WP-Safety

WP AdCenter – Ad Manager & Adsense Ads Security & Risk Analysis

wordpress.org/plugins/wpadcenter

Manage AdSense, Amazon Ads, Media.net, banner ads, sticky widgets, AMP ads, DFP, tracking, header and footer code, location-specific ads, random ads & …

1K active installs v2.6.1 PHP 5.6+ WP 5.0+ Updated Jun 24, 2025
ad-inserterad-managerad-rotatoradsadsense
72
B · Generally Safe
CVEs total5
Unpatched1
Last CVEOct 22, 2025
Plugin page Download
Safety Verdict

Is WP AdCenter – Ad Manager & Adsense Ads Safe to Use in 2026?

Mostly Safe

Score 72/100

WP AdCenter – Ad Manager & Adsense Ads is generally safe to use. 5 past CVEs were resolved. Keep it updated.

5 known CVEs 1 unpatched Last CVE: Oct 22, 2025Updated 9mo ago
Risk Assessment

The "wpadcenter" plugin v2.6.1 exhibits a mixed security posture. While it demonstrates good practices in areas like using prepared statements for SQL queries (97%) and implementing nonce checks (30) and capability checks (21), significant concerns arise from its attack surface and vulnerability history. A substantial 19 out of 22 AJAX handlers lack authentication checks, presenting a broad entry point for potential attackers to exploit. The taint analysis, though limited in scope, did reveal one flow with an unsanitized path, which could be a vector for vulnerabilities if not properly handled. The plugin's history of 5 known CVEs, with one still unpatched and all being medium severity, strongly indicates recurring security weaknesses, particularly related to Cross-Site Scripting. This pattern suggests that past vulnerabilities have not been entirely remediated or that new ones are being introduced over time. Therefore, despite some positive security implementations, the significant number of unprotected AJAX endpoints combined with a history of unpatched vulnerabilities necessitates caution.

Key Concerns

  • Unprotected AJAX handlers
  • Unpatched CVE
  • Flow with unsanitized path
  • Medium severity CVE history (5 total)
Vulnerabilities
5

WP AdCenter – Ad Manager & Adsense Ads Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
3 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-62984medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP AdCenter <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 22, 2025Unpatched
CVE-2025-53278medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP AdCenter <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 27, 2025 Patched in 2.6.1 (6d)
CVE-2025-31860medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP AdCenter <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025 Patched in 2.5.9 (30d)
CVE-2024-10113medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP AdCenter – Ad Manager & Adsense Ads <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode

Nov 14, 2024 Patched in 2.5.8 (11d)
CVE-2024-8317medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP AdCenter – Ad Manager & Adsense Ads <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_alignment Attribute

Sep 5, 2024 Patched in 2.5.7 (1d)
Code Analysis
Analyzed Mar 16, 2026

WP AdCenter – Ad Manager & Adsense Ads Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
36 prepared
Unescaped Output
98
420 escaped
Nonce Checks
30
Capability Checks
21
File Operations
2
External Requests
8
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

97% prepared37 total queries

Output Escaping

81% escaped518 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
wpadcenter_ad_created_admin_notice (admin\class-wpadcenter-admin.php:459)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
19 unprotected

WP AdCenter – Ad Manager & Adsense Ads Attack Surface

Entry Points25
Unprotected19

AJAX Handlers 22

authwp_ajax_adsense_load_adcodeadmin\class-wpadcenter-admin.php:70
authwp_ajax_adsense_confirm_codeincludes\class-wpadcenter-adsense.php:76
authwp_ajax_adsense_remove_authenticationincludes\class-wpadcenter-adsense.php:77
authwp_ajax_check_ads_txt_problemsincludes\class-wpadcenter.php:215
authwp_ajax_check_ads_txt_replaceincludes\class-wpadcenter.php:216
authwp_ajax_selected_adgroup_reportsincludes\class-wpadcenter.php:224
authwp_ajax_selected_ad_reportsincludes\class-wpadcenter.php:225
authwp_ajax_selected_test_reportincludes\class-wpadcenter.php:226
authwp_ajax_get_rolesincludes\class-wpadcenter.php:227
authwp_ajax_get_adgroupsincludes\class-wpadcenter.php:228
authwp_ajax_get_testsincludes\class-wpadcenter.php:229
authwp_ajax_get_placementsincludes\class-wpadcenter.php:230
authwp_ajax_get_adsincludes\class-wpadcenter.php:231
authwp_ajax_wpadcenter_adgroup_gutenberg_previewincludes\class-wpadcenter.php:240
authwp_ajax_save_settingsincludes\class-wpadcenter.php:241
authwp_ajax_wpadcenter_singlead_gutenberg_previewincludes\class-wpadcenter.php:242
authwp_ajax_wpadcenter_adtypes_gutenberg_previewincludes\class-wpadcenter.php:243
authwp_ajax_wpadcenter_random_ad_gutenberg_previewincludes\class-wpadcenter.php:247
authwp_ajax_wpadcenter_pro_display_amp_warningincludes\class-wpadcenter.php:248
authwp_ajax_upload_html5_fileincludes\class-wpadcenter.php:254
authwp_ajax_set_clicksincludes\class-wpadcenter.php:277
noprivwp_ajax_set_clicksincludes\class-wpadcenter.php:278

Shortcodes 3

[wpadcenter_ad] public\class-wpadcenter-public.php:65
[wpadcenter_adgroup] public\class-wpadcenter-public.php:68
[wpadcenter_random_ad] public\class-wpadcenter-public.php:71
WordPress Hooks 49
actionrequests-requests.before_redirectadmin\class-wpadcenter-admin.php:1401
actionadmin_enqueue_scriptsincludes\class-wpadcenter-single-ad-widget.php:32
actionelementor/editor/before_enqueue_scriptsincludes\class-wpadcenter.php:91
actionplugins_loadedincludes\class-wpadcenter.php:191
actionadmin_initincludes\class-wpadcenter.php:205
actionwpadcenter_monthly_cronincludes\class-wpadcenter.php:206
actionadmin_enqueue_scriptsincludes\class-wpadcenter.php:207
actionadmin_enqueue_scriptsincludes\class-wpadcenter.php:208
actioninitincludes\class-wpadcenter.php:209
actioninitincludes\class-wpadcenter.php:210
actionadmin_menuincludes\class-wpadcenter.php:211
actionmanage_edit-wpadcenter-ads_columnsincludes\class-wpadcenter.php:212
actionmanage_edit-wpadcenter-adgroups_columnsincludes\class-wpadcenter.php:213
filterwpadcenter_after_save_settingsincludes\class-wpadcenter.php:217
actionedit_form_after_titleincludes\class-wpadcenter.php:218
actionadd_meta_boxes_wpadcenter-adsincludes\class-wpadcenter.php:219
actionsave_postincludes\class-wpadcenter.php:220
actionpost_submitbox_startincludes\class-wpadcenter.php:221
filtermanage_wpadcenter-ads_posts_custom_columnincludes\class-wpadcenter.php:222
filtermanage_wpadcenter-adgroups_custom_columnincludes\class-wpadcenter.php:223
actionadmin_post_export_csvincludes\class-wpadcenter.php:232
filterstyle_loader_srcincludes\class-wpadcenter.php:233
filterprint_styles_arrayincludes\class-wpadcenter.php:234
actionwidgets_initincludes\class-wpadcenter.php:235
actioninitincludes\class-wpadcenter.php:236
filterblock_categories_allincludes\class-wpadcenter.php:237
actionrest_api_initincludes\class-wpadcenter.php:238
actionadmin_headincludes\class-wpadcenter.php:239
filterpost_row_actionsincludes\class-wpadcenter.php:244
actionrestrict_manage_postsincludes\class-wpadcenter.php:245
filterparse_queryincludes\class-wpadcenter.php:246
actionadmin_footerincludes\class-wpadcenter.php:249
actionadmin_noticesincludes\class-wpadcenter.php:250
actionadmin_initincludes\class-wpadcenter.php:251
actionrest_endpointsincludes\class-wpadcenter.php:252
actionadmin_noticesincludes\class-wpadcenter.php:253
actionbefore_delete_postincludes\class-wpadcenter.php:255
actionadmin_noticesincludes\class-wpadcenter.php:256
actionadmin_initincludes\class-wpadcenter.php:257
filterrest_wpadcenter-adgroups_queryincludes\class-wpadcenter.php:258
actionadmin_initincludes\class-wpadcenter.php:259
actionwp_enqueue_scriptsincludes\class-wpadcenter.php:273
actionwp_enqueue_scriptsincludes\class-wpadcenter.php:274
actioninitincludes\class-wpadcenter.php:275
actionenqueue_block_editor_assetsincludes\class-wpadcenter.php:279
actionplugins_loadedincludes\elementor\class-wpadcenter-elementor-widgets.php:78
actionelementor/initincludes\elementor\class-wpadcenter-elementor-widgets.php:97
actionelementor/widgets/widgets_registeredincludes\elementor\class-wpadcenter-elementor-widgets.php:150
actionrequests-requests.before_redirectpublic\class-wpadcenter-public.php:234

Scheduled Events 1

wpadcenter_monthly_cron
Maintenance & Trust

WP AdCenter – Ad Manager & Adsense Ads Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 24, 2025
PHP min version5.6
Downloads31K

Community Trust

Rating88/100
Number of ratings9
Active installs1K
Alternatives

WP AdCenter – Ad Manager & Adsense Ads Alternatives

Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue

Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue

revenueflex-easy-ads

A
100

Auto Ad Inserter is an AI-assisted tool used to get the best revenue from ads placed on your site through Google Adsense and Ads manager.

50 1 CVE
AdX Ad Inserter

AdX Ad Inserter

adx-ad-inserter

A
100

Insert Google AdX, Ad Manager, popup, rewarded, interstitial, sticky, and in-content ads anywhere. Built-in ads.txt editor included.

20 No CVEs
Ad Inserter – Ad Manager & AdSense Ads

Ad Inserter – Ad Manager & AdSense Ads

ad-inserter

A
88

Manage Google AdSense ads, banners, ad rotation, sticky widgets, AMP ads, ads.txt, tracking, header and footer code, PHP code, global custom fields

300K 12 CVEs
Advanced Ads – Ad Manager & AdSense

Advanced Ads – Ad Manager & AdSense

advanced-ads

A
88

The only complete toolkit for all ad types. Grow your revenue with AdSense, Amazon—or any affiliate network. Get pinpoint targeting and best support!

100K 8 CVEs
AdRotate Banner Manager

AdRotate Banner Manager

adrotate

A
88

Easily manage, and schedule ads on your WordPress site with AdRotate. Support for Google AdSense, Amazon, and custom banners. Start monetizing today!

20K 9 CVEs
Developer Profile

WP AdCenter – Ad Manager & Adsense Ads Developer Profile

WPeka

1 plugin · 1K total installs

74
trust score
Avg Security Score
72/100
Avg Patch Time
12 days
View full developer profile
Detection Fingerprints

How We Detect WP AdCenter – Ad Manager & Adsense Ads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpadcenter/assets/css/admin-style.css/wp-content/plugins/wpadcenter/assets/css/frontend-style.css/wp-content/plugins/wpadcenter/assets/js/backend/adcenter.js/wp-content/plugins/wpadcenter/assets/js/frontend/frontend-script.js
Version Parameters
wpadcenter/assets/css/admin-style.css?ver=wpadcenter/assets/css/frontend-style.css?ver=wpadcenter/assets/js/backend/adcenter.js?ver=wpadcenter/assets/js/frontend/frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpadcenter-adunit-listadsense-adunits
Data Attributes
data-adunit-iddata-adtype
JS Globals
AdsenseGAPI
Shortcode Output
[wpadcenter_ad[wpadcenter_adgroup
FAQ

Frequently Asked Questions about WP AdCenter – Ad Manager & Adsense Ads