Does Ad Invalid Click Protector (AICP) have any unpatched vulnerabilities?

No. All known vulnerabilities in Ad Invalid Click Protector (AICP) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ad Invalid Click Protector (AICP) compatible with WordPress 6.5.8?

According to WordPress.org data, Ad Invalid Click Protector (AICP) 1.3.0 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Ad Invalid Click Protector (AICP) compatible with PHP 7.4+?

Ad Invalid Click Protector (AICP) requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ad Invalid Click Protector (AICP) updated?

Ad Invalid Click Protector (AICP) was last updated on Jul 2, 2024. Frequent updates are generally a positive security signal.

What is Ad Invalid Click Protector (AICP)'s security score?

Ad Invalid Click Protector (AICP) has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ad Invalid Click Protector (AICP) Security & Risk Analysis

wordpress.org/plugins/ad-invalid-click-protector

One plugin to save your AdSense account from Click Bombings and Invalid Click Activities

20K active installs v1.3.0 PHP 7.4+ WP 4.9+ Updated Jul 2, 2024

adsenseaicpclickinvalidisaumya

A · Safe

CVEs total3

Unpatched0

Last CVEApr 13, 2022

Plugin page Download

Safety Verdict

Is Ad Invalid Click Protector (AICP) Safe to Use in 2026?

Generally Safe

Score 90/100

Ad Invalid Click Protector (AICP) has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 13, 2022Updated 1yr ago

Risk Assessment

The "ad-invalid-click-protector" v1.3.0 plugin exhibits a mixed security posture. While it demonstrates good practices in most areas, with a high percentage of SQL queries using prepared statements and proper output escaping, there are notable concerns regarding its attack surface and historical vulnerability patterns. The presence of two unprotected AJAX handlers represents a direct and exploitable entry point that could be leveraged by attackers. The plugin's history of three known CVEs, including a high-severity Cross-Site Request Forgery, SQL Injection, and Cross-Site Scripting vulnerabilities, suggests a recurring weakness in input validation and secure coding practices, even though no critical or unpatched vulnerabilities are currently reported. The plugin's strengths lie in its minimal use of file operations and external HTTP requests, and the general adherence to nonces and capability checks on most entry points. However, the unprotected AJAX endpoints and past vulnerability trends warrant careful consideration.

Key Concerns

Unprotected AJAX handlers found
History of high severity vulnerabilities
History of medium severity vulnerabilities

Vulnerabilities

Ad Invalid Click Protector (AICP) Security Vulnerabilities

CVEs by Year

3 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2022-0191medium · 4.3Cross-Site Request Forgery (CSRF)

Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Cross-Site Request Forgery to Arbitrary Ban Deletion

Apr 13, 2022 Patched in 1.2.7 (650d)

WF-540d2495-7ad4-428c-b86e-9af73d0ebe51-ad-invalid-click-protectormedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Reflected Cross-Site Scripting and Cross-Site Request Forgery

Apr 5, 2022 Patched in 1.2.7 (658d)

CVE-2022-0190high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ad Invalid Click Protector <= 1.2.5 - SQL Injection

Jan 14, 2022 Patched in 1.2.6 (739d)

Code Analysis

Analyzed Mar 16, 2026

Ad Invalid Click Protector (AICP) Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

79 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

92% prepared12 total queries

Output Escaping

98% escaped81 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

banned_user_details (inc\admin_setup.php:561)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Ad Invalid Click Protector (AICP) Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_process_dataadsense-invalid-click-protector.php:81

noprivwp_ajax_process_dataadsense-invalid-click-protector.php:82

authwp_ajax_handle_aicp_donate_noticeadsense-invalid-click-protector.php:97

noprivwp_ajax_handle_aicp_donate_noticeadsense-invalid-click-protector.php:98

WordPress Hooks 10

actionplugins_loadedadsense-invalid-click-protector.php:34

actionplugins_loadedadsense-invalid-click-protector.php:79

actionwp_enqueue_scriptsadsense-invalid-click-protector.php:80

actionplugins_loadedadsense-invalid-click-protector.php:86

actionadmin_enqueue_scriptsadsense-invalid-click-protector.php:87

actionwp_dashboard_setupadsense-invalid-click-protector.php:88

actionadmin_menuadsense-invalid-click-protector.php:91

actionadmin_initadsense-invalid-click-protector.php:93

actionadmin_noticesadsense-invalid-click-protector.php:95

actionaicp_hourly_cleanupadsense-invalid-click-protector.php:100

Scheduled Events 1

aicp_hourly_cleanup

Maintenance & Trust

Ad Invalid Click Protector (AICP) Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJul 2, 2024

PHP min version7.4

Downloads289K

Community Trust

Rating94/100

Number of ratings62

Active installs20K

Alternatives

Ad Invalid Click Protector (AICP) Alternatives

Ads.txt

monetizemore-ads-txt

Easily edit your ads.txt files and ensure your site is validated for each of your ad network partners like Google Adsense and many more.

200 No CVEs

Invalid Traffic Blocker

invalid-traffic-blocker

100

Protect your site from invalid traffic by blocking suspicious IPs using the IPHub.info API.

40 No CVEs

Easy ToolBox

easy-toolbox

100

This plugin is simple, all in one and really simplifies your life (SEO, Social networks, Google adsense, GetClicky, button +1, plusone, plus one, Twit …

10 No CVEs

Campaign AI

campaign-ai

100

Campaign AI integration plugin that protects websites and ad campaigns from bots and invalid traffic using real-time click fraud detection.

0 No CVEs

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE

Developer Profile

Ad Invalid Click Protector (AICP) Developer Profile

iSaumya

2 plugins · 30K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

447 days

View full developer profile

Detection Fingerprints

How We Detect Ad Invalid Click Protector (AICP)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ad-invalid-click-protector/assets/js/aicp.min.js/wp-content/plugins/ad-invalid-click-protector/assets/js/js.cookie.min.js/wp-content/plugins/ad-invalid-click-protector/assets/js/jquery.iframetracker.min.js

Script Paths

Version Parameters

ad-invalid-click-protector/assets/js/js.cookie.min.js?ver=ad-invalid-click-protector/assets/js/jquery.iframetracker.min.js?ver=ad-invalid-click-protector/assets/js/aicp.min.js?ver=

HTML / DOM Fingerprints

JS Globals

AICP

FAQ