WP-Safety

Opes WP Ads Manager Security & Risk Analysis

wordpress.org/plugins/opes-wp-ads-manager

Opes WP Ads Manager allows you to show advertisements on the website

10 active installs v1.2.0 PHP + WP 3.5.0+ Updated Apr 25, 2015
adadsadvertadvertisementadverts
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Opes WP Ads Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Opes WP Ads Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "opes-wp-ads-manager" plugin v1.2.0 presents a significant security risk primarily due to its unprotected AJAX endpoints. With all 9 identified AJAX handlers lacking authentication checks, an unauthenticated attacker could potentially trigger arbitrary actions within the plugin, leading to a compromise of the WordPress site. The presence of the `unserialize` function, a known source of remote code execution vulnerabilities when handling untrusted data, further exacerbates this risk. While the plugin has no recorded vulnerability history or external HTTP requests, its lack of input sanitization and output escaping on a substantial portion of its outputs, coupled with all SQL queries being susceptible to injection attacks due to the absence of prepared statements, indicates a general lack of robust security practices.

The static analysis reveals critical weaknesses in its attack surface management and data handling. The absence of proper nonce and capability checks on the AJAX endpoints means that any user, even an anonymous one, could potentially interact with these functions. The lack of prepared statements for all SQL queries opens the door to SQL injection, which can lead to data theft, modification, or even complete database compromise. The low percentage of properly escaped outputs suggests that cross-site scripting (XSS) vulnerabilities are also a distinct possibility. Given these findings, the overall security posture is poor, and immediate remediation is strongly advised.

Key Concerns

  • Unprotected AJAX handlers
  • SQL queries without prepared statements
  • Low output escaping percentage
  • Unsanitized 'unserialize' function
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

Opes WP Ads Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Opes WP Ads Manager Code Analysis

Dangerous Functions
2
Raw SQL Queries
2
0 prepared
Unescaped Output
34
8 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$updated_ad_sizes = unserialize( $updated_ad_sizes_Res->option_value );inc\admin\controller\12-ajax-ToLoad.php:337
unserialize$updated_positions_widgets = unserialize( $updated_positions_widgets_Res->option_value );inc\admin\controller\12-ajax-ToLoad.php:439

SQL Query Safety

0% prepared2 total queries

Output Escaping

19% escaped42 total outputs
Attack Surface
9 unprotected

Opes WP Ads Manager Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 9

authwp_ajax_update_advert_stateinc\admin\controller\12-ajax-ToLoad.php:9
authwp_ajax_get_ads_on_positioninc\admin\controller\12-ajax-ToLoad.php:11
authwp_ajax_update_position_widgetinc\admin\controller\12-ajax-ToLoad.php:13
authwp_ajax_update_ad_sizeinc\admin\controller\12-ajax-ToLoad.php:15
authwp_ajax_delete_position_widgetinc\admin\controller\12-ajax-ToLoad.php:17
authwp_ajax_delete_ad_sizeinc\admin\controller\12-ajax-ToLoad.php:19
authwp_ajax_set_admin_column_sizeinc\admin\controller\12-ajax-ToLoad.php:21
authwp_ajax_clicks_counterinc\admin\controller\12-ajax-ToLoad.php:23
noprivwp_ajax_clicks_counterinc\admin\controller\12-ajax-ToLoad.php:24
WordPress Hooks 19
actionplugins_loadedconf.php:3
actionadmin_enqueue_scriptsinc\admin\admin.class.php:30
actionadd_meta_boxesinc\admin\controller\2-Ad-Metaboxes-ToLoad.php:8
actionsave_postinc\admin\controller\2-Ad-Metaboxes-ToLoad.php:10
actionsave_postinc\admin\controller\2-Ad-Metaboxes-ToLoad.php:11
actionadmin_menuinc\admin\controller\4-adminOptionsPanel-ToLoad.php:26
actionadmin_initinc\admin\controller\4-adminOptionsPanel-ToLoad.php:28
actioninitinc\admin\controller\8-Add-Images-Sizes-ToLoad.php:10
filterimage_size_names_chooseinc\admin\controller\8-Add-Images-Sizes-ToLoad.php:11
actionadmin_enqueue_scriptsinc\common\common.class.php:31
actionwp_enqueue_scriptsinc\common\common.class.php:33
actionadmin_noticesinc\common\controller\1-restictions-ToLoad.php:22
actionwidgets_initinc\common\controller\2-add_Widgets-ToLoad.php:20
actioninitinc\common\controller\3-register-Ads-As-PostType-ToLoad.php:10
actionwp_enqueue_scriptsinc\front\front.class.php:30
actionadmin_enqueue_scriptsinc\main.class.php:39
actionadmin_enqueue_scriptsinc\main.class.php:40
actionwp_enqueue_scriptsinc\main.class.php:48
actionwp_enqueue_scriptsinc\main.class.php:49
Maintenance & Trust

Opes WP Ads Manager Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.0
Last updatedApr 25, 2015
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Opes WP Ads Manager Alternatives

AutoAds Premiere

AutoAds Premiere

autoads-premiere

A
100

AutoAds Premiere allows you to quickly display advertisements on your website.

10 No CVEs
WP125

WP125

wp125

B
83

Easy management of 125x125 ads on your blog. Ads can be run for a specified number of days, and will automatically be taken down. Track clicks too.

3K 2 CVEs
Easy Google Adsense and Banner Ads Manager – AdsforWP

Easy Google Adsense and Banner Ads Manager – AdsforWP

ads-for-wp

A
97

AdsforWP is an Google Ads & Banner ads plugin built for WordPress & AMP. Easy to Use, Unlimited Incontent Ads, Adsense, Premium Features and more.

2K 3 CVEs
Master Post Advert

Master Post Advert

master-post-advert

A
85

Display advertising between the introduction and post content.

1K No CVEs
Random Banner

Random Banner

random-banner

C
54

Display random image, SWF, or script ads across your WordPress site with this powerful, customizable, and user-friendly Random Banner plugin.

1K 2 unpatched
Developer Profile

Opes WP Ads Manager Developer Profile

twapaw

2 plugins · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Opes WP Ads Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/opes-wp-ads-manager/inc/common/assets/css/jquery.dataTables.min.css/wp-content/plugins/opes-wp-ads-manager/inc/common/assets/css/opes-ads-manager.css/wp-content/plugins/opes-wp-ads-manager/inc/common/assets/css/opes-ads-manager-datatable.css/wp-content/plugins/opes-wp-ads-manager/inc/common/assets/js/jquery.dataTables.min.js/wp-content/plugins/opes-wp-ads-manager/inc/common/assets/js/opes-ads-manager.js/wp-content/plugins/opes-wp-ads-manager/inc/front/assets/js/opes-ads-manager-front.js
Script Paths
/wp-content/plugins/opes-wp-ads-manager/inc/common/assets/js/jquery.dataTables.min.js/wp-content/plugins/opes-wp-ads-manager/inc/common/assets/js/opes-ads-manager.js/wp-content/plugins/opes-wp-ads-manager/inc/front/assets/js/opes-ads-manager-front.js
Version Parameters
opes-wp-ads-manager/inc/common/assets/css/jquery.dataTables.min.css?ver=opes-wp-ads-manager/inc/common/assets/css/opes-ads-manager.css?ver=opes-wp-ads-manager/inc/common/assets/css/opes-ads-manager-datatable.css?ver=opes-wp-ads-manager/inc/common/assets/js/jquery.dataTables.min.js?ver=opes-wp-ads-manager/inc/common/assets/js/opes-ads-manager.js?ver=opes-wp-ads-manager/inc/front/assets/js/opes-ads-manager-front.js?ver=

HTML / DOM Fingerprints

CSS Classes
opes-ads-manager-datatable
JS Globals
opes_ads_manager_data
FAQ

Frequently Asked Questions about Opes WP Ads Manager