecting AdSense\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FTTR95aFhLls?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&start=4&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Creating rotating banner ads\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FNpPgFlP0T0g?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Ad Commander core is free to download and use. Ad Commander Pro has additional advanced features. \u003Ca href=\"https:\u002F\u002Fwpadcommander.com\u002F?utm_source=wordpressorg&utm_medium=link&utm_campaign=readme\" rel=\"nofollow ugc\">Visit our website to learn more about Ad Commander Pro.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Some Pro features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Priority email support\u003C\u002Fli>\n\u003Cli>Automatically convert AdSense ads to AMP ads\u003C\u002Fli>\n\u003Cli>Google Analytics (GA4) or other third-party analytics tracking for impressions and clicks\u003C\u002Fli>\n\u003Cli>Expire ads by date or maximum stats\u003C\u002Fli>\n\u003Cli>Advanced automatic placement positions\u003C\u002Fli>\n\u003Cli>Automatic placements for bbPress and BuddyPress\u003C\u002Fli>\n\u003Cli>Lazy load ads when they enter the viewport\u003C\u002Fli>\n\u003Cli>Popup ads\u003C\u002Fli>\n\u003Cli>Visitor targeting options\u003C\u002Fli>\n\u003Cli>Geotargeting with MaxMind IP databases\u003C\u002Fli>\n\u003Cli>Content and visitor targeting for groups and automatic placements\u003C\u002Fli>\n\u003Cli>Display groups in a grid layout\u003C\u002Fli>\n\u003Cli>Weighted or evenly distributed ad impressions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpadcommander.com\u002Ffeatures\u002F?utm_source=wordpressorg&utm_medium=link&utm_campaign=readme\" rel=\"nofollow ugc\">All Features\u003C\u002Fa>\u003C\u002Fp>\n","Insert image banner ads, Google AdSense, Amazon, affiliate ad networks. Rotate and randomize ad groups. Track impressions and clicks. Create ads.txt.",4113,"2026-03-09T20:13:00.000Z","6.9.4","6.2","7.4",[20,21,84,85,86],"amp","banners","rotate","https:\u002F\u002Fwpadcommander.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fad-commander.1.1.25.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":11,"downloaded":97,"rating":11,"num_ratings":13,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":17,"download_link":105,"security_score":106,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"setupad","Setupad WP Ads","1.6.2","Setupad","https:\u002F\u002Fprofiles.wordpress.org\u002Fsetupad\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3e9a1w2uKfQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Looking for an ultimate solution for managing and displaying ads, including seamless ad insertion capabilities, on your WordPress site? Look no further! Introducing the Setupad WP Ads – a simple and powerful plugin for WordPress suitable for both beginners in website monetization and experienced website owners.\u003C\u002Fp>\n\u003Cp>With this plugin, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Insert all kinds of ads, including Google AdSense and Google Ad Manager (GAM), through code snippets or utilize advanced ad inserter options.\u003C\u002Fli>\n\u003Cli>Insert ad placements (HTML\u002FJS) or images in multiple positions, including before and after posts, content, paragraphs, images, comments, and excerpts.\u003C\u002Fli>\n\u003Cli>Insert placements on different pages and choose which devices to display them on (desktop, tablet, mobile).\u003C\u002Fli>\n\u003Cli>Align ad placements.\u003C\u002Fli>\n\u003Cli>Add custom CSS.\u003C\u002Fli>\n\u003Cli>Insert ads.txt lines.\u003C\u002Fli>\n\u003Cli>Add a related posts section with multiple grid options.\u003C\u002Fli>\n\u003Cli>Insert ad placements between related post categories.\u003C\u002Fli>\n\u003Cli>Insert header scripts.\u003C\u002Fli>\n\u003Cli>Insert footer scripts.\u003C\u002Fli>\n\u003Cli>Enable lazy-load ad placements, which will speed up your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Setupad is brought to you by a team of professionals with 10+ years of experience in programmatic advertising. In addition to basic functionalities, the plugin offers built-in integration with the Setupad header bidding monetization platform.\u003C\u002Fp>\n\u003Cp>Want to know what the best part is? Our plugin comes with all these advanced features completely free of charge.\u003C\u002Fp>\n\u003Cp>Get the Setupad WP Ads plugin for your WordPress site and take full control over your ad management today!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsetupad.github.io\u002FSetupad-WP-Plugin-Documentation\u002Ffeatures\" rel=\"nofollow ugc\">Full feature list and documentation\u003C\u002Fa>\u003C\u002Fp>\n","Simple and powerful ad insertion tool for WordPress users with a wide range of features to insert, manage, and optimize your ad inventory.",5603,"2024-12-05T12:08:00.000Z","6.6.5","4.4","5.6",[103,19,20,21,104],"ad-manager","wordpress-ads","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsetupad.1.6.2.zip",92,{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":27,"num_ratings":27,"last_updated":117,"tested_up_to":80,"requires_at_least":118,"requires_php":82,"tags":119,"homepage":122,"download_link":123,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"ad-code-manager","Ad Code Manager","0.8.0","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>Ad Code Manager gives non-developers an interface in the WordPress admin for configuring your complex set of ad codes.\u003C\u002Fp>\n\u003Cp>Some code-level configuration may be necessary to set up Ad Code Manager. Ad tags must be added (via \u003Ccode>do_action()\u003C\u002Fcode>) to your theme’s template files where you’d like ads to appear. Alternatively, you can incorporate ad tags into your website with our widget and shortcode. Check out the configuration guide below for the full details.\u003C\u002Fp>\n\u003Cp>A common set of parameters must also be defined for your ad provider. This includes the tag IDs used by your template, the default URL for your ad provider, and the default HTML surrounding that URL. Ad Code Manager supports Google DoubleClick For Publishers (and Async), and Google AdSense. All the logic is abstracted, however, so configuring a different provider is relatively easy. Check \u003Ccode>providers\u002Fdoubleclick-for-publishers.php\u003C\u002Fcode> for an idea of how to extend ACM to suit your needs.\u003C\u002Fp>\n\u003Cp>Once this configuration is in place, the Ad Code Manager admin interface will allow you to add new ad codes, modify the parameters for your script URL, and define conditionals to determine when the ad code appears. Conditionals are core WordPress functions like is_page(), is_category(), or your own custom functions that evaluate certain expressions and then return true or false.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FAutomattic\u002FAd-Code-Manager\" rel=\"nofollow ugc\">Fork the plugin on Github\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fadcodemanager.wordpress.com\u002F\" rel=\"nofollow ugc\">follow our development blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Configure Ad Code Manager to manage the advertisements on your site\u003C\u002Fh3>\n\u003Cp>Ad Code Manager is a VIP-sponsored plugin designed to make managing the ad codes used to display advertisements on your site easier. There’s a little bit of work you’ll need to do upfront to integrate Ad Code Manager with your theme.\u003C\u002Fp>\n\u003Cp>The high-level idea behind Ad Code Manager is that it gives non-developers an admin interface to manage ad codes. It then permits users to (optionally) target specific ad codes using conditionals like \u003Ccode>is_home()\u003C\u002Fcode> and \u003Ccode>is_single()\u003C\u002Fcode>. Ad codes are associated with positions in the theme through the use of ad tags.\u003C\u002Fp>\n\u003Cp>Currently, Ad Code Manager easily integrates with Google DoubleClick For Publishers Async and Google AdSense. Other ad providers are supported with additional configuration.\u003C\u002Fp>\n\u003Ch3>Google AdSense and DoubleClick For Publishers Async\u003C\u002Fh3>\n\u003Cp>Let’s use AdSense as our first example. You’ll want to incorporate some of the default ad tags into your theme by use of \u003Ccode>do_action()\u003C\u002Fcode>. Here’s an example you might put in your header.php file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>do_action( 'acm_tag', '728x90_leaderboard' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once done, you can select the “Google AdSense” provider in the admin. Ad codes can be registered against ad tags (positions) by choosing the ad tag from the drop-down, entering the tag ID and publisher ID, and hitting “Add New Ad Code”.\u003C\u002Fp>\n\u003Cp>And like that, your 728×90 leaderboard will appear on your site.\u003C\u002Fp>\n\u003Cp>The Google AdSense configuration comes with many of Google’s suggested sizes. Additional ad tags can be registered by way of filtering:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_ad_tag_ids', 'acmx_filter_ad_tag_ids' );\nfunction acmx_filter_ad_tag_ids( $ids ) {\n    $ids[] = array(\n        'enable_ui_mapping' => true,\n        'tag'               => '100x100_smallsquare',\n        'url_vars'          => array(\n            'tag'    => '100x100_smallsquare',\n            'height' => '100',\n            'width'  => '100',\n        ),\n    );\n\n    return $ids;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Keep in mind that you’ll still need to incorporate a \u003Ccode>do_action( 'acm_tag', '100x100_smallsquare' );\u003C\u002Fcode> in your theme to display the ad tag.\u003C\u002Fp>\n\u003Cp>If you choose Google DFP Async as your provider, you’ll likely need to register additional ad tags, as we only package two default ad tags.\u003C\u002Fp>\n\u003Ch3>Custom Ad Provider Implementations\u003C\u002Fh3>\n\u003Cp>As mentioned previously, other ad code providers are supported with additional configuration. Here’s an example of the different filters you would use to configure the older version of Google DoubleClick For Publishers:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F**\n * Define the default URL to be used when rendering ad codes\n *\u002F\nadd_filter( 'acm_default_url', 'acmx_filter_default_url' ) ;\nfunction acmx_filter_default_url( $url ) {\n    if ( 0 === strlen( $url )  ) {\n        return \"http:\u002F\u002Fad.doubleclick.net\u002Fadj\u002F%site_name%\u002F%zone1%;s1=%zone1%;s2=;pid=%permalink%;fold=%fold%;kw=;test=%test%;ltv=ad;pos=%pos%;dcopt=%dcopt%;tile=%tile%;sz=%sz%;\";\n    }\n}\n\n\u002F**\n * Whitelist the DFP URL to be used in ad tags. The whitelist\n * helps prevent execution of arbitrary scripts\n *\u002F\nadd_filter( 'acm_whitelisted_script_urls', 'acmx_filter_whitelisted_script_urls');\nfunction acmx_filter_whitelisted_script_urls( $whitelisted_urls ) {\n    $whitelisted_urls = array( 'ad.doubleclick.net' );\n    return $whitelisted_urls;\n}\n\n\u002F**\n * Define the different ad tags (locations) you'd like to use in your theme\n *\u002F\nadd_filter( 'acm_ad_tag_ids', 'acmx_ad_tags_ids' );\nfunction acmx_ad_tags_ids( $ad_tag_ids ) {\n    return array(\n        array(\n            'tag'      => '728x90-atf',\n            'url_vars' => array(\n                'sz'     => '728x90',\n                'fold'   => 'atf',\n                'width'  => '728',\n                'height' => '90',\n            ),\n        ),\n        array(\n            'tag'      => '728x90-btf',\n            'url_vars' => array(\n                'sz'     => '728x90',\n                'fold'   => 'btf',\n                'width'  => '728',\n                'height' => '90',\n            ),\n        ),\n        array(\n            'tag'      => '300x250-atf',\n            'url_vars' => array(\n                'sz'     => '300x250',\n                'fold'   => 'atf',\n                'width'  => '300',\n                'height' => '250',\n            ),\n        ),\n        array(\n            'tag'      => '300x250-btf',\n            'url_vars' => array(\n                'sz'     => '300x250',\n                'fold'   => 'btf',\n                'width'  => '300',\n                'height' => '250',\n            ),\n        ),\n        array(\n            'tag'      => '160x600-atf',\n            'url_vars' => array(\n                'sz'     => '160x600',\n                'fold'   => 'atf',\n                'width'  => '160',\n                'height' => '600',\n            ),\n        ),\n        array(\n            'tag'      => '1x1',\n            'url_vars' => array(\n                'sz'   => '1x1',\n                'fold' => 'int',\n                'pos'  => 'top',\n            ),\n        )\n    );\n}\n\nadd_filter( 'acm_output_html','acmx_filter_output_html', 5, 2 );\n\u002F**\n * Register the full script output to use with each ad tag.\n *\u002F\nfunction acmx_filter_output_html( $output_html, $tag_id ) {\n    $output_html = '\u003C!-- DFP %pos% %sz% ad tag --> \n    \u003Cscript>\nif ( typeof ord=='undefined' ) { ord=Math.random()*10000000000000000; }\nif ( typeof( dfp_tile ) == 'undefined' ) { dfp_tile=%tile% };\ndocument.write('\u003Cscript src=\"%url%ord=' + ord + '?\">\u003C\u002Fscript>');\n\u003C\u002Fscript>\u003Cnoscript>\u003Ca href=\"%url%ord=%random%?\" target=\"_blank\">\u003Cimg src=\"%url%ord=%random%?\" width=\"%width%\" height=\"%height%\" border=\"0\" alt=\">\u003C\u002Fa>\u003C\u002Fnoscript>\n\u003C!-- \u002F\u002FDFP %pos% %sz% tag -->';\n    return $output_html;\n}\n\nadd_filter('acm_output_tokens', 'acmx_filter_output_tokens', 5, 3 );\n\u002F**\n * Fine tune our output tokens.\n *\n * This is the real example of how easily you can modify output\n * depending on your ad network specs.\n *\u002F\nfunction acmx_filter_output_tokens( $output_tokens, $tag_id, $code_to_display ) {\n    global $dfp_tile;\n    global $dfp_ord;\n    global $dfp_pos;\n    global $dfp_dcopt;\n    global $wp_query;\n\n    \u002F\u002F We can't really rely on get_permalink() so use $_SERVER['REQUEST_URI] as bulletproof solution for generating unique pids\n    $link = strlen( $_SERVER['REQUEST_URI'] ) > 1 ? sanitize_key( $_SERVER['REQUEST_URI'] ) : home_url();\n    $output_tokens['%permalink%'] = str_replace( array( '\u002F',':', '.' ), '', $link ); \n    $output_tokens['%random%']    = $dfp_ord;\n    $output_tokens['%tile%']      = ++$dfp_tile;\n    if (  false === $dfp_pos[ $code_to_display['url_vars']['sz'] ] ) {\n        $output_tokens['%pos%']                        = 'top';\n        $dfp_pos[ $code_to_display['url_vars']['sz'] ] = true;\n    } else {\n        $output_tokens['%pos%'] = 'bottom';\n    }\n    if ( ! $dfp_dcopt ) {\n        $output_tokens['%dcopt%'] = 'ist';\n        $dfp_dcopt                = true;\n    } else {\n        $output_tokens['%dcopt%'] = '';\n    }\n\n    $output_tokens['%test%'] = isset( $_GET['test'] ) && $_GET['test'] == 'on' ? 'on' : '';\n\n    return $output_tokens;\n}\n~~~\u003Ch3>Configuration Filters\u003C\u002Fh3>\nThere are some filters which allow you to easily customize the output of the plugin. You should place these filters in your theme's functions.php file or in another appropriate place.\n\n[Check out this gist](https:\u002F\u002Fgist.github.com\u002F1631131) to see all of the filters in action.\n\n### `acm_ad_tag_ids`\n\nAd tag IDs are used as a parameter when adding tags to your theme (e.g. `do_action( 'acm_tag', 'my_top_leaderboard' )`). The `url_vars` defined as part of each tag here will also be used to replace tokens in your default URL.\n\nArguments:\n* array $tag_ids array of default tag IDs\n\nExample usage: Add a new ad tag called 'my_top_leaderboard'\n\n~~~php\nadd_filter( 'acm_ad_tag_ids', 'my_acm_ad_tag_ids' );\nfunction my_acm_ad_tag_ids( $tag_ids ) {\n    $tag_ids[] = array(\n        'tag'      => 'my_top_leaderboard', \u002F\u002F tag_id\n        'url_vars' => array(\n            'sz'              => '728x90', \u002F\u002F %sz% token\n            'fold'            => 'atf', \u002F\u002F %fold% token\n            'my_custom_token' => 'something' \u002F\u002F %my_custom_token% will be replaced with 'something'\n        ),\n    );\n    return $tag_ids;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_default_url\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>Set the default tokenized URL used when displaying your ad tags. This filter is required.\u003C\u002Fp>\n\u003Cp>Arguments:\u003Cbr \u002F>\n* string $url The tokenized URL of Ad Code\u003C\u002Fp>\n\u003Cp>Example usage: Set your default ad code URL\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_default_url', 'my_acm_default_url' );\nfunction my_acm_default_url( $url ) {\n    if ( 0 === strlen( $url ) ) {\n        return \"http:\u002F\u002Fad.doubleclick.net\u002Fadj\u002F%site_name%\u002F%zone1%;s1=%zone1%;s2=;pid=%permalink%;fold=%fold%;kw=;test=%test%;ltv=ad;pos=%pos%;dcopt=%dcopt%;tile=%tile%;sz=%sz%;\";\n    }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_output_html\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>The HTML outputted by the \u003Ccode>do_action( 'acm_tag', 'ad_tag_id' );\u003C\u002Fcode> call in your theme. Support multiple ad formats (e.g. JavaScript or simple HTML tags) by adjusting the HTML rendered for a given ad tag.\u003C\u002Fp>\n\u003Cp>The \u003Ccode>%url%\u003C\u002Fcode> token used in this HTML will be filled in with the URL defined with \u003Ccode>acm_default_url\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Arguments:\u003Cbr \u002F>\n* string $output_html The original output HTML\u003Cbr \u002F>\n* string $tag_id Ad tag currently being accessed\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_output_html', 'my_acm_output_html', 10, 2 );\nfunction my_acm_output_html( $output_html, $tag_id ) {\n    switch ( $tag_id ) {\n        case 'my_leaderboard':\n            $output_html = '\u003Ca href=\"%url%\">\u003Cimg src=\"%image_url%\" \u002F>\u003C\u002Fa>';\n            break;\n        case 'rich_media_leaderboard':\n            $output_html = '\u003Cscript> \u002F\u002F omitted \u003C\u002Fscript>';\n            break;\n        default:\n            break;\n    }\n    return $output_html;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_register_provider_slug\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>Ad Code Manager has a built-in list of providers that it gathers by scanning the ‘providers’ directory used by the plugin. Additional providers can be added by placing the appropriate files in that directory or using the \u003Ccode>acm_register_provider_slug\u003C\u002Fcode> filter to register those that may be included as part of your theme or another plugin.\u003C\u002Fp>\n\u003Cp>When using this plugin, you are defining the provider slug as part of the existing object as well as an array of classes associated with that provider slug.\u003C\u002Fp>\n\u003Cp>Arguments:\u003Cbr \u002F>\n* object $providers An object containing the current registered providers.\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_register_provider_slug', 'my_acm_register_provider_slug' );\nfunction my_acm_register_provider_slug( $providers ) {\n    $providers->new_provider_slug = array(\n        'provider' => 'My_New_Ad_Company_ACM_Provider',\n        'table'    => 'My_New_Ad_Company_ACM_WP_List_Table'\n    );\n\n    return $providers;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_whitelisted_script_urls\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>A security filter to define a safelist for which ad code script URLs can be added in the admin.\u003C\u002Fp>\n\u003Cp>Arguments:\u003Cbr \u002F>\n* array $whitelisted_urls Existing whitelisted ad code URLs\u003C\u002Fp>\n\u003Cp>Example usage: Allow DoubleClick for Publishers ad codes to be used\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_whitelisted_script_urls', 'my_acm_safelisted_script_urls' );\nfunction my_acm_safelisted_script_urls( $safelisted_urls ) {\n    $safelisted_urls = array( 'ad.doubleclick.net' );\n    return $safelisted_urls;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_output_tokens\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>Output tokens can be registered depending on the needs of your setup. Tokens defined here will be replaced in the ad tag’s tokenized URL in addition to the tokens already registered with your tag ID.\u003C\u002Fp>\n\u003Cp>Arguments:\u003Cbr \u002F>\n* array $output_tokens Any existing output tokens\u003Cbr \u002F>\n* string $tag_id Unique tag ID\u003Cbr \u002F>\n* array $code_to_display Ad Code that matched conditionals\u003C\u002Fp>\n\u003Cp>Example usage: Test to determine whether you’re in test or production by passing ?test=on query argument\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_output_tokens', 'my_acm_output_tokens', 10, 3 );\nfunction my_acm_output_tokens( $output_tokens, $tag_id, $code_to_display ) {\n    $output_tokens['%test%'] = isset( $_GET['test'] ) && $_GET['test'] == 'on' ? 'on' : '';\n    return $output_tokens;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_whitelisted_conditionals\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>Extend the list of usable conditional functions with your own awesome ones. We safelist these so users can’t execute random PHP functions.\u003C\u002Fp>\n\u003Cp>Arguments:\u003Cbr \u002F>\n* array $conditionals Default conditionals\u003C\u002Fp>\n\u003Cp>Example usage: Register a few custom conditional callbacks\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_whitelisted_conditionals', 'my_acm_safelisted_conditionals' );\nfunction my_acm_safelisted_conditionals( $conditionals ) {\n    $conditionals[] = 'my_is_post_type';\n    $conditionals[] = 'is_post_type_archive';\n    $conditionals[] = 'my_page_is_child_of';\n\n    return $conditionals;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_conditional_args\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>For certain conditionals (\u003Ccode>has_tag()\u003C\u002Fcode>, \u003Ccode>has_category()\u003C\u002Fcode>), you might need to pass additional arguments.\u003C\u002Fp>\n\u003Cp>Arguments:\u003Cbr \u002F>\n* array $cond_args Existing conditional arguments\u003Cbr \u002F>\n* string $cond_func Conditional function (\u003Ccode>is_category()\u003C\u002Fcode>, \u003Ccode>is_page()\u003C\u002Fcode>, etc.)\u003C\u002Fp>\n\u003Cp>Example usage: \u003Ccode>has_category()\u003C\u002Fcode> and \u003Ccode>has_tag()\u003C\u002Fcode> use \u003Ccode>has_term()\u003C\u002Fcode>, which requires the object ID to function properly.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_conditional_args', 'my_acm_conditional_args', 10, 2 );\nfunction my_acm_conditional_args( $cond_args, $cond_func ) {\n    global $wp_query;\n\n    \u002F\u002F The `has_category()` and `has_tag()` functions call the `has_term()` function.\n    \u002F\u002F We should pass queried object id for it to produce correct result.\n    if ( in_array( $cond_func, array( 'has_category', 'has_tag' ) ) && $wp_query->is_single == true ) {\n        $cond_args[] = $wp_query->queried_object->ID;\n    }\n\n    \u002F\u002F my_page_is_child_of is our custom WP conditional tag and we have to pass queried object ID to it.\n    if ( in_array( $cond_func, array( 'my_page_is_child_of' ) ) && $wp_query->is_page ) {\n        $cond_args[] = $cond_args[] = $wp_query->queried_object->ID;\n    }\n\n    return $cond_args;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_display_ad_codes_without_conditionals\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>Change the behavior of Ad Code Manager so that ad codes without conditionals display on the front end. The default behavior is that each ad code requires a conditional to be included in the presentation logic.\u003C\u002Fp>\n\u003Cp>Arguments:\u003Cbr \u002F>\n* bool $behavior Whether or not to display the ad codes that don’t have conditionals\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_display_ad_codes_without_conditionals', '__return_true' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_provider_slug\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>By default, we use our bundled doubleclick_for_publishers config (check it in \u003Ccode>\u002Fproviders\u002Fdoubleclick-for-publishers.php\u003C\u002Fcode>). If you want to add your own flavor of DFP or even implement configuration for another ad network, you’d have to apply a filter to correct the slug.\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'acm_provider_slug',\n    function() {\n        return 'my-ad-network-slug';\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_logical_operator\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>By default, the logical operator is set to “OR”, that is, ad code will be displayed if at least one conditional returns true.\u003Cbr \u002F>\nYou can change it to “AND”, so that the ad code will be displayed only if ALL the conditionals match.\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'acm_logical_operator',\n    function() {\n        return 'AND';\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_manage_ads_cap\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>By default, the user has to have \u003Ccode>manage_options\u003C\u002Fcode> cap. This filter comes in handy if you want to relax the requirements.\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'acm_manage_ads_cap',\n    function( $cap ) {\n        return 'edit_others_posts';\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_allowed_get_posts_args\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>This filter is only for edge cases. Most likely, you won’t have to touch it. Allows to include additional query args for \u003Ccode>Ad_Code_Manager->get_ad_codes()\u003C\u002Fcode> method.\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'acm_allowed_get_posts_args',\n    function( $args_array ) {\n        return array( 'offset', 'exclude' );\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_ad_code_count\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>By default, the total number of ad codes to get is 50, which is reasonable for any small to mid-sized site. However, in certain cases, you would want to increase the limit. This will affect \u003Ccode>Ad_Code_Manager->get_ad_codes()\u003C\u002Fcode> \u003Ccode>numberposts\u003C\u002Fcode> query argument.\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'acm_ad_code_count',\n    function( $total ) {\n        return 100;\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_list_table_columns\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>This filter can alter table columns that are displayed in ACM UI.\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_list_table_columns', 'my_acm_list_table_columns' );\nfunction my_acm_list_table_columns( $columns ) {\n    $columns = array(\n        'id'           => __( 'ID', 'ad-code-manager' ),\n        'name'         => __( 'Name', 'ad-code-manager' ),\n        'priority'     => __( 'Priority', 'ad-code-manager' ),\n        'conditionals' => __( 'Conditionals', 'ad-code-manager' ),\n    );\n\n    return $columns;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ccode>acm_ad_code_args\u003C\u002Fcode>\u003C\u002Fh3>\n\u003Cp>This filter comes in pair with the previous one. It should return an array of ad network-specific parameters. E.g. in \u003Ccode>acm_list_table_columns\u003C\u002Fcode> example, we have ‘id’, ‘name’, ‘priority’, and ‘conditionals’. All of them except ‘name’ are generic for Ad Code Manager. Hence, \u003Ccode>acm_provider_columns\u003C\u002Fcode> should return only “name”.\u003C\u002Fp>\n\u003Cp>“editable” and “required” indicate whether this field should be editable and required.\u003C\u002Fp>\n\u003Cp>Example usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'acm_ad_code_args', 'my_acm_ad_code_args' );\nfunction my_acm_ad_code_args( $args ) {\n    $args = array(\n        array(\n            'key'      => 'name',\n            'label'    => __( 'Name', 'ad-code-manager' ),\n            'editable' => true,\n            'required' => true,\n        ),\n    );\n\n    return $args;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Change Log\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FAutomattic\u002Fad-code-manager\u002Fblob\u002Fmaster\u002FCHANGELOG.md\" rel=\"nofollow ugc\">View the change log\u003C\u002Fa>.\u003C\u002Fp>\n","Manage your ad codes through the WordPress admin safely and easily.",50,30470,"2026-01-06T15:32:00.000Z","6.4",[120,19,20,21,121],"ad-codes","dfp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fad-code-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fad-code-manager.0.8.0.zip",{"slug":125,"name":126,"version":127,"author":74,"author_profile":75,"description":128,"short_description":129,"active_installs":115,"downloaded":130,"rating":27,"num_ratings":27,"last_updated":131,"tested_up_to":132,"requires_at_least":81,"requires_php":82,"tags":133,"homepage":87,"download_link":134,"security_score":106,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"ad-commander-tools","Ad Commander Tools","1.0.4","\u003Cp>This plugin is an add-on for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fad-commander\u002F\" rel=\"ugc\">Ad Commander\u003C\u002Fa> and requires Ad Commander to function. Ad Commander Tools provides functionality that would not be used by most Ad Commander users on a regular basis.\u003C\u002Fp>\n\u003Cp>With Ad Commander Tools you can export your ads, groups, placements, and stats into a bundle, import bundles into other sites, and reset ad statistics for individual ads or all ads.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Export Ad Commander content with or with statistics\u003C\u002Fli>\n\u003Cli>Selectively import ads, groups, placements, stats into Ad Commander via CSVs\u003C\u002Fli>\n\u003Cli>Set imported content to draft or match the status of the exported content\u003C\u002Fli>\n\u003Cli>Delete impressions and clicks for a specific ad\u003C\u002Fli>\n\u003Cli>Delete impressions and clicks for ads that no longer exist\u003C\u002Fli>\n\u003Cli>Reset all impressions and clicks for all ads\u003C\u002Fli>\n\u003C\u002Ful>\n","Add-on for the Ad Commander plugin that allows you to import, export, and manage ad statistics. This plugin requires Ad Commander.",1553,"2024-11-04T17:29:00.000Z","6.7.5",[20,21,84,85,86],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fad-commander-tools.1.0.4.zip",{"attackSurface":136,"codeSignals":165,"taintFlows":244,"riskAssessment":351,"analyzedAt":362},{"hooks":137,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":27,"unprotectedCount":27},[138,144,148,152,157],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_menu","ad_buttons_stats_actions","adbuttons.php",311,{"type":139,"name":145,"callback":146,"file":142,"line":147},"widgets_init","widget_init_ad_buttons_widget",407,{"type":139,"name":149,"callback":150,"file":142,"line":151},"init","ad_buttons_getclick",409,{"type":153,"name":154,"callback":155,"file":142,"line":156},"filter","query_vars","ad_buttons_add_trigger",411,{"type":139,"name":158,"callback":159,"file":142,"line":160},"template_redirect","ad_buttons_gen_graph",417,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":200,"fileOperations":27,"externalRequests":27,"nonceChecks":241,"capabilityChecks":242,"bundledLibraries":243},[],{"prepared":168,"raw":169,"locations":170},22,12,[171,174,177,179,182,184,187,189,191,194,196,198],{"file":142,"line":172,"context":173},39,"$wpdb->query() with variable interpolation",{"file":142,"line":175,"context":176},226,"$wpdb->get_results() with variable interpolation",{"file":142,"line":178,"context":176},229,{"file":180,"line":181,"context":176},"adbuttonsact.php",221,{"file":180,"line":183,"context":176},261,{"file":185,"line":186,"context":173},"adbuttonsstats.php",61,{"file":185,"line":188,"context":173},68,{"file":185,"line":190,"context":176},75,{"file":192,"line":193,"context":176},"adbuttonsstatsimg.php",20,{"file":192,"line":195,"context":176},25,{"file":192,"line":197,"context":176},65,{"file":192,"line":199,"context":176},70,{"escaped":201,"rawEcho":202,"locations":203},166,18,[204,207,209,211,213,215,217,219,221,223,225,227,230,232,234,236,238,239],{"file":142,"line":205,"context":206},237,"raw output",{"file":142,"line":208,"context":206},241,{"file":142,"line":210,"context":206},242,{"file":142,"line":212,"context":206},260,{"file":142,"line":214,"context":206},266,{"file":142,"line":216,"context":206},268,{"file":142,"line":218,"context":206},273,{"file":142,"line":220,"context":206},275,{"file":142,"line":222,"context":206},355,{"file":142,"line":224,"context":206},356,{"file":142,"line":226,"context":206},360,{"file":228,"line":229,"context":206},"adbuttonsadmin.php",81,{"file":228,"line":231,"context":206},937,{"file":228,"line":233,"context":206},959,{"file":228,"line":235,"context":206},961,{"file":185,"line":237,"context":206},48,{"file":185,"line":237,"context":206},{"file":185,"line":240,"context":206},86,8,4,[],[245,280,311,324,335],{"entryPoint":246,"graph":247,"unsanitizedCount":27,"severity":279},"\u003Cadbuttons> (adbuttons.php:0)",{"nodes":248,"edges":274},[249,254,260,264,269,271],{"id":250,"type":251,"label":252,"file":142,"line":253},"n0","source","$_SERVER (x2)",249,{"id":255,"type":256,"label":257,"file":142,"line":258,"wp_function":259},"n1","sink","query() [SQLi]",250,"query",{"id":261,"type":251,"label":262,"file":142,"line":263},"n2","$_GET",322,{"id":265,"type":256,"label":266,"file":142,"line":267,"wp_function":268},"n3","get_results() [SQLi]",324,"get_results",{"id":270,"type":251,"label":262,"file":142,"line":263},"n4",{"id":272,"type":256,"label":257,"file":142,"line":273,"wp_function":259},"n5",329,[275,277,278],{"from":250,"to":255,"sanitized":276},true,{"from":261,"to":265,"sanitized":276},{"from":270,"to":272,"sanitized":276},"low",{"entryPoint":281,"graph":282,"unsanitizedCount":27,"severity":279},"\u003Cadbuttonsact> (adbuttonsact.php:0)",{"nodes":283,"edges":306},[284,286,288,289,293,296,298,301],{"id":250,"type":251,"label":285,"file":180,"line":195},"$_GET (x3)",{"id":255,"type":256,"label":257,"file":180,"line":287,"wp_function":259},34,{"id":261,"type":251,"label":262,"file":180,"line":195},{"id":265,"type":256,"label":290,"file":180,"line":291,"wp_function":292},"get_row() [SQLi]",49,"get_row",{"id":270,"type":251,"label":294,"file":180,"line":295},"$_POST (x2)",78,{"id":272,"type":256,"label":257,"file":180,"line":297,"wp_function":259},125,{"id":299,"type":251,"label":300,"file":180,"line":106},"n6","$_POST (x9)",{"id":302,"type":256,"label":303,"file":180,"line":304,"wp_function":305},"n7","echo() [XSS]",165,"echo",[307,308,309,310],{"from":250,"to":255,"sanitized":276},{"from":261,"to":265,"sanitized":276},{"from":270,"to":272,"sanitized":276},{"from":299,"to":302,"sanitized":276},{"entryPoint":312,"graph":313,"unsanitizedCount":27,"severity":279},"\u003Cadbuttonsstats> (adbuttonsstats.php:0)",{"nodes":314,"edges":321},[315,316,318,320],{"id":250,"type":251,"label":252,"file":185,"line":172},{"id":255,"type":256,"label":303,"file":185,"line":317,"wp_function":305},46,{"id":261,"type":251,"label":262,"file":185,"line":319},7,{"id":265,"type":256,"label":303,"file":185,"line":237,"wp_function":305},[322,323],{"from":250,"to":255,"sanitized":276},{"from":261,"to":265,"sanitized":276},{"entryPoint":325,"graph":326,"unsanitizedCount":13,"severity":334},"ad_buttons (adbuttons.php:125)",{"nodes":327,"edges":331},[328,330],{"id":250,"type":251,"label":329,"file":142,"line":253},"$_SERVER",{"id":255,"type":256,"label":257,"file":142,"line":258,"wp_function":259},[332],{"from":250,"to":255,"sanitized":333},false,"high",{"entryPoint":336,"graph":337,"unsanitizedCount":62,"severity":334},"ad_buttons_getclick (adbuttons.php:315)",{"nodes":338,"edges":347},[339,340,341,342,343,345],{"id":250,"type":251,"label":262,"file":142,"line":263},{"id":255,"type":256,"label":266,"file":142,"line":267,"wp_function":268},{"id":261,"type":251,"label":262,"file":142,"line":263},{"id":265,"type":256,"label":257,"file":142,"line":273,"wp_function":259},{"id":270,"type":251,"label":329,"file":142,"line":344},331,{"id":272,"type":256,"label":257,"file":142,"line":346,"wp_function":259},332,[348,349,350],{"from":250,"to":255,"sanitized":333},{"from":261,"to":265,"sanitized":333},{"from":270,"to":272,"sanitized":333},{"summary":352,"deductions":353},"The \"ad-buttons\" v3.1 plugin exhibits a generally good security posture, with no detected AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. The code signals also indicate a commitment to secure coding practices, with a high percentage of SQL queries using prepared statements and output being properly escaped. The absence of file operations and external HTTP requests further reduces potential attack vectors. However, the presence of two taint flows with unsanitized paths, even if not rated as critical or high severity by the analysis, warrants attention as these could potentially lead to vulnerabilities if exploited.\n\nThe vulnerability history reveals a single medium-severity CVE in the past, which has since been patched. The fact that the last vulnerability was in 2015 suggests a period of relative security stability. While the absence of current unpatched vulnerabilities is positive, the existence of past CSRF vulnerabilities, even if historical, is a reminder that such issues can arise. The plugin's relatively small attack surface and good adherence to core WordPress security practices like nonce and capability checks are strengths. The main concern lies in the two identified taint flows, which could represent latent vulnerabilities that were not fully mitigated or are not detectable by the current static analysis.",[354,357,359],{"reason":355,"points":356},"Taint flows with unsanitized paths (High severity)",15,{"reason":358,"points":241},"Significant portion of SQL not using prepared statements",{"reason":360,"points":361},"Past medium vulnerability (CSRF)",5,"2026-03-16T21:10:15.877Z",{"wat":364,"direct":373},{"assetPaths":365,"generatorPatterns":368,"scriptPaths":369,"versionParams":371},[366,367],"\u002Fwp-content\u002Fplugins\u002Fad-buttons\u002Fab_admin.js","\u002Fwp-content\u002Fplugins\u002Fad-buttons\u002Fad-buttons.css",[],[370],"http:\u002F\u002Fpagead2.googlesyndication.com\u002Fpagead\u002Fshow_ads.js",[372],"ad-buttons\u002Fad-buttons.css?ver=",{"cssClasses":374,"htmlComments":378,"htmlAttributes":382,"restEndpoints":388,"jsGlobals":389,"shortcodeOutput":402},[375,376,377],"ab_power","ab_adblock","ab_adsense",[379,380,381],"\u003C!--\ngoogle_ad_client = \"","-->\n","\u003C!--\n-->\n",[383,384,385,386,387],"id=\"ab_power\"","id=\"ab_adblock\"","id=\"ab_adsense\"","id=\"ab_clear\"","class=\"ab_power\"",[],[390,391,392,393,394,395,396,397,398,399,400,401],"google_ad_client","google_ad_width","google_ad_height","google_ad_format","google_ad_type","google_ad_channel","google_color_border","google_color_bg","google_color_link","google_color_text","google_color_url","google_ui_features",[]]