WP-Safety

Affiliate Links – Link Cloaking and Management Security & Risk Analysis

wordpress.org/plugins/affiliate-links

Create any redirect links to any website from your WordPress Admin. Perfect for the affiliate links masking.

3K active installs v3.2.0 PHP + WP 4.0+ Updated Jun 28, 2025
affiliate-link-manageraffiliate-link-maskingcloakinglink-redirectspretty-links
96
A · Safe
CVEs total3
Unpatched0
Last CVEApr 10, 2025
Download
Safety Verdict

Is Affiliate Links – Link Cloaking and Management Safe to Use in 2026?

Generally Safe

Score 96/100

Affiliate Links – Link Cloaking and Management has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 10, 2025Updated 9mo ago
Risk Assessment

The 'affiliate-links' plugin version 3.2.0 exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to secure coding practices, with 100% of outputs properly escaped and a significant portion of SQL queries utilizing prepared statements. The presence of nonce and capability checks across its entry points is also commendable. However, the taint analysis highlights a concerning "High" severity flow with unsanitized user input, indicating a potential for injection vulnerabilities. Furthermore, the plugin's vulnerability history, with 3 previously discovered CVEs including one high and two medium severity issues, suggests a pattern of past security weaknesses, even though there are currently no unpatched vulnerabilities. The plugin also has a history of vulnerabilities related to missing authorization and cross-site scripting, which require careful consideration.

While the current version appears to have addressed its past vulnerabilities and demonstrates good basic security hygiene, the identified high-severity taint flow is a significant red flag that demands immediate attention. The past vulnerability history, though seemingly resolved in this version, warrants vigilance. The plugin's strengths lie in its output escaping and use of prepared statements, but its weaknesses are exposed by the taint analysis and historical CVEs. Overall, it's a plugin that has improved but still carries a residual risk due to past issues and identified coding flaws.

Key Concerns

  • High severity taint flow found
  • 3 previously disclosed CVEs
  • 1 High severity CVE in history
  • 2 Medium severity CVEs in history
  • 3 flows with unsanitized paths
Vulnerabilities
3

Affiliate Links – Link Cloaking and Management Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-32639medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affiliate Links Lite <= 3.1.0 - Reflected Cross-Site Scripting

Apr 10, 2025 Patched in 3.2.0 (323d)
CVE-2024-13556high · 8.1Missing Authorization

Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection

Feb 17, 2025 Patched in 3.1.0 (1d)
CVE-2023-22696medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affiliate Links Lite <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Apr 14, 2023 Patched in 2.7 (488d)
Code Analysis
Analyzed Mar 16, 2026

Affiliate Links – Link Cloaking and Management Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
9 prepared
Unescaped Output
2
419 escaped
Nonce Checks
6
Capability Checks
14
File Operations
3
External Requests
1
Bundled Libraries
0

SQL Query Safety

64% prepared14 total queries

Output Escaping

100% escaped421 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths
export_to_xml (pro\class-affiliate-links-pro-import-export.php:192)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Affiliate Links – Link Cloaking and Management Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 1

authwp_ajax_af_link_additional_settingspro\class-affiliate-links-pro.php:52

Shortcodes 3

[af_link] includes\class-affiliate-links-shortcode.php:15
[af_links_popular] pro\class-affiliate-links-pro-shortcodes.php:13
[af_links_recent] pro\class-affiliate-links-pro-shortcodes.php:14
WordPress Hooks 50
actioninitadmin\class-affiliate-links-buttons.php:13
filtermce_external_pluginsadmin\class-affiliate-links-buttons.php:17
filtermce_buttonsadmin\class-affiliate-links-buttons.php:18
actionadmin_print_footer_scriptsadmin\class-affiliate-links-buttons.php:66
actionload-post.phpadmin\class-affiliate-links-metabox.php:85
actionload-post-new.phpadmin\class-affiliate-links-metabox.php:86
filtermanage_posts_columnsadmin\class-affiliate-links-metabox.php:89
actionmanage_posts_custom_columnadmin\class-affiliate-links-metabox.php:90
actionrestrict_manage_postsadmin\class-affiliate-links-metabox.php:91
actionadmin_enqueue_scriptsadmin\class-affiliate-links-metabox.php:94
actioncurrent_screenadmin\class-affiliate-links-metabox.php:100
filterview_mode_post_typesadmin\class-affiliate-links-metabox.php:103
actionadd_meta_boxesadmin\class-affiliate-links-metabox.php:272
actionsave_postadmin\class-affiliate-links-metabox.php:273
filteraf_links_get_fieldsadmin\class-affiliate-links-metabox.php:499
actionadmin_menuadmin\class-affiliate-links-settings.php:36
actionadmin_initadmin\class-affiliate-links-settings.php:37
actioninitadmin\class-affiliate-links-settings.php:41
actioninitincludes\class-affiliate-links.php:27
actioninitincludes\class-affiliate-links.php:28
actionafter_wp_tiny_mceincludes\class-affiliate-links.php:29
actiontemplate_redirectincludes\class-affiliate-links.php:33
actionplugins_loadedincludes\class-affiliate-links.php:34
actionplugins_loadedincludes\class-affiliate-links.php:37
actioninitincludes\class-affiliate-links.php:49
filterpost_type_linkincludes\class-affiliate-links.php:50
actionadmin_footerpro\class-affiliate-links-pro-base.php:47
actioninitpro\class-affiliate-links-pro-import-export.php:16
actioninitpro\class-affiliate-links-pro-import-export.php:17
actionadmin_menupro\class-affiliate-links-pro-import-export.php:19
actioninitpro\class-affiliate-links-pro-install.php:13
actionload-post.phppro\class-affiliate-links-pro-metabox.php:24
actionload-post-new.phppro\class-affiliate-links-pro-metabox.php:25
actionadmin_menupro\class-affiliate-links-pro-replacer.php:23
actionaf_link_before_redirectpro\class-affiliate-links-pro-stats.php:30
actionaf_link_before_iframepro\class-affiliate-links-pro-stats.php:34
actionadmin_menupro\class-affiliate-links-pro-stats.php:40
actioncurrent_screenpro\class-affiliate-links-pro-stats.php:41
actionwidgets_initpro\class-affiliate-links-pro-widgets.php:10
actionadmin_initpro\class-affiliate-links-pro.php:33
actionadmin_enqueue_scriptspro\class-affiliate-links-pro.php:44
actionwp_enqueue_scriptspro\class-affiliate-links-pro.php:48
filteraf_link_target_urlpro\class-affiliate-links-pro.php:56
filteraf_link_updated_target_urlpro\class-affiliate-links-pro.php:60
actionsave_postpro\widgets\class-affiliate-links-widget-popular-links.php:22
actiondeleted_postpro\widgets\class-affiliate-links-widget-popular-links.php:23
actionswitch_themepro\widgets\class-affiliate-links-widget-popular-links.php:24
actionsave_postpro\widgets\class-affiliate-links-widget-recent-links.php:22
actiondeleted_postpro\widgets\class-affiliate-links-widget-recent-links.php:23
actionswitch_themepro\widgets\class-affiliate-links-widget-recent-links.php:24
Maintenance & Trust

Affiliate Links – Link Cloaking and Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 28, 2025
PHP min version
Downloads78K

Community Trust

Rating100/100
Number of ratings10
Active installs3K
Alternatives

Affiliate Links – Link Cloaking and Management Alternatives

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

simple-urls

A
98

Simple URLs helps you to manage links, create product displays, and grow your affiliate marketing business.

4K 6 CVEs
BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

betterlinks

A
98

Ultimate plugin to create, shorten, track and manage any URL. Gather analytics reports and run successful marketing campaigns easily.

20K 3 CVEs
URL Shortify – Simple and Easy URL Shortener

URL Shortify – Simple and Easy URL Shortener

url-shortify

A
92

URL Shortify helps you beautify, manage, share & cloak any links on or off your WordPress website. Create links using your domain name!

10K 9 CVEs
Easy Affiliate Links

Easy Affiliate Links

easy-affiliate-links

A
98

Easily manage and cloak all your affiliate links.

8K 3 CVEs
Email JavaScript Cloak

Email JavaScript Cloak

email-javascript-cloaker

A
85

A simple plugin to use JavaScript to cloak email addresses in your WordPress content (posts & pages).

500 No CVEs
Developer Profile

Affiliate Links – Link Cloaking and Management Developer Profile

wecantrack

2 plugins · 5K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
214 days
View full developer profile
Detection Fingerprints

How We Detect Affiliate Links – Link Cloaking and Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/affiliate-links/admin/css/affiliate-links-admin.css
Script Paths
/wp-content/plugins/affiliate-links/admin/js/affiliate-links-admin.js
Version Parameters
affiliate-links-css?ver=1.6affiliate-links-js?ver=1.6

HTML / DOM Fingerprints

CSS Classes
af-link-settings
Data Attributes
data-field-namedata-field-value
JS Globals
afLinksAdmin
Shortcode Output
[af_link]
FAQ

Frequently Asked Questions about Affiliate Links – Link Cloaking and Management