WP-Safety

Affiliate Press Security & Risk Analysis

wordpress.org/plugins/affiliate-press

Affiliate Press allows you to set up an affiliate website based on product feeds as easy as 1-2-3.

10 active installs v0.3.8 PHP + WP 3.3+ Updated Apr 19, 2012
affiliateaffiliatesproductproduct-feedproducts
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Affiliate Press Safe to Use in 2026?

Generally Safe

Score 85/100

Affiliate Press has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The plugin "affiliate-press" v0.3.8 exhibits a mixed security posture. On the positive side, there are no recorded CVEs and the plugin demonstrates a good practice by not directly handling file operations or making excessive external HTTP requests. The presence of nonce checks is also a positive indicator. However, several concerning signals arise from the static analysis. A significant portion of SQL queries (57%) are not using prepared statements, which opens the door to potential SQL injection vulnerabilities if not handled meticulously. Furthermore, a very low percentage (10%) of output is properly escaped, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities across various output contexts. The taint analysis is particularly alarming, with 100% of analyzed flows showing unsanitized paths, and a notable 5 flows classified as high severity. This indicates that data entering the plugin is not being adequately cleaned, which could lead to serious security issues.

Key Concerns

  • High percentage of SQL queries not using prepared statements
  • Very low percentage of output properly escaped
  • All taint flows have unsanitized paths
  • 5 high severity taint flows
  • No capability checks found
Vulnerabilities
None known

Affiliate Press Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Affiliate Press Code Analysis

Dangerous Functions
0
Raw SQL Queries
16
12 prepared
Unescaped Output
152
16 escaped
Nonce Checks
12
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

43% prepared28 total queries

Output Escaping

10% escaped168 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

10 flows10 with unsanitized paths
<feed-add-wizard-step2> (views\feed-add-wizard-step2.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Affiliate Press Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 16
actioninitincludes\class-affiliate-press.php:14
actionadmin_menuincludes\class-affiliate-press.php:15
actionadmin_initincludes\class-affiliate-press.php:16
actionadmin_print_scripts-post-new.phpincludes\class-affiliate-press.php:17
actionadmin_print_scripts-post.phpincludes\class-affiliate-press.php:18
actionadmin_initincludes\class-affiliate-press.php:19
actionAP_cronjobincludes\class-affiliate-press.php:20
filteradmin_titleincludes\class-affiliate-press.php:61
filtermanage_product_posts_columnsincludes\class-affiliate-press.php:111
filtermanage_product_posts_custom_columnincludes\class-affiliate-press.php:112
filtermanage_edit-product_sortable_columnsincludes\class-affiliate-press.php:113
actionadd_attachmentincludes\class-affiliate-press.php:478
actionadmin_enqueue_scriptsincludes\class-pointers.php:11
actionadmin_print_footer_scriptsincludes\class-pointers.php:12
actionadmin_print_footer_scriptsincludes\class-pointers.php:13
actionadmin_print_footer_scriptsincludes\class-pointers.php:14

Scheduled Events 1

AP_cronjob
Maintenance & Trust

Affiliate Press Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2
Last updatedApr 19, 2012
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Affiliate Press Alternatives

Datafeedr API

Datafeedr API

datafeedr-api

A
92

Connect to the Datafeedr API.

6K No CVEs
Datafeedr Product Sets

Datafeedr Product Sets

datafeedr-product-sets

A
92

Build sets of products to import into your website.

6K No CVEs
Datafeedr WooCommerce Importer

Datafeedr WooCommerce Importer

datafeedr-woocommerce-importer

A
92

Import products from the Datafeedr API into your WooCommerce store.

6K No CVEs
AffiliateWP – Allowed Products

AffiliateWP – Allowed Products

affiliatewp-allowed-products

A
100

Allows only specific products to generate commission in AffiliateWP.

1K No CVEs
Affiliaterg – Affiliate Products Booster Blocks

Affiliaterg – Affiliate Products Booster Blocks

affiliate-products-blocks

A
92

A collection of custom Gutenberg blocks for Affiliate Products Review.

300 No CVEs
Developer Profile

Affiliate Press Developer Profile

ldebrouwer

5 plugins · 150 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Affiliate Press

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/affiliate-press/images/icon16.png/wp-content/plugins/affiliate-press/styles.css
Script Paths
/wp-content/plugins/affiliate-press/scripts/message.js
Version Parameters
affiliate-press/styles.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-menu-slug="affiliate_press_edit"data-menu-slug="affiliate_press_view"data-menu-slug="affiliate_press_linktoproduct"
JS Globals
LDB_AP_PATHLDB_AP_URLLDB_AP_SCRIPTS_URLLDB_Affiliate_Press
FAQ

Frequently Asked Questions about Affiliate Press