Does Content.ad have any unpatched vulnerabilities?

No. All known vulnerabilities in Content.ad have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Content.ad compatible with WordPress 5.5.18?

According to WordPress.org data, Content.ad 1.3.7 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is Content.ad updated?

Content.ad was last updated on Nov 3, 2020. Frequent updates are generally a positive security signal.

What is Content.ad's security score?

Content.ad has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Content.ad Security & Risk Analysis

wordpress.org/plugins/contentad

Display popular content to your users from your own site and/or from our sponsored partners, increasing visitor engagement and revenue.

100 active installs v1.3.7 PHP + WP 3.0.6+ Updated Nov 3, 2020

adsadvertisingengagementrelated-contentrevenue

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Content.ad Safe to Use in 2026?

Generally Safe

Score 85/100

Content.ad has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The 'contentad' plugin version 1.3.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded past vulnerabilities, suggesting a generally secure development history. However, there are significant concerns related to its attack surface and data sanitization. The presence of an unprotected AJAX handler represents a direct entry point that could be exploited without proper authentication. Furthermore, a taint analysis revealed a flow with unsanitized paths, indicating a potential for vulnerabilities if user-supplied data is not handled carefully. While the code signals for dangerous functions and SQL are clean, the insufficient output escaping (only 29% properly escaped) is a notable weakness, increasing the risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

Unprotected AJAX handler
Flow with unsanitized paths
Low output escaping percentage

Vulnerabilities

None known

Content.ad Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Content.ad Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

29% escaped51 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

save_post (includes\post-type.class.php:234)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Content.ad Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 2

authwp_ajax_edit_contentad_widgetincludes\init.class.php:19

authwp_ajax_track_registration_clicksincludes\init.class.php:42

Shortcodes 1

[contentad] includes\init.class.php:21

WordPress Hooks 29

filtermce_buttonscontentad.php:114

actionplugins_loadedcontentad.php:136

actionadmin_menuincludes\admin\admin.class.php:12

actionadmin_initincludes\admin\admin.class.php:13

actionadmin_noticesincludes\admin\admin.class.php:14

actionload-edit.phpincludes\admin\admin.class.php:46

filterparent_fileincludes\admin\wp3-menu-fix.class.php:5

actionadminmenuincludes\admin\wp3-menu-fix.class.php:6

actionadmin_menuincludes\admin\wp3-menu-fix.class.php:7

actioninitincludes\init.class.php:16

actionca_cronincludes\init.class.php:17

actionwidgets_initincludes\init.class.php:18

actioncontentadincludes\init.class.php:20

actioncontentad_exitpopincludes\init.class.php:22

actioninitincludes\init.class.php:41

actionwp_headincludes\init.class.php:43

filterthe_contentincludes\init.class.php:44

actionwp_footerincludes\init.class.php:45

filterplugin_row_metaincludes\init.class.php:46

filterplugin_action_links_contentad/contentad.phpincludes\init.class.php:47

actioninitincludes\plugin-review.class.php:31

actionadmin_noticesincludes\plugin-review.class.php:52

actioninitincludes\post-type.class.php:8

actionsave_postincludes\post-type.class.php:9

filtermanage_edit-content_ad_widget_columnsincludes\post-type.class.php:44

filtermanage_content_ad_widget_posts_columnsincludes\post-type.class.php:46

actionmanage_posts_custom_columnincludes\post-type.class.php:47

filtermanage_content_ad_widget_posts_custom_columnincludes\post-type.class.php:50

actionquick_edit_custom_boxincludes\post-type.class.php:53

Scheduled Events 1

ca_cron

Maintenance & Trust

Content.ad Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedNov 3, 2020

PHP min version

Downloads110K

Community Trust

Rating76/100

Number of ratings16

Active installs100

Alternatives

Content.ad Alternatives

Zool Viral Ads

zool-viral-ads

Display popular content to your users from your own site and/or from our sponsored partners, increasing visitor engagement and revenue.

10 No CVEs

HBAgency

hbagency

Effortlessly integrate HBAgency on your website with our official plugin. Insert ads.txt, manage placements, and integrate our script seamlessly.

9K No CVEs

CODEC Sponsored Content

codec-sponsored-content

Premium monetizing system for quality blogs & publications (English-language websites only.) Generate revenue by displaying a widget with manually …

10 No CVEs

Panxo AI Monetization

panxo-ai-monetization

100

Automatically monetize your WordPress site with AI-powered programmatic advertising. Zero configuration required.

0 No CVEs

Ads.txt Manager

ads-txt

100

Create, manage, and validate your ads.txt and app-ads.txt from within WordPress, like any other content asset.

100K No CVEs

Developer Profile

Content.ad Developer Profile

NewClarity

4 plugins · 1K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

3527 days

View full developer profile

Detection Fingerprints

How We Detect Content.ad

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contentad/includes/assets/css/admin/admin.css/wp-content/plugins/contentad/includes/assets/js/admin/admin.js/wp-content/plugins/contentad/includes/assets/js/admin/tinymce-plugin.js

Script Paths

/wp-content/plugins/contentad/includes/assets/js/admin/admin.js/wp-content/plugins/contentad/includes/assets/js/admin/tinymce-plugin.js

Version Parameters

contentad/includes/assets/css/admin/admin.css?ver=contentad/includes/assets/js/admin/admin.js?ver=contentad/includes/assets/js/admin/tinymce-plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes

contentad_instructions_help

Data Attributes

data-contentad-preview-urldata-contentad-preview-url-typedata-contentad-preview-iddata-contentad-preview-post-type

JS Globals

contentad_admin_params

FAQ