WP-Safety

Evadav Security & Risk Analysis

wordpress.org/plugins/evadav

Evadav - Monetize your site

10 active installs v1.0.0 PHP 7.0+ WP 5.3+ Updated Feb 1, 2021
evadavmonetizationpushpush-notificationtraffic-monetization
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Evadav Safe to Use in 2026?

Generally Safe

Score 85/100

Evadav has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "evadav" v1.0.0 plugin exhibits a concerning security posture due to a significant attack surface with no authentication checks on its AJAX handlers. The static analysis reveals that all 6 AJAX entry points lack authorization, making them prime targets for unauthorized actions. Furthermore, the plugin's SQL query handling is a major weakness, with 100% of queries not using prepared statements, which is a significant risk for SQL injection vulnerabilities. Taint analysis also highlights 3 flows with unsanitized paths, two of which are classified as high severity, indicating potential for malicious data to be processed and lead to exploits. The absence of nonce checks on these unprotected AJAX handlers further exacerbates these risks.

Despite these critical code-level issues, the plugin has no recorded vulnerability history, which is a positive indicator in isolation. However, this lack of historical data does not negate the immediate risks identified through static and taint analysis. The plugin's strengths lie in its lack of file operations and external HTTP requests, as well as a single capability check, but these are overshadowed by the critical vulnerabilities in its input handling and data processing. Overall, "evadav" v1.0.0 presents a high-risk profile requiring immediate attention to secure its AJAX endpoints and address its insecure SQL practices.

Key Concerns

  • AJAX handlers without auth checks
  • Raw SQL without prepared statements
  • High severity taint flows
  • Unsanitized paths in taint flows
  • Missing nonce checks on AJAX
  • Low percentage of properly escaped output
Vulnerabilities
None known

Evadav Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Evadav Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Evadav Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
0 prepared
Unescaped Output
23
8 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
12
Bundled Libraries
0

SQL Query Safety

0% prepared11 total queries

Output Escaping

26% escaped31 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
delete_widget_callback (admin\class-evadav-admin.php:209)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Evadav Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_evadav_update_viewadmin\class-evadav-admin.php:55
authwp_ajax_evadav_synchronizeadmin\class-evadav-admin.php:56
authwp_ajax_evadav_create_widgetadmin\class-evadav-admin.php:57
authwp_ajax_evadav_delete_widgetadmin\class-evadav-admin.php:58
authwp_ajax_evadav_disconnectadmin\class-evadav-admin.php:59
authwp_ajax_evadav_get_statisticadmin\class-evadav-admin.php:60
WordPress Hooks 6
actionadmin_menuadmin\class-evadav-admin.php:50
actionadmin_enqueue_scriptsadmin\class-evadav-admin.php:52
actionadmin_enqueue_scriptsadmin\class-evadav-admin.php:53
actionwidgets_initevadav-widget.php:37
actionparse_requestpublic\class-evadav-public.php:24
actionwp_enqueue_scriptspublic\class-evadav-public.php:25
Maintenance & Trust

Evadav Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedFeb 1, 2021
PHP min version7.0
Downloads2K

Community Trust

Rating100/100
Number of ratings31
Active installs10
Alternatives

Evadav Alternatives

Monetizer

Monetizer

monetizer

A
92

Monetize your site with Monetizer.

10 No CVEs
WebSuite Push Notifier

WebSuite Push Notifier

websuite-push-notifier

A
85

Send push notifications with custom messaging when a post is published.

10 No CVEs
OneSignal – Web Push Notifications

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

A
97

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 3 CVEs
PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget

pushengage

A
100

The #1 push notification plugin for WordPress & WooCommerce. Recover abandoned carts, automate alerts, and grow subscribers — no code needed.

10K No CVEs
Web Push Notifications – Webpushr

Web Push Notifications – Webpushr

webpushr-web-push-notifications

A
92

Fastest growing & lightweight plugin for Web Push Notifications. Add browser push notifications to your WordPress & WooCommerce site.

10K 4 CVEs
Developer Profile

Evadav Developer Profile

EVADAV Plugin

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Evadav

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/evadav/css/evadav-admin.css/wp-content/plugins/evadav/js/evadav-daterangepicker.js/wp-content/plugins/evadav/js/evadav-admin.js
Script Paths
/wp-content/plugins/evadav/js/evadav-daterangepicker.js/wp-content/plugins/evadav/js/evadav-admin.js
Version Parameters
evadav-admin.css?ver=evadav-daterangepicker.js?ver=evadav-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
evadav-widget-itemevadav-push-nativeevadav-push-webevadav-popunder-nativeevadav-native
Data Attributes
data-widget-id
JS Globals
evadav_admin_params
REST Endpoints
/wp-json/evadav/v1/settings
FAQ

Frequently Asked Questions about Evadav