Does Corner Ad have any unpatched vulnerabilities?

No. All known vulnerabilities in Corner Ad have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Corner Ad compatible with WordPress 6.9.4?

According to WordPress.org data, Corner Ad 1.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Corner Ad updated?

Corner Ad was last updated on Nov 28, 2025. Frequent updates are generally a positive security signal.

What is Corner Ad's security score?

Corner Ad has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Corner Ad Security & Risk Analysis

wordpress.org/plugins/corner-ad

Corner Ad is a minimally invasive advertising display that uses any of your webpage's top corners - a position typically under-utilized by develo …

400 active installs v1.2.1 PHP + WP 3.0.5+ Updated Nov 28, 2025

adadsadvertisingcorner-adpromotion

A · Safe

CVEs total3

Unpatched0

Last CVESep 9, 2022

Plugin page Download

Safety Verdict

Is Corner Ad Safe to Use in 2026?

Generally Safe

Score 98/100

Corner Ad has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 9, 2022Updated 4mo ago

Risk Assessment

The 'corner-ad' plugin version 1.2.1 presents a mixed security posture. On the positive side, it exhibits good practices in output escaping, with 91% of outputs being properly handled, and it utilizes nonce checks on 8 entry points and capability checks on 1. The static analysis also shows a relatively small attack surface with only 2 entry points, both of which appear to be protected by authentication. Furthermore, there are no directly dangerous functions identified in the code.

However, several concerns warrant attention. The taint analysis revealed one flow with unsanitized paths and a high severity taint, indicating a potential for vulnerabilities if this flow is not properly handled by developers. While the plugin boasts a low percentage of SQL queries using prepared statements (56%), this could still leave it susceptible to SQL injection attacks in the remaining 44%. The vulnerability history is also a significant concern, with 3 known CVEs, including one high severity vulnerability. The common types of past vulnerabilities (CSRF and XSS) suggest recurring weaknesses in input validation and output sanitization, even if they are currently patched. This history, coupled with the high severity taint flow, suggests a need for ongoing vigilance and potentially more robust security practices.

In conclusion, while 'corner-ad' v1.2.1 demonstrates some good security habits, particularly in output escaping and protected entry points, the presence of a high-severity taint flow and a history of significant vulnerabilities are notable weaknesses. The moderate use of prepared statements in SQL queries also presents a potential risk. Developers and users should be aware of these potential issues and ensure the plugin is kept up-to-date with any subsequent security patches.

Key Concerns

High severity taint flow detected
Only 56% of SQL queries use prepared statements
History of 1 high severity CVE
History of 2 medium severity CVEs

Vulnerabilities

Corner Ad Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

2 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2022-3427high · 8.8Cross-Site Request Forgery (CSRF)

Corner Ad <= 1.0.56 - Cross-Site Request Forgery

Sep 9, 2022 Patched in 1.0.57 (501d)

WF-b85e9bf4-0006-402a-ae46-a02fa854d995-corner-admedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Corner Ad <= 1.0.53 - Reflected Cross-Site Scripting

Aug 16, 2022 Patched in 1.0.54 (525d)

CVE-2017-18579medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Corner Ad < 1.0.8 - Cross-Site Scripting

Feb 16, 2017 Patched in 1.0.8 (2532d)

Code Analysis

Analyzed Mar 16, 2026

Corner Ad Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

113 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

56% prepared34 total queries

Output Escaping

91% escaped124 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

corner_ad_settings_page (corner-ad.php:252)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Corner Ad Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_cp_feedbackfeedback\cp-feedback.php:23

Shortcodes 1

[corner-ad] corner-ad.php:199

WordPress Hooks 20

actionadmin_bar_menubanner.php:105

actioninitcorner-ad.php:19

filterget_post_metadatacorner-ad.php:20

filteroption_sbp_settingscorner-ad.php:43

actionwpmu_new_blogcorner-ad.php:149

actionactivated_plugincorner-ad.php:162

actioninitcorner-ad.php:192

actionwp_footercorner-ad.php:202

actionadmin_initcorner-ad.php:209

actionmedia_buttonscorner-ad.php:220

actionadmin_menucorner-ad.php:243

actionadmin_enqueue_scriptsfeedback\cp-feedback.php:22

actionadmin_footerfeedback\cp-feedback.php:32

actioninitpagebuilders\builders.php:20

actionafter_setup_themepagebuilders\builders.php:21

actionenqueue_block_editor_assetspagebuilders\builders.php:28

actionelementor/widgets/registerpagebuilders\builders.php:31

actionelementor/elements/categories_registeredpagebuilders\builders.php:32

filtersiteorigin_widgets_widget_folderspagebuilders\builders.php:44

filtersiteorigin_panels_widget_dialog_tabspagebuilders\builders.php:45

Maintenance & Trust

Corner Ad Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 28, 2025

PHP min version

Downloads77K

Community Trust

Rating94/100

Number of ratings33

Active installs400

Alternatives

Corner Ad Alternatives

Magic Popups

magic-popups

The most complete popup plugin. Create Magic Popups with multiple selections & styles to show up on the front end.

10 No CVEs

Ads.txt Manager

ads-txt

100

Create, manage, and validate your ads.txt and app-ads.txt from within WordPress, like any other content asset.

100K No CVEs

Website Article Monetization By MageNet

website-article-monetization-by-magenet

100

Get additional income from your website or blog by placing text ads automatically.

20K 1 CVE

Website Monetization by MageNet

website-monetization-by-magenet

100

Get additional income from your website or blog by placing text ads automatically.

20K 1 CVE

Meks Easy Ads Widget

meks-easy-ads-widget

Display unlimited number of ads inside your WordPress widget.

10K 1 CVE

Developer Profile

Corner Ad Developer Profile

codepeople

34 plugins · 89K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

964 days

View full developer profile

Detection Fingerprints

How We Detect Corner Ad

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/corner-ad/css/cornerad-style.css/wp-content/plugins/corner-ad/css/animate.min.css/wp-content/plugins/corner-ad/js/cornerad.js/wp-content/plugins/corner-ad/pagebuilders/builders.js

Script Paths

/wp-content/plugins/corner-ad/js/cornerad.js

Version Parameters

cornerad-style.css?ver=animate.min.css?ver=cornerad.js?ver=builders.js?ver=

HTML / DOM Fingerprints

CSS Classes

cp-cornerad-wrapcp-cornerad

HTML Comments

Data Attributes

data-cornerad-iddata-cornerad-delaydata-cornerad-urldata-cornerad-target

JS Globals

cp_cornerad_vars

Shortcode Output

[corner-ad id=

FAQ