WP-Safety

Monetag Official Plugin Security & Risk Analysis

wordpress.org/plugins/monetag-official

This plugin enables WordPress site owners (Publishers) to easily integrate and manage Monetag ad codes to increase revenue from their sites.

5K active installs v1.1.3 PHP + WP 3.0.1+ Updated Oct 2, 2024
adsadservingadvertmonetizationmonetize
48
D · High Risk
CVEs total2
Unpatched2
Last CVEJan 23, 2026
Plugin page Download
Safety Verdict

Is Monetag Official Plugin Safe to Use in 2026?

High Risk

Score 48/100

Monetag Official Plugin carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Jan 23, 2026Updated 1yr ago
Risk Assessment

The Monetag Official plugin exhibits a concerning security posture primarily due to a significant number of unprotected entry points and a history of unpatched vulnerabilities. The static analysis reveals 4 AJAX handlers, all of which lack proper authentication checks. This creates a substantial attack surface where unauthenticated users could potentially trigger unintended actions. Additionally, the presence of the `unserialize` function is a red flag, as it can lead to object injection vulnerabilities if not handled with extreme care and proper sanitization, although the taint analysis did not reveal any critical or high severity flows related to this.

Key Concerns

  • Unprotected AJAX handlers (4)
  • Missing nonce checks
  • Missing capability checks
  • Unpatched CVEs (2 medium)
  • Dangerous function: unserialize
  • Flows with unsanitized paths (4)
Vulnerabilities
2

Monetag Official Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-24551medium · 4.3Missing Authorization

Monetag Official <= 1.1.3 - Missing Authorization

Jan 23, 2026Unpatched
CVE-2024-52500medium · 5.3Missing Authorization

Monetag Official Plugin <= 1.1.3 - Missing Authorization

Jan 29, 2025Unpatched
Code Analysis
Analyzed Mar 17, 2026

Monetag Official Plugin Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
6
43 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = @unserialize($data_raw, array(includes\class-ads-anti-adblock.php:124
unserialize$data = @unserialize($data_raw);includes\class-ads-anti-adblock.php:128

Output Escaping

88% escaped49 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
ajax_action_create_zone (admin\class-ads-admin.php:253)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Monetag Official Plugin Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_update_logged_in_disabledincludes\class-ads.php:112
authwp_ajax_update_zone_id_optionincludes\class-ads.php:113
authwp_ajax_update_zone_enabled_optionincludes\class-ads.php:114
authwp_ajax_create_zoneincludes\class-ads.php:115
WordPress Hooks 18
actionplugins_loadedincludes\class-ads.php:90
actionadmin_initincludes\class-ads.php:101
actionadmin_enqueue_scriptsincludes\class-ads.php:102
actionadmin_enqueue_scriptsincludes\class-ads.php:103
actionadmin_menuincludes\class-ads.php:104
actionadmin_initincludes\class-ads.php:105
actionadmin_initincludes\class-ads.php:106
actionadmin_initincludes\class-ads.php:107
actionadmin_initincludes\class-ads.php:108
actionadmin_headincludes\class-ads.php:109
actionadmin_footerincludes\class-ads.php:110
actionadd_option_Ads_nativeads_zone_idincludes\class-ads.php:117
actionupdate_option_Ads_general_tokenincludes\class-ads.php:118
actionupdate_option_Ads_nativeads_zone_idincludes\class-ads.php:119
actionin_plugin_update_message-ads/ads.phpincludes\class-ads.php:120
filterwp_headincludes\class-ads.php:152
filterwp_footerincludes\class-ads.php:153
actionwp_enqueue_scriptsincludes\class-ads.php:155
Maintenance & Trust

Monetag Official Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 2, 2024
PHP min version
Downloads117K

Community Trust

Rating50/100
Number of ratings13
Active installs5K
Alternatives

Monetag Official Plugin Alternatives

Website Article Monetization By MageNet

Website Article Monetization By MageNet

website-article-monetization-by-magenet

A
100

Get additional income from your website or blog by placing text ads automatically.

20K 1 CVE
Website Monetization by MageNet

Website Monetization by MageNet

website-monetization-by-magenet

A
100

Get additional income from your website or blog by placing text ads automatically.

20K 1 CVE
HBAgency

HBAgency

hbagency

A
92

Effortlessly integrate HBAgency on your website with our official plugin. Insert ads.txt, manage placements, and integrate our script seamlessly.

9K No CVEs
Actirise — Advertising & Monetization

Actirise — Advertising & Monetization

actirise

A
100

Premium advertising solution to grow your WordPress site revenue with no code and real-time insights.

200 No CVEs
CM Ad Changer – A simple tool to control and optimize your site's banners

CM Ad Changer – A simple tool to control and optimize your site's banners

cm-ad-changer

A
96

Manage banner ad campaigns with the WordPress ad management plugin. Display ads via shortcodes or widgets and control how banners rotate.

100 3 CVEs
Developer Profile

Monetag Official Plugin Developer Profile

monetagwp

1 plugin · 5K total installs

58
trust score
Avg Security Score
48/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Monetag Official Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/monetag-official/js/ads-admin.js/wp-content/plugins/monetag-official/css/ads-admin.css
Script Paths
/wp-content/plugins/monetag-official/js/ads-admin.js
Version Parameters
monetag-official/css/ads-admin.css?ver=monetag-official/js/ads-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- SSP domain for getting Anti AdBlock token --><!-- URLs section --><!-- The ID of this plugin. --><!-- The current version of this plugin. -->+19 more
Data Attributes
data-setting-id="logged_in_disabled"data-setting-id="token"data-setting-id="enabled"data-setting-id="zone_id"
JS Globals
monetag_ads_adminmonetag_token_urlmonetag_plugin_urlmonetag_zone_data
REST Endpoints
/wp-json/monetag/v1/publisher_site
FAQ

Frequently Asked Questions about Monetag Official Plugin