Does HBAgency have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is HBAgency compatible with WordPress 6.6.5?

According to WordPress.org data, HBAgency 1.0.5 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is HBAgency compatible with PHP 7.3+?

HBAgency requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is HBAgency updated?

HBAgency was last updated on Dec 10, 2024. Frequent updates are generally a positive security signal.

What is HBAgency's security score?

HBAgency has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HBAgency Security & Risk Analysis

wordpress.org/plugins/hbagency

Effortlessly integrate HBAgency on your website with our official plugin. Insert ads.txt, manage placements, and integrate our script seamlessly.

9K active installs v1.0.5 PHP 7.3+ WP 6.0+ Updated Dec 10, 2024

adsadvertisinghbagencymonetizerevenues

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HBAgency Safe to Use in 2026?

Generally Safe

Score 92/100

HBAgency has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "hbagency" plugin v1.0.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query sanitation by exclusively using prepared statements and appears to have a clean vulnerability history with no recorded CVEs. The taint analysis also shows no critical or high-severity unsanitized flows, indicating a generally safe handling of data within the analyzed code paths.

However, significant security concerns arise from its attack surface. The plugin exposes six AJAX handlers without any authentication checks, presenting a substantial risk of unauthorized actions or data manipulation. While the overall output escaping rate is reasonably high at 81%, the presence of unescaped outputs, even if not directly tied to a critical taint flow in this analysis, can still lead to cross-site scripting (XSS) vulnerabilities if the data originates from untrusted sources. The limited number of nonces and capability checks, especially in conjunction with unprotected AJAX endpoints, further exacerbates this risk.

In conclusion, while the plugin avoids common pitfalls like raw SQL queries and has no known vulnerabilities, the unprotected AJAX endpoints represent a critical security weakness that requires immediate attention. The lack of robust access control on these entry points is a significant deviation from secure coding practices and could be exploited.

Key Concerns

AJAX handlers without auth checks
Unprotected entry points
Output escaping below 100%

Vulnerabilities

None known

HBAgency Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

HBAgency Release Timeline

v1.0.5Current

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

HBAgency Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

83 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

81% escaped102 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

save_settings (hbagency-ajax-api.php:168)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

HBAgency Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 6

authwp_ajax_hb_registerhbagency-admin.php:20

authwp_ajax_hb_refreshhbagency-admin.php:21

authwp_ajax_hb_reload_placementshbagency-admin.php:22

authwp_ajax_hb_save_placementshbagency-admin.php:23

authwp_ajax_hb_save_settingshbagency-admin.php:24

authwp_ajax_hb_ads_txthbagency-admin.php:25

Shortcodes 1

[hbagency] hbagency.php:48

WordPress Hooks 9

actionadmin_inithbagency-admin.php:18

actionadmin_menuhbagency-admin.php:19

actioninithbagency.php:40

actionwp_headhbagency.php:43

actionwp_headhbagency.php:44

actionwp_headhbagency.php:45

actionwp_footerhbagency.php:46

filterthe_contenthbagency.php:47

actionhbagency_wp_cron_check_for_updateshbagency.php:49

Scheduled Events 1

hbagency_wp_cron_check_for_updates

Maintenance & Trust

HBAgency Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedDec 10, 2024

PHP min version7.3

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs9K

Alternatives

HBAgency Alternatives

Buddypress Ads

buddypress-ads

This plugin will allow you to publish ads throughout your buddypress site.

10 No CVEs

Ads.txt Manager

ads-txt

100

Create, manage, and validate your ads.txt and app-ads.txt from within WordPress, like any other content asset.

100K No CVEs

AdRotate Banner Manager

adrotate

Easily manage, and schedule ads on your WordPress site with AdRotate. Support for Google AdSense, Amazon, and custom banners. Start monetizing today!

20K 9 CVEs

Quads Ads Manager for Google AdSense

quick-adsense-reloaded

Ads & AdSense plugin supporting Media.net, DFP, ads.txt, Web Stories ads, click fraud protection, revenue sharing, and ad blocker detection.

20K 4 CVEs

Website Article Monetization By MageNet

website-article-monetization-by-magenet

100

Get additional income from your website or blog by placing text ads automatically.

20K 1 CVE

Developer Profile

HBAgency Developer Profile

hbagency

1 plugin · 9K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect HBAgency

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hbagency/css/mainx.css/wp-content/plugins/hbagency/js/registration.js/wp-content/plugins/hbagency/js/main-menu.js/wp-content/plugins/hbagency/js/main.js

Script Paths

https://hbagency.it/cdn/tcf2_cmp_hbagency.jshttps://hbagency.it/cdn/stylehb.css

Version Parameters

hbagency/style.css?ver=hbagency/css/mainx.css?ver=hbagency/js/registration.js?ver=hbagency/js/main-menu.js?ver=hbagency/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

hb-ad-statichb-ad-innerHB_Footer_Close_hbagency_space_HB_CLOSE_hbagency_space_HB_OUTER_hbagency_space_hbagency_space_hbagency_space__video

Data Attributes

id="hbagency_space_id="HB_Footer_Close_hbagency_space_id="HB_CLOSE_hbagency_space_id="HB_OUTER_hbagency_space_id="hbagency_space__video

JS Globals

strings_messagesajax_object

REST Endpoints

/wp-json/hb_register/wp-json/hb_refresh/wp-json/hb_reload_placements/wp-json/hb_save_placements/wp-json/hb_save_settings/wp-json/hb_ads_txt

Shortcode Output

<div class='hb-ad-static<div id='hbagency_space_

FAQ