Does AdPlugg WordPress Ad Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in AdPlugg WordPress Ad Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AdPlugg WordPress Ad Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, AdPlugg WordPress Ad Plugin 1.12.22 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AdPlugg WordPress Ad Plugin compatible with PHP 5.2.4+?

AdPlugg WordPress Ad Plugin requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AdPlugg WordPress Ad Plugin updated?

AdPlugg WordPress Ad Plugin was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is AdPlugg WordPress Ad Plugin's security score?

AdPlugg WordPress Ad Plugin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AdPlugg WordPress Ad Plugin Security & Risk Analysis

wordpress.org/plugins/adplugg

Advertising is easy with AdPlugg. The AdPlugg WordPress Ad Plugin and ad server allow you to easily manage, schedule, rotate and track your ads.

500 active installs v1.12.22 PHP 5.2.4+ WP 3.3+ Updated Mar 12, 2026

ad-rotatorad-serveradsadvertisingbanners

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 21, 2015

Plugin page Download

Safety Verdict

Is AdPlugg WordPress Ad Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

AdPlugg WordPress Ad Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 21, 2015Updated 22d ago

Risk Assessment

The plugin "adplugg" v1.12.22 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of proper output escaping. Furthermore, there are no identified dangerous functions, file operations, external HTTP requests, or bundled libraries that could introduce vulnerabilities. The plugin also includes a nonce check, which is a positive security control.

However, the plugin has a notable concern regarding its attack surface. It exposes two AJAX handlers, with one of them lacking authentication checks. This unprotected entry point could be a target for attackers to potentially trigger unintended actions or gather information. The vulnerability history, while showing no currently unpatched CVEs, indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability. The fact that this vulnerability is from 2015 and is no longer marked as unpatched suggests it may have been addressed in subsequent versions, but the past occurrence warrants continued vigilance.

In conclusion, while the plugin exhibits strong internal coding practices regarding database interactions and output sanitization, the unprotected AJAX endpoint represents a significant and immediate risk. The historical XSS vulnerability, though patched, serves as a reminder of the potential for input validation weaknesses. Addressing the unprotected AJAX handler should be the top priority to improve the plugin's security.

Key Concerns

Unprotected AJAX handler
Medium severity vulnerability history (XSS)
Lack of capability checks on AJAX

Vulnerabilities

AdPlugg WordPress Ad Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-7c6ea33f-ee43-4df8-9633-60303b68b859-adpluggmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AdPlugg WordPress Ad Plugin < 1.1.34 - Cross-Site Scripting

Feb 21, 2015 Patched in 1.1.34 (3258d)

Code Analysis

Analyzed Mar 16, 2026

AdPlugg WordPress Ad Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

57 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

81% escaped70 total outputs

Attack Surface

1 unprotected

AdPlugg WordPress Ad Plugin Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_adplugg_ratedincludes\admin\class-adplugg-admin.php:24

authwp_ajax_adplugg_set_notice_prefincludes\admin\notices\class-adplugg-notice-controller.php:28

WordPress Hooks 31

actionwidgets_initadplugg.php:88

actionadmin_footeradplugg.php:136

filteradmin_footer_textincludes\admin\class-adplugg-admin.php:21

actionadmin_initincludes\admin\class-adplugg-admin.php:23

actionadmin_initincludes\admin\class-adplugg-privacy.php:26

actioncurrent_screenincludes\admin\help\class-adplugg-amp-options-page-help.php:26

actioncurrent_screenincludes\admin\help\class-adplugg-facebook-options-page-help.php:26

actioncurrent_screenincludes\admin\help\class-adplugg-options-page-help.php:26

actioncurrent_screenincludes\admin\help\class-adplugg-widgets-page-help.php:26

actionadmin_noticesincludes\admin\notices\class-adplugg-notice-controller.php:27

actionadmin_menuincludes\admin\pages\class-adplugg-amp-options-page.php:27

actionadmin_initincludes\admin\pages\class-adplugg-amp-options-page.php:28

actionadmin_noticesincludes\admin\pages\class-adplugg-amp-options-page.php:29

actionadmin_menuincludes\admin\pages\class-adplugg-facebook-options-page.php:27

actionadmin_initincludes\admin\pages\class-adplugg-facebook-options-page.php:28

actionadmin_noticesincludes\admin\pages\class-adplugg-facebook-options-page.php:29

actionadmin_menuincludes\admin\pages\class-adplugg-options-page.php:27

actionadmin_initincludes\admin\pages\class-adplugg-options-page.php:28

actionwidgets_initincludes\amp\class-adplugg-amp.php:31

actionamp_post_template_cssincludes\amp\class-adplugg-amp.php:32

filteramp_content_sanitizersincludes\amp\class-adplugg-amp.php:33

actioninitincludes\blocks\adplugg\class-adplugg-block.php:25

actionwidgets_initincludes\class-adplugg-facebook.php:26

actioninstant_articles_compat_registry_adsincludes\class-adplugg-facebook.php:27

actioninstant_articles_article_headincludes\frontend\class-adplugg-facebook-instant-articles.php:32

actioninstant_articles_article_headerincludes\frontend\class-adplugg-facebook-instant-articles.php:33

filterinstant_articles_transformed_elementincludes\frontend\class-adplugg-facebook-instant-articles.php:36

actioninstant_articles_after_transform_postincludes\frontend\class-adplugg-facebook-instant-articles.php:37

filterthe_content_feedincludes\frontend\class-adplugg-feed.php:25

filterwp_headincludes\frontend\class-adplugg-sdk.php:24

filtermailpoet_newsletter_shortcodeincludes\integrations\mailpoet\class-adplugg-mailpoet.php:26

Maintenance & Trust

AdPlugg WordPress Ad Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version5.2.4

Downloads185K

Community Trust

Rating88/100

Number of ratings36

Active installs500

Alternatives

AdPlugg WordPress Ad Plugin Alternatives

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks

ad-commander

100

Insert image banner ads, Google AdSense, Amazon, affiliate ad networks. Rotate and randomize ad groups. Track impressions and clicks. Create ads.txt.

100 No CVEs

CM Ad Changer – A simple tool to control and optimize your site's banners

cm-ad-changer

Manage banner ad campaigns with the WordPress ad management plugin. Display ads via shortcodes or widgets and control how banners rotate.

100 3 CVEs

Ad Commander Tools

ad-commander-tools

Add-on for the Ad Commander plugin that allows you to import, export, and manage ad statistics. This plugin requires Ad Commander.

50 No CVEs

Adshares

adshares

The easiest way to connect your site to the Adshares network.

10 No CVEs

SmartyAds

smartyads

SmartyAds easy-to-install plugin allows efficient monetization of your WordPress built website or blog.

10 No CVEs

Developer Profile

AdPlugg WordPress Ad Plugin Developer Profile

adplugg

1 plugin · 500 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

3258 days

View full developer profile

Detection Fingerprints

How We Detect AdPlugg WordPress Ad Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/adplugg/includes/amp/class-adplugg-amp.php/wp-content/plugins/adplugg/includes/blocks/adplugg/class-adplugg-block.php/wp-content/plugins/adplugg/includes/core/class-adplugg-ad-tag-collector.php/wp-content/plugins/adplugg/includes/core/class-adplugg-ad-tag-collection.php/wp-content/plugins/adplugg/includes/core/class-adplugg-ad-tag.php/wp-content/plugins/adplugg/includes/frontend/class-adplugg-feed.php/wp-content/plugins/adplugg/includes/frontend/class-adplugg-facebook-instant-articles.php/wp-content/plugins/adplugg/includes/frontend/class-adplugg-sdk.php+4 more

Script Paths

/wp-content/plugins/adplugg/assets/js/adplugg.min.js/wp-content/plugins/adplugg/assets/js/adplugg.js

Version Parameters

adplugg/style.css?ver=adplugg/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

adplugg-widget

HTML Comments

The AdPlugg Admin class sets up and controls the AdPlugg Plugin administrator
 * interace.

+24 more

Data Attributes

data-adplugg-id

JS Globals

AdPluggSDKadplugg_sdk_config

REST Endpoints

/wp-json/adplugg/v1/settings

Shortcode Output

[adplugg]

FAQ