Does Ad Widget for WordPress have any unpatched vulnerabilities?

Yes — Ad Widget for WordPress currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Ad Widget for WordPress compatible with WordPress 6.8.5?

According to WordPress.org data, Ad Widget for WordPress 2.20.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Ad Widget for WordPress updated?

Ad Widget for WordPress was last updated on Sep 25, 2025. Frequent updates are generally a positive security signal.

What is Ad Widget for WordPress's security score?

Ad Widget for WordPress has a WP-Safety security score of 73/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ad Widget for WordPress Security & Risk Analysis

wordpress.org/plugins/ad-widget

Easily upload ad images and ad code to your sidebar. For those that don't need or want a complicated ad management system.

2K active installs v2.20.1 PHP + WP 3.0+ Updated Sep 25, 2025

adgooglesidebartagwidget

B · Generally Safe

CVEs total2

Unpatched1

Last CVEApr 26, 2024

Plugin page Download

Safety Verdict

Is Ad Widget for WordPress Safe to Use in 2026?

Mostly Safe

Score 73/100

Ad Widget for WordPress is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Apr 26, 2024Updated 6mo ago

Risk Assessment

The static analysis of ad-widget v2.20.1 reveals a plugin with a seemingly minimal attack surface, reporting zero AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, it claims to use prepared statements for all SQL queries and avoids dangerous functions, file operations, and external HTTP requests. However, a significant concern arises from the complete lack of output escaping, with 0% of 42 outputs being properly escaped. This indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into web pages rendered by the plugin. The absence of nonce and capability checks also means that any interaction points, if they exist and were missed in the static analysis, could be susceptible to unauthorized actions.

Key Concerns

0% properly escaped output
1 unpatched critical CVE
Missing nonce checks
Missing capability checks

Vulnerabilities

Ad Widget for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2024-33696medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Ad Widget <= 2.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 26, 2024Unpatched

WF-f31bf9cd-fbf3-4f7a-bddd-ddd44c899710-ad-widgetcritical · 9.9Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

WordPress Ad Widget <= 2.11.0 - Local File Inclusion

Jan 1, 2017 Patched in 2.12.0 (2578d)

Code Analysis

Analyzed Mar 16, 2026

Ad Widget for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped42 total outputs

Attack Surface

Ad Widget for WordPress Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_initadwidget.php:15

actionwidgets_initadwidget.php:16

actionadmin_menuadwidget.php:17

Maintenance & Trust

Ad Widget for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 25, 2025

PHP min version

Downloads311K

Community Trust

Rating86/100

Number of ratings16

Active installs2K

Alternatives

Ad Widget for WordPress Alternatives

Amikelive Adsense Widget

amikelive-adsense-widget

This plugin enables Google adsense display on the sidebar or widget area only by activating and configuring the widget.

90 No CVEs

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

Image Widget

image-widget

A simple image widget that uses the native WordPress media manager to add image widgets to your site.

100K 1 CVE

Widget Logic

widget-logic

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs

Fixed Widget and Sticky Elements for WordPress

q2w3-fixed-widget

More attention and a higher ad performance with fixed sticky widgets.

90K No CVEs

Developer Profile

Ad Widget for WordPress Developer Profile

Broadstreet

5 plugins · 3K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

496 days

View full developer profile

Detection Fingerprints

How We Detect Ad Widget for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ad-widget/assets/widgets.js

Script Paths