AdFever for WordPress Security & Risk Analysis

wordpress.org/plugins/adfever-for-wordpress

Plugin de Comparaison de Prix AdFever pour Worpdress

10 active installs v1.4 PHP + WP 2.8+ Updated Feb 1, 2010
price-comparatorshopping
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is AdFever for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

AdFever for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago
Risk Assessment

The "adfever-for-wordpress" v1.4 plugin demonstrates a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs), no dangerous functions, and all its SQL queries utilize prepared statements, indicating good practices in database interaction. It also performs capability checks on at least one entry point, further bolstering its defense. However, several concerns arise from the static analysis. The plugin exhibits a low percentage of properly escaped output (6%), suggesting a significant risk of cross-site scripting (XSS) vulnerabilities. Additionally, two unsanitized path flows were detected in the taint analysis, which could potentially lead to directory traversal or file inclusion vulnerabilities if exploited. The presence of two shortcodes as entry points, while not inherently insecure, increases the potential attack surface, especially when coupled with the output escaping issues.

While the vulnerability history is clean, this does not negate the risks identified in the static analysis. The lack of documented vulnerabilities could be due to a lack of thorough auditing or exploitation attempts rather than inherent security. The outdated jQuery v1.3.2 library is a concerning weakness, as older versions of jQuery are known to have several security vulnerabilities. In conclusion, the plugin has strengths in its database handling and lack of direct exploit history, but the significant output escaping issues, unsanitized path flows, and outdated bundled library present considerable security risks that require attention.

Key Concerns

  • Low output escaping percentage
  • Unsanitized path flows detected
  • Bundled outdated jQuery v1.3.2
Vulnerabilities
None known

AdFever for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

AdFever for WordPress Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

AdFever for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
138
9 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
3

Bundled Libraries

TinyMCESelect2jQuery1.3.2

Output Escaping

6% escaped147 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
displayOptionsTable (inc/admin.php:203)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

AdFever for WordPress Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[adfever] inc/client.php:23
[adfever] inc/client.shortcode.php:26
WordPress Hooks 37
actionwp_headadfever-for-wordpress.php:63
actionadmin_print_scriptsadfever-for-wordpress.php:64
actionadmin_menuinc/admin.comparator.php:9
actionadmin_menuinc/admin.php:34
actionadmin_initinc/admin.php:35
actionadmin_menuinc/admin.php:42
actionsave_postinc/admin.php:43
actioninitinc/admin.shortcode.php:16
actionadmin_menuinc/admin.shortcode.php:19
filtertiny_mce_versioninc/admin.shortcode.php:39
filtermce_external_pluginsinc/admin.shortcode.php:40
filtermce_buttonsinc/admin.shortcode.php:41
actionedit_form_advancedinc/admin.shortcode.php:44
actionedit_page_forminc/admin.shortcode.php:45
actionadmin_noticesinc/admin_functions.php:38
actioninitinc/admin_functions.php:78
filtergenerate_rewrite_rulesinc/admin_functions.php:83
actioninitinc/client.comparator.php:37
filterquery_varsinc/client.comparator.php:38
actionparse_queryinc/client.comparator.php:39
actiontemplate_redirectinc/client.comparator.php:44
filtergenerate_rewrite_rulesinc/client.comparator.php:105
actiontemplate_redirectinc/client.comparator.php:183
filterwp_titleinc/client.comparator.php:184
actionwp_headinc/client.comparator.php:185
actionwp_headinc/client.php:26
actioninitinc/client.php:33
filtertiny_mce_versioninc/client.php:225
filtermce_external_pluginsinc/client.php:226
filtermce_buttonsinc/client.php:227
actionedit_form_advancedinc/client.php:230
actionedit_page_forminc/client.php:231
filterthe_adfever_descriptioninc/common.php:2
filterthe_adfever_descriptioninc/common.php:3
filterthe_adfever_descriptioninc/common.php:4
filterthe_adfever_descriptioninc/common.php:5
filterthe_adfever_descriptioninc/common.php:6
Maintenance & Trust

AdFever for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2
Last updatedFeb 1, 2010
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

AdFever for WordPress Developer Profile

adfever

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AdFever for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/adfever-for-wordpress/inc/js/thickbox-ext.js
Script Paths
/wp-content/plugins/adfever-for-wordpress/inc/js/thickbox-ext.js
Version Parameters
adfever-for-wordpress/inc/js/thickbox-ext.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about AdFever for WordPress