WP-Safety

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks Security & Risk Analysis

wordpress.org/plugins/ad-commander

Insert image banner ads, Google AdSense, Amazon, affiliate ad networks. Rotate and randomize ad groups. Track impressions and clicks. Create ads.txt.

100 active installs v1.1.25 PHP 7.4+ WP 6.2+ Updated Mar 9, 2026
adsenseadvertisingampbannersrotate
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ad Commander – Ad Manager for Banners, AdSense, Ad Networks Safe to Use in 2026?

Generally Safe

Score 100/100

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 25d ago
Risk Assessment

The Ad Commander plugin, version 1.1.25, exhibits a generally strong security posture based on the static analysis. The plugin demonstrates excellent adherence to secure coding practices, with nearly all SQL queries using prepared statements and a very high percentage of outputs being properly escaped. The absence of dangerous functions, file operations, and a clean vulnerability history with zero recorded CVEs further bolster its perceived security. The limited attack surface, with only two shortcodes and no unprotected AJAX handlers or REST API routes, is a significant strength. However, a single taint flow with an unsanitized path, even if not critical or high severity in this analysis, warrants attention as it represents a potential, albeit likely contained, risk. The presence of external HTTP requests, while not inherently a vulnerability, is a common area for security issues and should be monitored. Overall, the plugin appears well-maintained and conscientiously developed, with minor areas for potential improvement related to the single identified unsanitized path.

The plugin's strengths lie in its proactive use of prepared statements for SQL, comprehensive output escaping, and robust handling of entry points with adequate authorization checks. The lack of any known vulnerabilities is a very positive indicator. The minimal attack surface significantly reduces the potential for attackers to find entry points. The sole identified taint flow is the primary point of concern, highlighting a specific area where input might not be sufficiently validated before being used in a sensitive context. While the analysis indicates no immediate critical or high severity risk from this flow, it's a signal for potential future issues if the plugin evolves without addressing such paths. The external HTTP requests also introduce a slight dependency on the security of external services and the plugin's handling of their responses.

In conclusion, Ad Commander v1.1.25 is a securely developed plugin with a commendable track record. Its adherence to core security principles is evident throughout the static analysis. The absence of historical vulnerabilities suggests a proactive approach to security by the developers. The only notable weakness identified is a single taint flow with an unsanitized path, which, while not currently a high-risk issue, should ideally be rectified to further harden the plugin's security. The plugin's limited attack surface and strong utilization of WordPress security features make it a relatively safe option, but vigilance is always recommended.

Key Concerns

  • Taint flow with unsanitized path
Vulnerabilities
None known

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
42 prepared
Unescaped Output
4
618 escaped
Nonce Checks
16
Capability Checks
29
File Operations
0
External Requests
9
Bundled Libraries
0

SQL Query Safety

98% prepared43 total queries

Output Escaping

99% escaped622 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<AdminAdsense> (includes\AdminAdsense.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[adcmdr_ad] includes\functions\frontend.php:175
[adcmdr_group] includes\functions\frontend.php:208
WordPress Hooks 75
actionadmin_initad-commander.php:64
actionplugins_loadedad-commander.php:88
actionadmin_menuincludes\Admin.php:88
actionadmin_menuincludes\Admin.php:89
actionadmin_headincludes\Admin.php:90
actionadmin_enqueue_scriptsincludes\Admin.php:92
actionadmin_print_stylesincludes\Admin.php:93
actionadmin_initincludes\Admin.php:95
actionin_admin_headerincludes\Admin.php:97
actionadmin_noticesincludes\Admin.php:99
filterpre_update_option_adcmdr_addonsincludes\Admin.php:101
filterwp_insert_post_dataincludes\Admin.php:103
actionadmin_initincludes\Admin.php:113
filterwo_repeater_draggable_iconincludes\Admin.php:122
filterwo_repeater_draggable_icon_widthincludes\Admin.php:129
filterwo_repeater_sort_handle_selectorincludes\Admin.php:136
actionupdate_option_adcmdr_adsenseincludes\Admin.php:146
actionhttp_api_curlincludes\Admin.php:153
actionadmin_enqueue_scriptsincludes\AdminAdPostMeta.php:33
actionadmin_enqueue_scriptsincludes\AdminAdPostMeta.php:34
actionedit_form_after_titleincludes\AdminAdPostMeta.php:36
actionadmin_noticesincludes\AdminAdPostMeta.php:40
actionpre_get_postsincludes\AdminAdPostMeta.php:48
actionrestrict_manage_postsincludes\AdminAdPostMeta.php:50
actionrestrict_manage_postsincludes\AdminAdPostMeta.php:51
filterparse_queryincludes\AdminAdPostMeta.php:52
filteradmin_post_thumbnail_htmlincludes\AdminAdPostMeta.php:293
actionload-ad-commander_page_ad-commander-settingsincludes\AdminAdsense.php:39
actionadcmdr_adsense_publisher_id_changedincludes\AdminAdsense.php:46
actionadmin_initincludes\AdminAdsense.php:48
filterposts_whereincludes\AdminAdsense.php:318
actionadmin_noticesincludes\AdminAdsense.php:476
actionadmin_noticesincludes\AdminAdsense.php:480
actionadmin_noticesincludes\AdminAdsense.php:493
actionadmin_noticesincludes\AdminAdsense.php:506
actionset_object_termsincludes\AdminGroupTermMeta.php:39
actionadmin_enqueue_scriptsincludes\AdminGroupTermMeta.php:41
filterquick_edit_enabled_for_taxonomyincludes\AdminGroupTermMeta.php:52
filterpre_get_termsincludes\AdminGroupTermMeta.php:54
actionadmin_enqueue_scriptsincludes\AdminNotifications.php:49
actionedit_form_after_titleincludes\AdminPlacementPostMeta.php:32
actionadmin_enqueue_scriptsincludes\AdminPlacementPostMeta.php:33
actionpre_get_postsincludes\AdminPlacementPostMeta.php:43
actionrestrict_manage_postsincludes\AdminPlacementPostMeta.php:45
filterparse_queryincludes\AdminPlacementPostMeta.php:46
actionadmin_initincludes\AdminReports.php:58
actionadmin_noticesincludes\AdminReports.php:964
actionwp_enqueue_scriptsincludes\AdSense.php:39
filterscript_loader_tagincludes\AdSense.php:40
actioninitincludes\AdsTxt.php:18
actionwpincludes\Amp.php:35
actionamp_post_template_dataincludes\Amp.php:91
actionbunyad_amp_pre_mainincludes\Amp.php:96
actionwp_footerincludes\Amp.php:97
actionamp_post_template_footerincludes\Amp.php:98
actioninitincludes\Block.php:12
actionadmin_enqueue_scriptsincludes\Block.php:13
actionadmin_action_adcmdr-duplicateincludes\Duplicate.php:22
filterpost_row_actionsincludes\Duplicate.php:24
filteradcmdr_duplicate_post_donotcopy_meta_keysincludes\Duplicate.php:27
actioninitincludes\Frontend.php:16
actionwp_enqueue_scriptsincludes\Frontend.php:17
filterfilesystem_methodincludes\Frontend.php:239
actionwp_print_stylesincludes\Frontend.php:307
actioninitincludes\Localize.php:14
actionbefore_delete_postincludes\Maintenance.php:23
actionpre_delete_termincludes\Maintenance.php:24
filterthe_contentincludes\Placement.php:46
actionwp_headincludes\Placement.php:48
actionwp_footerincludes\Placement.php:49
actioninitincludes\PostTypes.php:13
actionafter_setup_themeincludes\PostTypes.php:14
filterposts_whereincludes\Query.php:80
actionwp_footerincludes\TrackingAmp.php:79
actionamp_post_template_footerincludes\TrackingAmp.php:83
Maintenance & Trust

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.4
Downloads4K

Community Trust

Rating100/100
Number of ratings3
Active installs100
Alternatives

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks Alternatives

Ad Commander Tools

Ad Commander Tools

ad-commander-tools

A
92

Add-on for the Ad Commander plugin that allows you to import, export, and manage ad statistics. This plugin requires Ad Commander.

50 No CVEs
Ad Inserter – Ad Manager & AdSense Ads

Ad Inserter – Ad Manager & AdSense Ads

ad-inserter

A
88

Manage Google AdSense ads, banners, ad rotation, sticky widgets, AMP ads, ads.txt, tracking, header and footer code, PHP code, global custom fields

300K 12 CVEs
Easy Google AdSense

Easy Google AdSense

easy-google-adsense

A
100

Easily add Google AdSense ad code to your WordPress site. Automatically show Google ads optimized for your site at optimal times and increase revenue.

5K No CVEs
Easy Google Adsense and Banner Ads Manager – AdsforWP

Easy Google Adsense and Banner Ads Manager – AdsforWP

ads-for-wp

A
97

AdsforWP is an Google Ads & Banner ads plugin built for WordPress & AMP. Easy to Use, Unlimited Incontent Ads, Adsense, Premium Features and more.

2K 3 CVEs
Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant

Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant

shopping-feed-for-google

A
100

Automate real-time product syncing to Google, Microsoft & Facebook from WooCommerce. Launch campaigns and track interactions with Google Analytics 4.

2K No CVEs
Developer Profile

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks Developer Profile

wildoperation

6 plugins · 480 total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ad Commander – Ad Manager for Banners, AdSense, Ad Networks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ad-commander/css/admin.css/wp-content/plugins/ad-commander/css/frontend.css/wp-content/plugins/ad-commander/js/admin.js/wp-content/plugins/ad-commander/js/frontend.js
Script Paths
/wp-content/plugins/ad-commander/js/admin.js/wp-content/plugins/ad-commander/js/frontend.js
Version Parameters
ad-commander/css/admin.css?ver=ad-commander/css/frontend.css?ver=ad-commander/js/admin.js?ver=ad-commander/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
adcmdr-ui-sort-icon
Data Attributes
data-adcmdr-iddata-adcmdr-position
JS Globals
ADCMDR_DEBUGadcmdrADCmdr
REST Endpoints
/wp-json/ad-commander/
Shortcode Output
[adcmdr_banner[adcmdr_ad_code
FAQ

Frequently Asked Questions about Ad Commander – Ad Manager for Banners, AdSense, Ad Networks