Does Setupad WP Ads have any unpatched vulnerabilities?

No. All known vulnerabilities in Setupad WP Ads have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Setupad WP Ads compatible with WordPress 6.6.5?

According to WordPress.org data, Setupad WP Ads 1.6.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Setupad WP Ads compatible with PHP 5.6+?

Setupad WP Ads requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Setupad WP Ads updated?

Setupad WP Ads was last updated on Dec 5, 2024. Frequent updates are generally a positive security signal.

What is Setupad WP Ads's security score?

Setupad WP Ads has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Setupad WP Ads Security Review — Score 92/100 (safe)

Safety Verdict

Is Setupad WP Ads Safe to Use in 2026?

Generally Safe

Score 92/100

Setupad WP Ads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The setupad plugin v1.6.2 exhibits a mixed security posture. While it demonstrates good practices by extensively using prepared statements for SQL queries and properly escaping a high percentage of output, there are notable areas of concern. The presence of AJAX handlers without authentication checks is a significant vulnerability that could allow unauthorized users to trigger plugin functionality. Furthermore, the taint analysis reveals a concerning number of flows with unsanitized paths, including 5 classified as high severity. This suggests a potential for attackers to manipulate input that could lead to unintended code execution or data leakage.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator and suggests that the developers have historically maintained a secure codebase. However, the static analysis results, particularly the taint analysis and unprotected AJAX endpoints, highlight potential weaknesses that may not have been exploited or discovered previously. The low number of capability checks also indicates a reliance on other security mechanisms or potentially a smaller feature set that doesn't require granular permissions.

In conclusion, while the setupad plugin benefits from a strong track record and good output sanitization, the identified unprotected AJAX endpoints and critical taint flows present a tangible risk. It is recommended that these areas be addressed promptly to further enhance the plugin's security.

Key Concerns

AJAX handlers without auth checks
High severity taint flows (5)
Flows with unsanitized paths (7)
Low number of capability checks

Vulnerabilities

None known

Setupad WP Ads Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Setupad WP Ads Code Analysis

Dangerous Functions

0

Raw SQL Queries

1

86 prepared

Unescaped Output

50

333 escaped

Nonce Checks

11

Capability Checks

1

File Operations

2

External Requests

0

Bundled Libraries

0

SQL Query Safety

99% prepared87 total queries

Output Escaping

87% escaped383 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

14 flows7 with unsanitized paths

setupad_my_ads_tab (admin\includes\tabs\my-ads-tab.php:3)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Setupad WP Ads Attack Surface

Entry Points6

Unprotected2

AJAX Handlers 4

authwp_ajax_update_ad_statusadmin\includes\tabs\my-ads-tab.php:44

authwp_ajax_return_related_previewadmin\includes\tabs\related-posts-tab.php:46

authwp_ajax_setupad_review_notice_latersetupad.php:115

authwp_ajax_setupad_review_notice_dismisssetupad.php:116

Shortcodes 2

[setup_ad] public\includes\add-setupad-shortcode.php:19

[setupad] public\includes\add-setupad-shortcode.php:36

WordPress Hooks 22

actionadmin_menuadmin\includes\navigation\admin-menu.php:23

actionloop_endpublic\includes\ad-placement\after-post.php:20

filterthe_excerptpublic\includes\ad-placement\before-after-excerpt.php:48

actionwp_footerpublic\includes\ad-placement\before-after-html.php:57

actionloop_startpublic\includes\ad-placement\before-post.php:21

actionthe_postpublic\includes\ad-placement\between-posts.php:49

filterwp_list_comments_argspublic\includes\ad-placement\in-comments.php:21

filtercomments_arraypublic\includes\ad-placement\in-comments.php:37

actionwp_footerpublic\includes\ad-placement\in-footer.php:20

actionwp_headpublic\includes\ad-placement\in-header.php:20

actiondynamic_sidebar_afterpublic\includes\ad-placement\sidebar-bottom.php:18

actiondynamic_sidebar_beforepublic\includes\ad-placement\sidebar-top.php:19

filterthe_contentpublic\includes\ad-placement\the-content.php:38

actioninitpublic\includes\ads-txt.php:18

actionwp_footerpublic\includes\header-footer-insertion\footer-content.php:12

actionwp_headpublic\includes\header-footer-insertion\header-content.php:15

filterthe_contentpublic\includes\related-posts.php:121

actionadmin_enqueue_scriptssetupad.php:94

filtersafe_style_csssetupad.php:95

actionadmin_noticessetupad.php:124

actionwp_enqueue_scriptssetupad.php:177

actionplugins_loadedsetupad.php:209

Maintenance & Trust

Setupad WP Ads Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedDec 5, 2024

PHP min version5.6

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Setupad WP Ads Alternatives

RedPic ADS Manager Lite

rp-ads-manager

A

85

JS/HTML ads block manager. Allows you to create and insert blocks of code anywhere on the blog.

40 No CVEs

Ad Inserter – Ad Manager & AdSense Ads

ad-inserter

A

88

Manage Google AdSense ads, banners, ad rotation, sticky widgets, AMP ads, ads.txt, tracking, header and footer code, PHP code, global custom fields

300K 12 CVEs

Ads.txt Manager

ads-txt

A

100

Create, manage, and validate your ads.txt and app-ads.txt from within WordPress, like any other content asset.

100K No CVEs

Advanced Ads – Ad Manager & AdSense

advanced-ads

A

88

The only complete toolkit for all ad types. Grow your revenue with AdSense, Amazon—or any affiliate network. Get pinpoint targeting and best support!

100K 8 CVEs

AdRotate Banner Manager

adrotate

A

88

Easily manage, and schedule ads on your WordPress site with AdRotate. Support for Google AdSense, Amazon, and custom banners. Start monetizing today!

20K 9 CVEs

Developer Profile

Setupad WP Ads Developer Profile

Setupad

1 plugin · 100 total installs

88

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Setupad WP Ads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/setupad/admin/assets/js/setupad-notice-ajax.js/wp-content/plugins/setupad/admin/assets/css/custom.css/wp-content/plugins/setupad/admin/assets/js/setupad.js/wp-content/plugins/setupad/admin/includes/ace/ace.js/wp-content/plugins/setupad/admin/assets/js/setupad-my-ads-tab-ajax.js/wp-content/plugins/setupad/admin/assets/js/setupad-related-posts-ajax.js/wp-content/plugins/setupad/admin/assets/js/setupad-related-posts-tab.js/wp-content/plugins/setupad/admin/assets/js/setupad-header-footer-tab.js+2 more

Version Parameters

setupad-notice-ajax?ver=custom.css?ver=setupad.js?ver=ace.js?ver=setupad-my-ads-tab-ajax?ver=setupad-related-posts-ajax?ver=setupad-related-posts-tab?ver=setupad-header-footer-tab?ver=setupad-create-ad-unit-tab?ver=setupad-settings-tab?ver=

HTML / DOM Fingerprints

JS Globals

setupad_notice_ajax_objectsetupad_ajax_object

FAQ

Setupad WP Ads Security & Risk Analysis