Does Easy Ad Picker have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Ad Picker have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Ad Picker compatible with WordPress 4.9.29?

According to WordPress.org data, Easy Ad Picker 1.0.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Easy Ad Picker updated?

Easy Ad Picker was last updated on May 1, 2018. Frequent updates are generally a positive security signal.

What is Easy Ad Picker's security score?

Easy Ad Picker has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Ad Picker Security Review — Score 85/100 (safe)

Safety Verdict

Is Easy Ad Picker Safe to Use in 2026?

Generally Safe

Score 85/100

Easy Ad Picker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "easy-ad-picker" plugin v1.0.1 exhibits a concerning security posture, primarily due to a significant number of unprotected entry points and critical taint analysis findings. While the plugin has no recorded vulnerability history, this is overshadowed by the static analysis results which reveal 3 unprotected AJAX handlers out of a total of 7 entry points. Furthermore, the taint analysis indicates 25 high-severity flows with unsanitized paths, suggesting potential vulnerabilities like cross-site scripting (XSS) or remote code execution (RCE) if user-supplied data is not properly handled. The presence of 24 instances of the dangerous `unserialize` function without clear sanitization or capability checks is another major red flag, as it can lead to object injection vulnerabilities.

Key Concerns

AJAX handlers without auth checks
High severity taint flows (unsanitized paths)
Dangerous function 'unserialize' used
SQL queries with low prepared statement usage
Output escaping below 75%
No nonce checks
No capability checks

Vulnerabilities

None known

Easy Ad Picker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Easy Ad Picker Code Analysis

Dangerous Functions

24

Raw SQL Queries

72

13 prepared

Unescaped Output

78

121 escaped

Nonce Checks

0

Capability Checks

0

File Operations

11

External Requests

3

Bundled Libraries

0

Dangerous Functions Found

unserialize$aFilters = unserialize($aAd->filters);admin\class-collages.php:113

unserialize$aTempProducts = unserialize($aAd->words);admin\class-collages.php:115

unserialize$aMedias = unserialize($aMedias->option_value);admin\class-import-products.php:64

unserialize$aFilters = unserialize($aAd->filters);admin\class-metaboxes.php:154

unserialize$aWords = unserialize($aAd->words);admin\class-metaboxes.php:155

unserialize$aFilters = unserialize($aAd->filters);admin\class-metaboxes.php:330

unserialize$aWords = unserialize($aAd->words);admin\class-metaboxes.php:331

unserialize$aData = unserialize($aNetwork->option_value);admin\class-networks.php:13

unserialize$aData = unserialize($aNetwork->option_value);admin\class-networks.php:419

unserialize$aData = unserialize($aNetwork->option_value);admin\class-settings.php:21

unserialize$aData = unserialize($aNetwork->option_value);admin\class-settings.php:31

unserialize$aFilters = unserialize($aAd->filters);frontend\class-ads.php:17

unserialize$aTempProducts = unserialize($aAd->words);frontend\class-ads.php:19

unserialize$aFilters = unserialize($aAd->filters);frontend\class-ads.php:49

unserialize$aTempWords = unserialize($aAd->words);frontend\class-ads.php:50

unserialize$aWords = unserialize($aAd->words);frontend\class-ads.php:92

unserialize$aFilters = unserialize($aAd->filters);frontend\class-ads.php:93

unserialize$aWords = unserialize($aAd->words);frontend\class-ads.php:145

unserialize$aFilters = unserialize($aAd->filters);frontend\class-ads.php:146

unserialize$aWords = unserialize($aAd->words);frontend\class-products-filters.php:106

unserialize$aFilters = unserialize($aAd->filters);frontend\class-products-filters.php:107

unserialize$aWords = unserialize($aAd->words);frontend\class-products-filters.php:195

unserialize$aFilters = unserialize($aAd->filters);frontend\class-products-filters.php:196

unserialize$aData = unserialize($aNetwork->option_value);frontend\class-settings.php:9

SQL Query Safety

15% prepared85 total queries

Output Escaping

61% escaped199 total outputs

Data Flows

41 unsanitized

Data Flow Analysis

25 flows41 with unsanitized paths

EAP_load_menu (admin\class-admin-init.php:55)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Easy Ad Picker Attack Surface

Entry Points7

Unprotected3

AJAX Handlers 3

authwp_ajax_adminadmin\class-admin-init.php:15

noprivwp_ajax_frontendfrontend\class-frontend-init.php:10

authwp_ajax_frontendfrontend\class-frontend-init.php:11

Shortcodes 4

[EAP_show_ad] frontend\class-frontend-init.php:15

[EAP_show_banners] frontend\class-frontend-init.php:16

[EAP_show_products] frontend\class-frontend-init.php:17

[EAP_show_advertisers] frontend\class-frontend-init.php:18

WordPress Hooks 11

actionadmin_initadmin\class-admin-init.php:7

actionadmin_initadmin\class-admin-init.php:8

actionwidgets_initadmin\class-admin-init.php:9

actionadmin_menuadmin\class-admin-init.php:10

actioninitadmin\class-admin-init.php:12

actionwp_print_scriptsadmin\class-admin-init.php:14

actionplugins_loadedeasyadpicker-main.php:12

actionplugins_loadedeasyadpicker-main.php:18

actioninitfrontend\class-frontend-init.php:6

actioninitfrontend\class-frontend-init.php:7

actionwp_print_scriptsfrontend\class-frontend-init.php:9

Maintenance & Trust

Easy Ad Picker Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMay 1, 2018

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Easy Ad Picker Alternatives

Daisycon prijsvergelijkers

daisycon

A

98

Promoot adverteerders van Daisycon eenvoudig en goed met de verschillende professionele prijsvergelijkers voor publishers.

400 2 CVEs

AffiliateX – Amazon Affiliate Plugin

affiliatex

A

96

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K 3 CVEs

Content Egg – Affiliate Product Importer & Price Comparison

content-egg

A

96

Import affiliate products, compare prices, sync to WooCommerce, and auto-generate SEO content with AI — all in one toolkit.

10K 3 CVEs

Affiliates Manager

affiliates-manager

A

95

Affiliates Manager plugin can help you manage an affiliate marketing program to drive more traffic and more sales to your site.

9K 12 CVEs

Product Catalog Feed by PixelYourSite

product-catalog-feed

B

84

WooCommerce auto-updated XML feeds for Facebook Product Catalogs (Dynamic Product Ads, Facebook Shops, Instagram), Google Merchant, and Pinterest Cata …

8K 3 CVEs

Developer Profile

Easy Ad Picker Developer Profile

EasyAdPicker

1 plugin · 10 total installs

84

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Easy Ad Picker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-ad-picker/css/front.css/wp-content/plugins/easy-ad-picker/js/front.js/wp-content/plugins/easy-ad-picker/css/admin.css/wp-content/plugins/easy-ad-picker/js/chart.min.js/wp-content/plugins/easy-ad-picker/js/jscolor.min.js/wp-content/plugins/easy-ad-picker/js/admin.js

Script Paths

/wp-content/plugins/easy-ad-picker/js/front.js/wp-content/plugins/easy-ad-picker/js/admin.js

Version Parameters

easy-ad-picker/css/front.css?ver=easy-ad-picker/js/front.js?ver=easy-ad-picker/css/admin.css?ver=easy-ad-picker/js/chart.min.js?ver=easy-ad-picker/js/jscolor.min.js?ver=easy-ad-picker/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

EAP-product-deleteEAP-product-imagecontainerEAP-product-titleEAP-product-title-showEAP-product-title-valueEAP-product-storeEAP-product-priceEAP-collages-searchproduct-value+3 more

Data Attributes

data-counter

JS Globals

easyadpicker_ajaxEAP_Admin_Widget_Products_filterEAP_Admin_MetaboxesEAP_Admin_AjaxEAP_Frontend_ShortcodesEAP_Frontend_Ajax+1 more

REST Endpoints

/wp-json/easyadpicker

Shortcode Output

[EAP_show_ad][EAP_show_banners][EAP_show_products][EAP_show_advertisers]

FAQ

Easy Ad Picker Security & Risk Analysis