WP-Safety

Easy Google Adsense and Banner Ads Manager – AdsforWP Security & Risk Analysis

wordpress.org/plugins/ads-for-wp

AdsforWP is an Google Ads & Banner ads plugin built for WordPress & AMP. Easy to Use, Unlimited Incontent Ads, Adsense, Premium Features and more.

2K active installs v1.9.34 PHP 5.6.20+ WP 4.5+ Updated Dec 2, 2025
adsadsenseadvertisementampmedia-net
97
A · Safe
CVEs total3
Unpatched0
Last CVEJul 11, 2024
Plugin page Download
Safety Verdict

Is Easy Google Adsense and Banner Ads Manager – AdsforWP Safe to Use in 2026?

Generally Safe

Score 97/100

Easy Google Adsense and Banner Ads Manager – AdsforWP has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 11, 2024Updated 4mo ago
Risk Assessment

The 'ads-for-wp' plugin v1.9.34 exhibits a mixed security posture. The static analysis reveals a strong adherence to secure coding practices in several key areas. Notably, 100% of SQL queries are prepared, and a high percentage (87%) of output is properly escaped, significantly reducing the risk of SQL injection and common XSS vulnerabilities. The plugin also boasts robust authentication with 41 nonce checks and 38 capability checks across its entry points. There are no directly exposed AJAX handlers or REST API routes without authentication. However, the presence of two instances of the `unserialize()` function is a significant concern, as this function is notoriously dangerous and can lead to arbitrary code execution if used with untrusted input. Furthermore, the taint analysis indicates 4 high-severity flows with unsanitized paths, suggesting potential vulnerabilities where user input might not be adequately validated or escaped before being used in sensitive operations.

The plugin's vulnerability history shows a total of 3 known CVEs, with the most recent in July 2024. While there are currently no unpatched CVEs, the past prevalence of high and medium severity vulnerabilities, specifically Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS), indicates a recurring pattern of security weaknesses. The types of past vulnerabilities suggest that input validation and output encoding might have been historically insufficient, though current static analysis suggests improvements in these areas. The existence of these past issues, coupled with the identified taint flows and the use of `unserialize()`, means that while immediate threats might be mitigated by current patching, the underlying codebase may still contain latent risks or be susceptible to novel attack vectors if input sanitization is not comprehensively applied to all user-controllable data.

In conclusion, 'ads-for-wp' v1.9.34 has made strides in security, particularly in SQL handling and output escaping. The absence of unpatched CVEs is positive. Nevertheless, the continued presence of `unserialize()` and the identified high-severity taint flows represent critical risks that require immediate attention. The historical pattern of CSRF and XSS vulnerabilities, even if currently patched, suggests that ongoing vigilance and rigorous security auditing of any new code changes are paramount to prevent future compromises.

Key Concerns

  • Dangerous function 'unserialize' used
  • 4 high severity taint flows
  • Past high severity CVE
  • Past medium severity CVEs (2)
Vulnerabilities
3

Easy Google Adsense and Banner Ads Manager – AdsforWP Security Vulnerabilities

CVEs by Year

2 CVEs in 2019
2019
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2024-38751medium · 4.3Cross-Site Request Forgery (CSRF)

Google Adsense & Banner Ads by AdsforWP <= 1.9.28 - Cross-Site Request Forgery

Jul 11, 2024 Patched in 1.9.29 (20d)
WF-3d36d52e-7247-4f06-ae10-7827ae242983-ads-for-wphigh · 8.8Cross-Site Request Forgery (CSRF)

Google Adsense & Banner Ads by AdsforWP <= 1.8 - Cross-Site Request Forgery

Jun 26, 2019 Patched in 1.9 (1672d)
WF-bf5fe4c5-0a18-4efb-b492-fad2ae3ca3da-ads-for-wpmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Adsense & Banner Ads by AdsforWP < 1.6 - Cross-Site Scripting

Mar 26, 2019 Patched in 1.6 (1764d)
Code Analysis
Analyzed Mar 16, 2026

Easy Google Adsense and Banner Ads Manager – AdsforWP Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
36 prepared
Unescaped Output
165
1063 escaped
Nonce Checks
41
Capability Checks
38
File Operations
0
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta( $post_id, $key, unserialize( $ad[0] ) );admin\class-adsforwp-admin-common-functions.php:166
unserializeupdate_post_meta( $post_id, $key, unserialize( $ad[0] ) );admin\class-adsforwp-admin-common-functions.php:210

SQL Query Safety

100% prepared36 total queries

Output Escaping

87% escaped1228 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

11 flows4 with unsanitized paths
adsforwp_handle_file_upload (admin\class-adsforwp-admin-settings.php:262)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Easy Google Adsense and Banner Ads Manager – AdsforWP Attack Surface

Entry Points27
Unprotected0

AJAX Handlers 25

noprivwp_ajax_adsforwp_insert_ad_impressionadmin\class-adsforwp-admin-analytics.php:17
authwp_ajax_adsforwp_insert_ad_impressionadmin\class-adsforwp-admin-analytics.php:18
noprivwp_ajax_adsforwp_insert_ad_clicksadmin\class-adsforwp-admin-analytics.php:20
authwp_ajax_adsforwp_insert_ad_clicksadmin\class-adsforwp-admin-analytics.php:21
noprivwp_ajax_adsforwp_insert_ad_clicks_ampadmin\class-adsforwp-admin-analytics.php:23
authwp_ajax_adsforwp_insert_ad_clicks_ampadmin\class-adsforwp-admin-analytics.php:24
noprivwp_ajax_adsforwp_insert_ad_impression_ampadmin\class-adsforwp-admin-analytics.php:26
authwp_ajax_adsforwp_insert_ad_impression_ampadmin\class-adsforwp-admin-analytics.php:27
authwp_ajax_adsforwp_export_all_settingsadmin\class-adsforwp-admin-common-functions.php:20
authwp_ajax_adsforwp_subscribe_newsletteradmin\class-adsforwp-admin-settings.php:1117
authwp_ajax_adsforwp_create_ajax_select_boxadmin\class-adsforwp-ajax-selectbox.php:11
authwp_ajax_adsforwp_ajax_select_taxonomyadmin\class-adsforwp-ajax-selectbox.php:12
authwp_ajax_adsforwp_visitor_condition_type_valuesadmin\class-adsforwp-ajax-selectbox.php:13
authwp_ajax_adsforwp_comparision_condition_type_valuesadmin\class-adsforwp-ajax-selectbox.php:14
authwp_ajax_adsforwp_reset_all_settingsadmin\control-center.php:177
authwp_ajax_adsforwp_review_notice_remindmeadmin\control-center.php:363
authwp_ajax_adsforwp_review_notice_closeadmin\control-center.php:390
authwp_ajax_adsforwp_import_plugin_dataadmin\control-center.php:474
authwp_ajax_adsforwp_send_query_messageadmin\control-center.php:553
authwp_ajax_adsforwp_check_metaadmin\control-center.php:721
authwp_ajax_adsforwp_send_feedbackadmin\mb-helper-function.php:106
noprivwp_ajax_adsforwp_update_amp_sticky_ad_statusoutput\class-adsforwp-output-functions.php:99
noprivwp_ajax_adsforwp_check_amp_sticky_ad_statusoutput\class-adsforwp-output-functions.php:100
authwp_ajax_adsforwp_update_amp_sticky_ad_statusoutput\class-adsforwp-output-functions.php:102
authwp_ajax_adsforwp_check_amp_sticky_ad_statusoutput\class-adsforwp-output-functions.php:103

Shortcodes 2

[adsforwp] output\class-adsforwp-output-functions.php:87
[adsforwp-group] output\class-adsforwp-output-functions.php:88
WordPress Hooks 117
actionadmin_initadmin\ads-setup.php:6
filteramp_post_template_dataadmin\class-adsforwp-admin-analytics.php:29
filteramp_post_template_footeradmin\class-adsforwp-admin-analytics.php:30
actionadmin_initadmin\class-adsforwp-admin-common-functions.php:19
actionadmin_menuadmin\class-adsforwp-admin-settings.php:11
actionadmin_initadmin\class-adsforwp-admin-settings.php:12
actionupload_mimesadmin\class-adsforwp-admin-settings.php:13
filterpre_update_option_adsforwp_settingsadmin\class-adsforwp-admin-settings.php:14
filteradsforwp_localize_filteradmin\class-adsforwp-ads-newsletter.php:11
actioninitadmin\control-center.php:55
actioninitadmin\control-center.php:57
actionplugins_loadedadmin\control-center.php:183
actionrestrict_manage_postsadmin\control-center.php:245
filterparse_queryadmin\control-center.php:272
actionrestrict_manage_postsadmin\control-center.php:309
filterparse_queryadmin\control-center.php:333
actionadmin_menuadmin\control-center.php:484
actionshow_user_profileadmin\control-center.php:610
actionedit_user_profileadmin\control-center.php:611
actionpersonal_options_updateadmin\control-center.php:637
actionedit_user_profile_updateadmin\control-center.php:638
filterthe_titleadmin\control-center.php:667
actionwp_loadedadmin\control-center.php:865
actionwidgets_initadmin\control-center.php:873
actioninitadmin\control-center.php:926
filterviews_edit-adsforwpadmin\control-center.php:949
filtermanage_adsforwp-groups_posts_columnsadmin\control-center.php:973
actionmanage_adsforwp_posts_custom_columnadmin\control-center.php:1092
filtermanage_adsforwp_posts_columnsadmin\control-center.php:1119
actionmanage_adsforwp-groups_posts_custom_columnadmin\control-center.php:1135
actionadmin_initadmin\control-center.php:1145
actionwp_enqueue_scriptsadmin\control-center.php:1195
filteradsforwp_localize_browser_filteradmin\control-center.php:1197
actionadmin_enqueue_scriptsadmin\control-center.php:1304
actionsave_post_adsforwpadmin\control-center.php:1372
actionpublish_adsforwpadmin\control-center.php:1373
actiontrash_adsforwpadmin\control-center.php:1374
actionuntrash_adsforwpadmin\control-center.php:1375
actionsave_post_adsforwp-groupsadmin\control-center.php:1444
actionpublish_adsforwp-groupsadmin\control-center.php:1445
actiontrash_adsforwp-groupsadmin\control-center.php:1446
actionuntrash_adsforwp-groupsadmin\control-center.php:1447
actionsave_postadmin\control-center.php:1448
actionadmin_noticesadmin\control-center.php:1473
filteradsforwp_localize_filteradmin\control-center.php:1478
actioninitadmin\inc\gutenberg\class-adsforwp-ads-gutenberg.php:11
actionenqueue_block_editor_assetsadmin\inc\gutenberg\class-adsforwp-ads-gutenberg.php:12
actionadmin_enqueue_scriptsadmin\mb-helper-function.php:110
filteradmin_footeradmin\mb-helper-function.php:123
actionadmin_initads-for-wp.php:81
actionadmin_noticesads-for-wp.php:141
filterplugin_row_metaads-for-wp.php:170
actionampforwp_add_loop_classoutput\class-adsforwp-output-amp-condition-display.php:27
actionampforwp_after_headeroutput\class-adsforwp-output-amp-condition-display.php:29
actionampforwp_design_1_after_headeroutput\class-adsforwp-output-amp-condition-display.php:30
actionamp_post_template_footeroutput\class-adsforwp-output-amp-condition-display.php:33
actionamp_post_template_above_footeroutput\class-adsforwp-output-amp-condition-display.php:36
actionampforwp_before_post_contentoutput\class-adsforwp-output-amp-condition-display.php:39
actionampforwp_inside_post_content_beforeoutput\class-adsforwp-output-amp-condition-display.php:40
actionampforwp_after_post_contentoutput\class-adsforwp-output-amp-condition-display.php:43
actionampforwp_inside_post_content_afteroutput\class-adsforwp-output-amp-condition-display.php:44
actionampforwp_below_the_titleoutput\class-adsforwp-output-amp-condition-display.php:47
actionampforwp_above_related_postoutput\class-adsforwp-output-amp-condition-display.php:50
actionampforwp_below_author_boxoutput\class-adsforwp-output-amp-condition-display.php:53
actionampforwp_between_loopoutput\class-adsforwp-output-amp-condition-display.php:55
actionampforwp_after_featured_image_hookoutput\class-adsforwp-output-amp-condition-display.php:57
actionamp_initoutput\class-adsforwp-output-amp-condition-display.php:258
actionamp_initoutput\class-adsforwp-output-functions.php:52
actioninitoutput\class-adsforwp-output-functions.php:54
filterwidget_textoutput\class-adsforwp-output-functions.php:58
actionwp_headoutput\class-adsforwp-output-functions.php:60
actionwp_headoutput\class-adsforwp-output-functions.php:61
actionwp_headoutput\class-adsforwp-output-functions.php:63
actionwp_headoutput\class-adsforwp-output-functions.php:64
actionwp_headoutput\class-adsforwp-output-functions.php:66
actionwp_footeroutput\class-adsforwp-output-functions.php:67
actionwp_footeroutput\class-adsforwp-output-functions.php:68
actionwp_body_openoutput\class-adsforwp-output-functions.php:69
actionwp_headoutput\class-adsforwp-output-functions.php:71
actionwp_headoutput\class-adsforwp-output-functions.php:72
actionamp_post_template_footeroutput\class-adsforwp-output-functions.php:75
actionamp_post_template_headoutput\class-adsforwp-output-functions.php:79
actionwp_headoutput\class-adsforwp-output-functions.php:80
actionamp_post_template_headoutput\class-adsforwp-output-functions.php:81
actionamp_post_template_footeroutput\class-adsforwp-output-functions.php:82
filterthe_contentoutput\class-adsforwp-output-functions.php:86
actionwp_footeroutput\class-adsforwp-output-functions.php:91
actionwp_footeroutput\class-adsforwp-output-functions.php:92
filteramp_post_template_dataoutput\class-adsforwp-output-functions.php:93
actionamp_post_template_cssoutput\class-adsforwp-output-functions.php:94
actionamp_post_template_cssoutput\class-adsforwp-output-functions.php:95
actionamp_post_template_cssoutput\class-adsforwp-output-functions.php:96
actionamp_post_template_footeroutput\class-adsforwp-output-functions.php:97
actionamp_post_template_cssoutput\class-adsforwp-output-functions.php:104
actioninitoutput\class-adsforwp-output-functions.php:105
actionparse_queryoutput\class-adsforwp-output-functions.php:106
actionamp_post_template_above_footeroutput\class-adsforwp-output-functions.php:107
actionampforwp_after_headeroutput\class-adsforwp-output-functions.php:108
filteramp_story_auto_ads_configurationoutput\class-adsforwp-output-functions.php:110
filteramp_post_template_dataoutput\class-adsforwp-output-functions.php:996
actionadd_meta_boxesview\class-adsforwp-amp-compatibility.php:10
actionsave_postview\class-adsforwp-amp-compatibility.php:11
actionadd_meta_boxesview\class-adsforwp-view-ad-groups.php:66
actionsave_postview\class-adsforwp-view-ad-groups.php:67
actionadd_meta_boxesview\class-adsforwp-view-ads-type.php:881
actionsave_postview\class-adsforwp-view-ads-type.php:882
actioninitview\class-adsforwp-view-ads-type.php:883
actionadd_meta_boxesview\class-adsforwp-view-ads-visibility.php:25
actionsave_postview\class-adsforwp-view-ads-visibility.php:26
actionadd_meta_boxesview\class-adsforwp-view-display.php:247
actionsave_postview\class-adsforwp-view-display.php:248
actionadd_meta_boxesview\class-adsforwp-view-expiredate.php:60
actionsave_postview\class-adsforwp-view-expiredate.php:61
actionadd_meta_boxesview\class-adsforwp-view-placement.php:9
actionsave_postview\class-adsforwp-view-placement.php:10
actionadd_meta_boxesview\class-adsforwp-view-visitor-condition.php:10
actionsave_postview\class-adsforwp-view-visitor-condition.php:11
Maintenance & Trust

Easy Google Adsense and Banner Ads Manager – AdsforWP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version5.6.20
Downloads219K

Community Trust

Rating92/100
Number of ratings43
Active installs2K
Alternatives

Easy Google Adsense and Banner Ads Manager – AdsforWP Alternatives

Ad Inserter – Ad Manager & AdSense Ads

Ad Inserter – Ad Manager & AdSense Ads

ad-inserter

A
88

Manage Google AdSense ads, banners, ad rotation, sticky widgets, AMP ads, ads.txt, tracking, header and footer code, PHP code, global custom fields

300K 12 CVEs
Easy Google AdSense

Easy Google AdSense

easy-google-adsense

A
100

Easily add Google AdSense ad code to your WordPress site. Automatically show Google ads optimized for your site at optimal times and increase revenue.

5K No CVEs
Master Post Advert

Master Post Advert

master-post-advert

A
85

Display advertising between the introduction and post content.

1K No CVEs
Random Banner

Random Banner

random-banner

C
54

Display random image, SWF, or script ads across your WordPress site with this powerful, customizable, and user-friendly Random Banner plugin.

1K 2 unpatched
Quick Adsense Mobile

Quick Adsense Mobile

quick-adsense-mobile

A
85

Quick Adsense Mobile is a plugin based on Quick Adsense , this plugins offers a quicker & flexible way to insert Google Adsense or any Ads code in &hellip;

200 No CVEs
Developer Profile

Easy Google Adsense and Banner Ads Manager – AdsforWP Developer Profile

Magazine3

13 plugins · 739K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
327 days
View full developer profile
Detection Fingerprints

How We Detect Easy Google Adsense and Banner Ads Manager – AdsforWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ads-for-wp/admin/inc/gutenberg/block.json/wp-content/plugins/ads-for-wp/admin/css/adsforwp-admin-style.css/wp-content/plugins/ads-for-wp/admin/js/adsforwp-admin-script.js/wp-content/plugins/ads-for-wp/output/css/adsforwp-output.css/wp-content/plugins/ads-for-wp/output/js/adsforwp-output.js/wp-content/plugins/ads-for-wp/assets/css/adsforwp-admin-style.css/wp-content/plugins/ads-for-wp/assets/js/adsforwp-admin-script.js/wp-content/plugins/ads-for-wp/assets/css/adsforwp-output.css+1 more
Script Paths
/wp-content/plugins/ads-for-wp/admin/inc/gutenberg/block.json/wp-content/plugins/ads-for-wp/admin/js/adsforwp-admin-script.js/wp-content/plugins/ads-for-wp/output/js/adsforwp-output.js/wp-content/plugins/ads-for-wp/assets/js/adsforwp-admin-script.js/wp-content/plugins/ads-for-wp/assets/js/adsforwp-output.js
Version Parameters
ads-for-wp/admin/css/adsforwp-admin-style.css?ver=ads-for-wp/admin/js/adsforwp-admin-script.js?ver=ads-for-wp/output/css/adsforwp-output.css?ver=ads-for-wp/output/js/adsforwp-output.js?ver=ads-for-wp/assets/css/adsforwp-admin-style.css?ver=ads-for-wp/assets/js/adsforwp-admin-script.js?ver=ads-for-wp/assets/css/adsforwp-output.css?ver=ads-for-wp/assets/js/adsforwp-output.js?ver=

HTML / DOM Fingerprints

CSS Classes
adsforwp-setup-noticeadsforwp-feedback-noticeadsforwp-feedback-notice-remindmeadsforwp-feedback-notice-close
HTML Comments
<!--ADSFORWP END--><!--ADSFORWP START-->
Data Attributes
adsforwp_ad_idadsforwp_ad_typeadsforwp_data_id
JS Globals
adsforwp_admin_scripts_paramsadsforwp_output_params
REST Endpoints
/wp-json/adsforwp/v1/get_ad_data
Shortcode Output
[adsforwp_ad_display]
FAQ

Frequently Asked Questions about Easy Google Adsense and Banner Ads Manager – AdsforWP