Does WP125 have any unpatched vulnerabilities?

No. All known vulnerabilities in WP125 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP125 compatible with WordPress 5.8.13?

According to WordPress.org data, WP125 1.5.5 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is WP125 updated?

WP125 was last updated on Dec 23, 2021. Frequent updates are generally a positive security signal.

What is WP125's security score?

WP125 has a WP-Safety security score of 83/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP125 Security & Risk Analysis

wordpress.org/plugins/wp125

Easy management of 125x125 ads on your blog. Ads can be run for a specified number of days, and will automatically be taken down. Track clicks too.

3K active installs v1.5.5 PHP + WP 2.8+ Updated Dec 23, 2021

125x125adsadvertisementmanagement

B · Generally Safe

CVEs total2

Unpatched0

Last CVEDec 23, 2021

Plugin page Download

Safety Verdict

Is WP125 Safe to Use in 2026?

Mostly Safe

Score 83/100

WP125 is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved. Keep it updated.

2 known CVEsLast CVE: Dec 23, 2021Updated 4yr ago

Risk Assessment

The wp125 plugin v1.5.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices in avoiding dangerous functions, file operations, and external HTTP requests. The plugin also incorporates a reasonable number of nonce and capability checks, suggesting an effort to implement security measures. However, concerns arise from the taint analysis, which identified two flows with unsanitized paths carrying a high severity risk. These flows represent a significant potential entry point for malicious data injection or manipulation, even if they are not directly exposed through common attack vectors like AJAX or REST API endpoints. The vulnerability history reveals two known high-severity CVEs, both related to Cross-Site Request Forgery (CSRF). While currently unpatched vulnerabilities are zero, the recurring nature of CSRF suggests potential weaknesses in input validation or state-changing operation protection, which could be exacerbated by the unsanitized paths identified in the static analysis. Overall, while the plugin avoids many common pitfalls, the presence of high-severity taint flows and a history of CSRF vulnerabilities indicate areas that require immediate attention to mitigate risk.

Key Concerns

High severity unsanitized taint flows
History of high severity CVEs (CSRF)
SQL queries not using prepared statements
Output escaping not consistently applied

Vulnerabilities

WP125 Security Vulnerabilities

CVEs by Year

1 CVE in 2013

2013

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

High

2 total CVEs

CVE-2021-25073high · 8.8Cross-Site Request Forgery (CSRF)

WP125 <= 1.5.4 - Cross-Site Request Forgery to Arbitrary Ad Deletion

Dec 23, 2021 Patched in 1.5.5 (761d)

CVE-2013-2700high · 8.8Cross-Site Request Forgery (CSRF)

WP125 <= 1.4.9 - Cross-Site Request Forgery

Mar 26, 2013 Patched in 1.5.0 (3955d)

Code Analysis

Analyzed Mar 16, 2026

WP125 Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

116 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

79% prepared33 total queries

Output Escaping

79% escaped147 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

wp125_write_managemenu (adminmenus.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP125 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_enqueue_scriptsadminmenus.php:14

actionwp_dashboard_setupadminmenus.php:424

actioninitcalendar.php:34

actioninitwp125.php:22

actionwp_enqueue_scriptswp125.php:48

filterfavorite_actionswp125.php:248

actionwidgets_initwp125.php:252

actionadmin_menuwp125.php:253

actionwp125classic_cron_ad_expirywp125.php:258

Scheduled Events 1

wp125classic_cron_ad_expiry

Maintenance & Trust

WP125 Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedDec 23, 2021

PHP min version

Downloads684K

Community Trust

Rating80/100

Number of ratings16

Active installs3K

Alternatives

WP125 Alternatives

MyADManager

myadmanager

Manages 125x125 ADs.Automatic activation and deactivation of ads.Ads can bought directly,accepts payments via Paypal.No middle men required.

10 No CVEs

Podamibe Advertisement Management

podamibe-advertisement-management

A perfect plugin to show your ads in bulk and individually. You can place your ad any where of your site wherever it is appropriate.

30 No CVEs

Popup Ads Management

popup-ads-management

100

Popup Ads Management plugin helps you to save your advertisement script category wise and let them show to specifica category post and category page.

10 No CVEs

Tracking Code Manager

tracking-code-manager

A plugin to manage ALL of your tracking code and conversion pixels. Compatible with Facebook Ads, Google Adwords, WooCommerce, Easy Digital Downloads, …

100K 6 CVEs

CubeWP Forms

cubewp-forms

CubeWP Forms is a 100% free drag-and-drop builder for creating contact forms, lead gen forms, appointment request forms, and newsletter signup forms.

4K 1 unpatched

Developer Profile

WP125 Developer Profile

redwallhp

2 plugins · 3K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

2358 days

View full developer profile

Detection Fingerprints

How We Detect WP125

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp125/wp125.css

HTML / DOM Fingerprints

CSS Classes

wp125adwp125adwrap_1cwp125adwrap_2cwp125clearfix

Data Attributes

id="wp125adwrap_1c"id="wp125adwrap_2c"class="wp125clearfix"

FAQ