WP-Safety

Affiliate Link Tracker Security & Risk Analysis

wordpress.org/plugins/affiliate-link-tracker

Advanced affiliate link tracker for tracking where your affiliate conversions come from.

400 active installs v0.2 PHP 5.2+ WP 3.0.1+ Updated Sep 16, 2020
affiliateaffiliate-link-trackeraffiliate-link-trackingaffiliate-linkstracking
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 10, 2025
Download
Safety Verdict

Is Affiliate Link Tracker Safe to Use in 2026?

Use With Caution

Score 63/100

Affiliate Link Tracker has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 10, 2025Updated 5yr ago
Risk Assessment

The "affiliate-link-tracker" v0.2 plugin presents a mixed security posture. While it demonstrates good practices by using prepared statements for all SQL queries and having a relatively small attack surface with no unprotected entry points, there are significant concerns. The presence of a known, unpatched medium severity vulnerability (likely Cross-Site Scripting) from April 2025 is a critical red flag. Furthermore, the taint analysis revealed one flow with an unsanitized path, which, although not classified as critical or high, warrants investigation as it could potentially lead to vulnerabilities if not handled correctly. The absence of nonce checks, while not directly flagged as an issue in this analysis due to the lack of AJAX handlers, is generally a weakness in plugin security that could be exploited if new AJAX endpoints are added without proper checks. The plugin's history of vulnerabilities, particularly the ongoing unpatched one, suggests a pattern of security oversight that needs immediate attention.

Key Concerns

  • Unpatched CVE (medium severity)
  • Flow with unsanitized path
  • 0 Nonce checks found
  • 85% Output escaping (some outputs unescaped)
Vulnerabilities
1

Affiliate Link Tracker Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-62077medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affiliate Link Tracker <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 10, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Affiliate Link Tracker Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
11 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

85% escaped13 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
aff_lnk_go (affiliate-link-tracker.php:157)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Affiliate Link Tracker Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[aff_lnk_view_cookie] affiliate-link-tracker.php:271
WordPress Hooks 4
actionadmin_menuaffiliate-link-tracker.php:30
actionadmin_initaffiliate-link-tracker.php:31
actionplugins_loadedaffiliate-link-tracker.php:223
actioninitaffiliate-link-tracker.php:264
Maintenance & Trust

Affiliate Link Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedSep 16, 2020
PHP min version5.2
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs400
Alternatives

Affiliate Link Tracker Alternatives

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

A
90

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs
ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

A
95

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs
LinkCentral – URL shortener, Custom Links & Affiliate Link Shortener with Link Tracking

LinkCentral – URL shortener, Custom Links & Affiliate Link Shortener with Link Tracking

linkcentral

A
100

The easiest URL shortener, short links manager, and link tracking plugin. Fast and optimised for better short links, redirects and affiliate links.

300 No CVEs
AnyTrack Affiliate Link Manager

AnyTrack Affiliate Link Manager

anytrack-affiliate-link-manager

A
99

AnyTrack is a conversion data platform for performance marketers to track affiliate conversions with Google Analytics, Facebook Conversion API, and mo &hellip;

100 1 CVE
ShortLinks Pro – Affiliate Links, Link Shortening, Click Tracking & Marketing

ShortLinks Pro – Affiliate Links, Link Shortening, Click Tracking & Marketing

shortlinkspro

A
99

Shorten, track, manage and share any URL using your own domain name!

100 1 CVE
Developer Profile

Affiliate Link Tracker Developer Profile

SEOSEON EUROPE S.L

1 plugin · 400 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Affiliate Link Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
wrapdashicons-admin-links
Data Attributes
data-idx
Shortcode Output
[aff_lnk_view_cookie]
FAQ

Frequently Asked Questions about Affiliate Link Tracker