Does iMoney have any unpatched vulnerabilities?

Yes — iMoney currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is iMoney compatible with WordPress 3.4.2?

According to WordPress.org data, iMoney 0.36 (01-08-2012) has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is iMoney updated?

iMoney was last updated on Aug 1, 2012. Frequent updates are generally a positive security signal.

What is iMoney's security score?

iMoney has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iMoney Security & Risk Analysis

wordpress.org/plugins/imoney

Plugin iMoney is meant for monetize your blog using Adsense, sape.ru, tnx.net and other systems.

100 active installs v0.36 (01-08-2012) PHP + WP 2.3+ Updated Aug 1, 2012

automaticlinklinksseowidget

C · Use Caution

CVEs total1

Unpatched1

Last CVEFeb 11, 2026

Plugin page Download

Safety Verdict

Is iMoney Safe to Use in 2026?

Use With Caution

Score 63/100

iMoney has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Feb 11, 2026Updated 13yr ago

Risk Assessment

The "imoney" plugin version 0.36, released in 2012, exhibits several concerning security weaknesses despite some positive attributes. While it features 100% prepared SQL statements and avoids common attack vectors like AJAX, REST API, and shortcodes without authorization, its static analysis reveals significant red flags. The presence of 12 dangerous "unserialize" functions is a major concern, as this function is notoriously susceptible to remote code execution if used with untrusted input. Furthermore, the plugin suffers from extremely poor output escaping, with only 14% of outputs properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis confirms this, highlighting a high severity flow with unsanitized paths.

The vulnerability history further reinforces these concerns. The plugin has a known CVE, which remains unpatched, specifically a medium severity Cross-Site Scripting vulnerability. The fact that the last vulnerability was recorded in 2026 suggests a lack of ongoing security maintenance and an outdated security posture. The absence of any nonce checks or capability checks on the identified entry points (though few exist) means that even minor vulnerabilities could be exploited more easily. While the plugin's minimal attack surface is a minor strength, the combination of dangerous function usage, poor output escaping, and unpatched historical vulnerabilities makes this plugin a significant security risk.

Key Concerns

Unpatched CVE exists
High severity taint flow
Dangerous function 'unserialize' used
Low percentage of output escaping
No nonce checks
No capability checks

Vulnerabilities

iMoney Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-69392medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iMoney <= 0.36 - Reflected Cross-Site Scripting

Feb 11, 2026Unpatched

Code Analysis

Analyzed Mar 16, 2026

iMoney Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

371

59 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize@unserialize($data) == falseitex_imoney_datafiles.php:375

unserialize$hash = @unserialize($data);itex_imoney_datafiles.php:393

unserialize$this->set_data(@unserialize($data));itex_imoney_datafiles.php:423

unserialize$this->_data['templates'] = unserialize($this->_read($index_file));itex_imoney_datafiles.php:1464

unserializeif (@unserialize($links) !== false) {itex_imoney_datafiles.php:1848

unserialize} else if (!$this->tl_links = @unserialize($links)) {itex_imoney_datafiles.php:1874

unserialize(isset($_COOKIE['getbase'])?"\nCache:\n<ml_base>".var_export(@unserialize($this->_Read()),true)."</mitex_imoney_datafiles.php:3030

unserializeif($is_cache_file)$content=@unserialize($this->_Read());itex_imoney_datafiles.php:3109

unserialize$content=@unserialize($data);itex_imoney_datafiles.php:3113

unserialize}elseif($is_cache_file)$content=@unserialize($this->_Read());itex_imoney_datafiles.php:3116

unserialize} else if (@unserialize($links) !== false) {itex_imoney_datafiles.php:3779

unserialize} else if (!$this->lc_links = @unserialize($links)) {itex_imoney_datafiles.php:3793

Output Escaping

14% escaped430 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

itex_m_widget_dynamic_control (iMoney.php:2138)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

iMoney Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionwidgets_initiMoney.php:175

actionadmin_menuiMoney.php:177

actionwp_footeriMoney.php:178

actionwp_footeriMoney.php:456

filterthe_contentiMoney.php:466

filterthe_excerptiMoney.php:467

filterthe_contentiMoney.php:654

filterthe_excerptiMoney.php:655

actionwpiMoney.php:710

actionwp_headiMoney.php:894

filterthe_contentiMoney.php:1945

Maintenance & Trust

iMoney Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedAug 1, 2012

PHP min version

Downloads46K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

iMoney Alternatives

iSape

isape

100 1 unpatched

Uptopromo Publisher Indonesia

uptopromo-publisher-indonesia

Plugin UpToPromo untuk Publisher di Indonesia membantu menginstal kode PHP untuk slot iklan UpToPromo pada situs Wordpress hanya dengan 3 klik saja.

10 No CVEs

Internal Link Juicer: SEO Auto Linker for WordPress

internal-links

Improve your SEO and your user experience through internal linkbuilding. Automated links between your posts based on a smart keyword configuration.

90K 2 CVEs

Autolinks Manager – SEO Auto Linker

daext-autolinks-manager

100

Automate your affiliate links, increase product page visits, link glossary keywords, and more with this advanced SEO auto-linker plugin.

2K 1 CVE

Automatic Internal Links for SEO by Pagup

automatic-internal-links-for-seo

This fully automated plugin creates and boosts your internal linking in 2 clicks, using Yoast / Rank Math Focus keywords as anchor text for internal l …

1K 1 CVE

Developer Profile

iMoney Developer Profile

LitExtension

6 plugins · 3K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect iMoney

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/imoney/imoney.css/wp-content/plugins/imoney/imoney.js

Script Paths

/wp-content/plugins/imoney/imoney.js

Version Parameters

imoney/imoney.css?ver=imoney/imoney.js?ver=

HTML / DOM Fingerprints

JS Globals

itex_money

FAQ