Does Banner Upload have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Banner Upload compatible with WordPress 4.7.33?

According to WordPress.org data, Banner Upload 1.6 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Banner Upload updated?

Banner Upload was last updated on Mar 14, 2017. Frequent updates are generally a positive security signal.

What is Banner Upload's security score?

Banner Upload has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Banner Upload Security & Risk Analysis

wordpress.org/plugins/banner-upload

Easy way to display the different size of banner advertisements in WordPress using widgets

500 active installs v1.6 PHP + WP 4.3+ Updated Mar 14, 2017

adsadvertisementbannerbanner-adswidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Banner Upload Safe to Use in 2026?

Generally Safe

Score 85/100

Banner Upload has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "banner-upload" v1.6 plugin exhibits a very small attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed. This suggests a limited potential for direct exploitation through these common WordPress entry points. Furthermore, the plugin demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and has no recorded vulnerability history. This indicates a generally well-developed and maintained plugin from a security perspective.

However, a significant concern arises from the low percentage (30%) of properly escaped output. This means that a substantial portion of the data displayed by the plugin may not be sanitized, potentially leading to Cross-Site Scripting (XSS) vulnerabilities. While no taint analysis results indicate immediate critical or high severity issues, the lack of proper output escaping creates a fertile ground for attackers to inject malicious scripts if they can control the input to these unescaped outputs. The absence of nonce checks and capability checks on potential (though currently unlisted) entry points also represent a potential weakness, as these are crucial for preventing CSRF and unauthorized actions.

Key Concerns

Low percentage of properly escaped output
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

Banner Upload Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Banner Upload Release Timeline

v1.6Current

v1.4

v1.3.1

v1.3

v1.2.1

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Banner Upload Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

30% escaped27 total outputs

Attack Surface

Banner Upload Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionwidgets_initbanner-upload.php:14

actionadmin_enqueue_scriptsbanner-upload.php:151

Maintenance & Trust

Banner Upload Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedMar 14, 2017

PHP min version

Downloads34K

Community Trust

Rating100/100

Number of ratings2

Active installs500

Alternatives

Banner Upload Alternatives

Random Banner

random-banner

Display random image, SWF, or script ads across your WordPress site with this powerful, customizable, and user-friendly Random Banner plugin.

1K 2 unpatched

Ad Rotator

ad-rotator

Ad Rotator is a simple widget to display random HTML code (advertisements) from a given group of HTML-chunks on sidebar.

200 No CVEs

AdRotate Switch

adrotate-switch

Looking for a fresh start with AdRotate Banner Manager or AdRotate Professional but you don't want to have to re-do all your ads?

70 No CVEs

MAIRDUMONT NETLETIX Ads

nx-ads

MAIRDUMONT NETLETIX ads integration. This plugin is only for publishers who have a marketing contract with MAIRDUMONT NETLETIX.

40 No CVEs

AADS

a-ads

This plugin allows you to easily integrate https://aads.com/ banner advertisement into your website.

20 No CVEs

Developer Profile

Banner Upload Developer Profile

M A Vinoth Kumar

21 plugins · 4K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

462 days

View full developer profile

Detection Fingerprints

How We Detect Banner Upload

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/banner-upload/js/script.js

Script Paths