WP-Safety

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Security & Risk Analysis

wordpress.org/plugins/affiliate-toolkit-starter

Fast & Compatible with every WordPress Theme: With our plugin for WordPress, you can easily create and add your affiliate products to your website.

3K active installs v3.8.4 PHP 7.4+ WP 5.6+ Updated Jan 8, 2026
aawpaffiliateamazonawinebay
96
A · Safe
CVEs total13
Unpatched0
Last CVEApr 22, 2025
Plugin page Download
Safety Verdict

Is affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Safe to Use in 2026?

Generally Safe

Score 96/100

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display has a strong security track record. Known vulnerabilities have been patched promptly.

13 known CVEsLast CVE: Apr 22, 2025Updated 2mo ago
Risk Assessment

The `affiliate-toolkit-starter` plugin v3.8.4 presents a mixed security posture. While it demonstrates some good practices such as a relatively high percentage of prepared SQL statements and properly escaped outputs, significant concerns remain. The presence of 6 AJAX handlers without authentication checks is a major vulnerability, creating a substantial attack surface that could be exploited by unauthenticated users. The taint analysis also reveals 2 high-severity flows, indicating potential for serious security issues if not properly handled. The plugin's history of 13 known CVEs, predominantly medium and low severity but covering a wide range of common vulnerability types like CSRF, missing authorization, and XSS, suggests a recurring pattern of security weaknesses. Although there are no currently unpatched CVEs, the historical frequency and diversity of vulnerabilities warrant caution. The use of the `unserialize` function is also a red flag, as it can lead to deserialization vulnerabilities if not implemented with extreme care and validation.

Key Concerns

  • AJAX handlers without authentication checks
  • High severity taint flows found
  • History of numerous CVEs
  • Use of dangerous function: unserialize
Vulnerabilities
13

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Security Vulnerabilities

CVEs by Year

4 CVEs in 2023
2023
7 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
12
Low
1

13 total CVEs

CVE-2025-46231medium · 4.3Cross-Site Request Forgery (CSRF)

affiliate-toolkit <= 3.7.3 - Cross-Site Request Forgery

Apr 22, 2025 Patched in 3.7.4 (9d)
WF-b5e64a33-6165-4257-b324-0bbab4129e54-affiliate-toolkit-startermedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

affiliate-toolkit – WP Affiliate Plugin with Amazon <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 23, 2025 Patched in 3.7.1 (0d)
CVE-2024-10675medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

affiliate-toolkit <= 3.6.7 - Reflected Cross-Site Scripting

Nov 20, 2024 Patched in 3.6.8 (1d)
CVE-2024-10227medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode

Oct 28, 2024 Patched in 3.6.6 (1d)
CVE-2024-6562medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

affiliate-toolkit <= 3.5.5 - Unauthenticated Full Path Dislcosure

Aug 8, 2024 Patched in 3.6 (47d)
CVE-2024-37205medium · 5.3Insertion of Sensitive Information into Log File

affiliate-toolkit <= 3.4.4 - Unauthenticated Sensitive Information Exposure via Logs

Jun 20, 2024 Patched in 3.4.5 (7d)
CVE-2024-29817medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

affiliate-toolkit <= 3.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via ratings

Mar 25, 2024 Patched in 3.4.6 (4d)
CVE-2024-2298medium · 4.3Missing Authorization

affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_product

Mar 7, 2024 Patched in 3.5.5 (145d)
CVE-2024-1851medium · 6.3Missing Authorization

affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list

Mar 7, 2024 Patched in 3.5.5 (1d)
CVE-2023-5877medium · 6.5Server-Side Request Forgery (SSRF)

affiliate-toolkit <= 3.4.2 - Unauthenticated Server-Side Request Forgery

Dec 11, 2023 Patched in 3.4.3 (58d)
CVE-2023-46086medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

affiliate-toolkit – WordPress Affiliate Plugin <= 3.4.3 - Reflected Cross-Site Scripting via keyword

Nov 28, 2023 Patched in 3.4.4 (56d)
CVE-2023-45105low · 3.4URL Redirection to Untrusted Site ('Open Redirect')

affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.9 - Open Redirect via atkpout.php

Oct 6, 2023 Patched in 3.4.0 (109d)
CVE-2023-23786medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting

Mar 30, 2023 Patched in 3.3.4 (299d)
Code Analysis
Analyzed Mar 16, 2026

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Code Analysis

Dangerous Functions
17
Raw SQL Queries
38
81 prepared
Unescaped Output
1351
3353 escaped
Nonce Checks
42
Capability Checks
22
File Operations
30
External Requests
15
Bundled Libraries
2

Dangerous Functions Found

unserialize$data = @unserialize($unval);includes\atkp_posttypes_shop.php:1243
unserializereturn unserialize( preg_replace( '/^O:\d+:"[^"]++"/', 'O:' . strlen( $class ) . ':"' . $class . '"'includes\basics\ATKPTools.php:1596
unserialize$atkp_product->images = $row['images'] == null ? null : unserialize( $row['images'] );includes\database\atkp_listtable_helper.php:352
unserialize$atkp_product->variations = $row['variations'] == null ? null : unserialize( $row['variatiincludes\database\atkp_listtable_helper.php:357
unserialize$atkp_product->variationname = $row['variationname'] == null ? null : unserialize( $row['variationnaincludes\database\atkp_listtable_helper.php:358
unserialize$atkp_product->images = $row['images'] == null ? array() : unserialize( $row['images'] );includes\database\atkp_producttable_helper.php:523
unserialize$atkp_product->variations = $row['variations'] == null ? array() : unserialize( $row['variatiincludes\database\atkp_producttable_helper.php:528
unserialize$atkp_product->variationname = $row['variationname'] == null ? array() : unserialize( $row['variatioincludes\database\atkp_producttable_helper.php:529
unserialize$x = unserialize( $hide_shop_value->hide_shops );includes\helper\atkp_filter_helper.php:588
unserialize$product->variationname = unserialize( $product->variationname );includes\helper\atkp_formatter.php:2801
unserialize$vararray = unserialize( $vararray );includes\helper\atkp_formatter.php:2823
unserialize$tmpvariation = $variations == '' ? null : unserialize( $variations );includes\models\atkp_product.php:661
unserialize$prd->postids = unserialize( $postid );includes\models\atkp_product.php:718
unserialize$offer2 = unserialize( serialize( $offer ) );includes\models\atkp_product_collection.php:101
unserialize$offer3 = unserialize( serialize( $offer ) );includes\models\atkp_product_collection.php:114
unserialize$mytemplate = @unserialize( $contents );includes\pages\atkp_template_view.php:82
unserialize$data = @unserialize( $unval );includes\pages\atkp_template_view.php:115

Bundled Libraries

jQuerySelect2

SQL Query Safety

68% prepared119 total queries

Output Escaping

71% escaped4704 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

22 flows9 with unsanitized paths
my_atkp_out_redirect (includes\atkp_basics.php:239)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Attack Surface

Entry Points24
Unprotected6

AJAX Handlers 23

authwp_ajax_atkp_search_departmentsincludes\atkp_endpoints.php:12
authwp_ajax_atkp_search_productsincludes\atkp_endpoints.php:13
authwp_ajax_atkp_search_browsenodesincludes\atkp_endpoints.php:14
authwp_ajax_atkp_search_filtersincludes\atkp_endpoints.php:15
authwp_ajax_atkp_get_objectincludes\atkp_endpoints.php:18
authwp_ajax_atkp_import_productincludes\atkp_endpoints.php:19
authwp_ajax_atkp_create_listincludes\atkp_endpoints.php:20
authwp_ajax_atkp_clear_logfileincludes\atkp_endpoints.php:22
authwp_ajax_atkp_reset_productsincludes\atkp_endpoints.php:24
authwp_ajax_atkp_reset_listsincludes\atkp_endpoints.php:25
authwp_ajax_atkp_reset_settingsincludes\atkp_endpoints.php:27
authwp_ajax_atkp_download_logfileincludes\atkp_endpoints.php:29
authwp_ajax_atkp_search_local_productsincludes\atkp_endpoints.php:31
authwp_ajax_atkp_live_search_backendincludes\atkp_endpoints.php:33
authwp_ajax_atkp_export_templateincludes\atkp_endpoints.php:35
noprivwp_ajax_atkp_render_templateincludes\atkp_endpoints.php:38
authwp_ajax_atkp_render_templateincludes\atkp_endpoints.php:40
authwp_ajax_atkp_send_reportincludes\atkp_endpoints.php:42
authwp_ajax_atkp_subscribe_newsletterincludes\atkp_newsletter_popup.php:18
authwp_ajax_atkp_dismiss_newsletterincludes\atkp_newsletter_popup.php:19
authwp_ajax_atkp_block_search_productsincludes\atkp_shortcode_generator_modern.php:56
authwp_ajax_atkp_block_search_externalincludes\atkp_shortcode_generator_modern.php:57
authwp_ajax_atkp_search_postsincludes\atkp_shortcode_generator_modern.php:59

Shortcodes 1

[atkp] includes\atkp_shortcodes_atkp.php:11
WordPress Hooks 119
actionatkp_register_submenuaffiliate-toolkit-bulkimport.php:13
actionatkp_register_submenuaffiliate-toolkit-compatibility.php:13
actionatkp_register_submenuaffiliate-toolkit-extensions.php:12
actionatkp_register_submenuaffiliate-toolkit-settings.php:13
actionatkp_register_submenuaffiliate-toolkit-tools.php:13
filterdo_rocket_generate_caching_filesaffiliate-toolkit-wp-cli.php:11
actioninitaffiliate-toolkit.php:31
actionplugins_loadedaffiliate-toolkit.php:36
actionpublish_to_trashaffiliate-toolkit.php:41
actiondraft_to_trashaffiliate-toolkit.php:42
actionfuture_to_trashaffiliate-toolkit.php:43
actiondeleted_postaffiliate-toolkit.php:44
actionatkp_initialize_widgetsaffiliate-toolkit.php:73
actioninitaffiliate-toolkit.php:83
actionadmin_menuaffiliate-toolkit.php:104
actionadmin_enqueue_scriptsaffiliate-toolkit.php:112
actionwp_enqueue_scriptsaffiliate-toolkit.php:125
filterthe_contentaffiliate-toolkit.php:131
actionadmin_initaffiliate-toolkit.php:164
actionplugins_loadedaffiliate-toolkit.php:177
filteratkp_template_preview_listaffiliate-toolkit.php:466
filteratkp_template_listaffiliate-toolkit.php:484
filteratkp_shop_support_articlenumber_searchaffiliate-toolkit.php:502
actionadmin_noticesaffiliate-toolkit.php:506
actionadmin_noticesaffiliate-toolkit.php:508
filteradmin_footer_textaffiliate-toolkit.php:607
actionatkp_initialize_extensionschild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:24
actionadmin_noticeschild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:30
actioninitchild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:39
actionatkp_settings_live_display_fieldschild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:91
actionatkp_settings_display_savefieldschild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:101
filteratkp_load_providerschild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:114
filteratkp_shop_support_articlenumber_searchchild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:139
filteratkp_shop_support_isbn_searchchild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:162
filteratkp_shop_support_gtin_searchchild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:183
filteratkp_shop_support_ean_searchchild-plugins\affiliate-toolkit-amazon\affiliate-toolkit-amazon.php:206
filteratkp_variation_nameincludes\atkp_basics.php:56
filteratkp_find_productincludes\atkp_basics.php:73
filteratkp_ajax_productsincludes\atkp_basics.php:223
actiontemplate_redirectincludes\atkp_basics.php:238
actionatkp_register_submenuincludes\atkp_generator.php:321
actionenqueue_block_editor_assetsincludes\atkp_gutenberg_editor.php:16
actionadmin_noticesincludes\atkp_newsletter_popup.php:17
actionadmin_enqueue_scriptsincludes\atkp_newsletter_popup.php:20
actionadd_meta_boxesincludes\atkp_posttypes_list.php:14
actionsave_postincludes\atkp_posttypes_list.php:15
filterparse_queryincludes\atkp_posttypes_list.php:104
actionrestrict_manage_postsincludes\atkp_posttypes_list.php:105
actionadmin_menuincludes\atkp_posttypes_product.php:19
actionadmin_footerincludes\atkp_posttypes_product.php:21
filterparent_fileincludes\atkp_posttypes_product.php:78
actionadd_meta_boxesincludes\atkp_posttypes_product.php:116
actionsave_postincludes\atkp_posttypes_product.php:117
actionadmin_enqueue_scriptsincludes\atkp_posttypes_product.php:219
actionadmin_headincludes\atkp_posttypes_product.php:220
actionbefore_delete_postincludes\atkp_posttypes_product.php:240
filterparse_queryincludes\atkp_posttypes_product.php:290
actionrestrict_manage_postsincludes\atkp_posttypes_product.php:291
actionadd_meta_boxesincludes\atkp_posttypes_shop.php:15
actionsave_postincludes\atkp_posttypes_shop.php:16
actionadmin_enqueue_scriptsincludes\atkp_posttypes_shop.php:18
actionadmin_headincludes\atkp_posttypes_shop.php:19
actionatkp_shop_to_trashincludes\atkp_posttypes_shop.php:20
filtermap_meta_capincludes\atkp_posttypes_shop.php:105
actionadd_meta_boxesincludes\atkp_posttypes_template.php:15
actionsave_postincludes\atkp_posttypes_template.php:16
filteratkp_get_template_typesincludes\atkp_posttypes_template.php:28
actionatkp_template_fields_6includes\atkp_posttypes_template.php:29
actionatkp_template_savefields_6includes\atkp_posttypes_template.php:30
actionatkp_template_savefieldsincludes\atkp_posttypes_template.php:31
filteratkp_template_preview_image_urlincludes\atkp_posttypes_template.php:33
filteratkp_template_get_bladeincludes\atkp_posttypes_template.php:34
filteratkp_template_get_cssincludes\atkp_posttypes_template.php:35
actionadd_meta_boxesincludes\atkp_shortcode_generator.php:12
actionsave_postincludes\atkp_shortcode_generator.php:14
actionmedia_buttonsincludes\atkp_shortcode_generator.php:17
actionwp_footerincludes\atkp_shortcode_generator.php:185
actionadmin_footerincludes\atkp_shortcode_generator.php:186
actionadd_meta_boxesincludes\atkp_shortcode_generator2.php:12
actionsave_postincludes\atkp_shortcode_generator2.php:14
actionmedia_buttonsincludes\atkp_shortcode_generator2.php:18
actionadmin_headincludes\atkp_shortcode_generator2.php:21
actionadmin_footerincludes\atkp_shortcode_generator2.php:24
filtermce_external_pluginsincludes\atkp_shortcode_generator2.php:57
filtermce_buttonsincludes\atkp_shortcode_generator2.php:58
actionadd_meta_boxesincludes\atkp_shortcode_generator_modern.php:39
actionsave_postincludes\atkp_shortcode_generator_modern.php:40
actionadmin_enqueue_scriptsincludes\atkp_shortcode_generator_modern.php:41
actionmedia_buttonsincludes\atkp_shortcode_generator_modern.php:44
actionadmin_headincludes\atkp_shortcode_generator_modern.php:48
actionenqueue_block_editor_assetsincludes\atkp_shortcode_generator_modern.php:51
actioninitincludes\atkp_shortcode_generator_modern.php:52
filterblock_categories_allincludes\atkp_shortcode_generator_modern.php:53
filtermce_external_pluginsincludes\atkp_shortcode_generator_modern.php:402
filtermce_buttonsincludes\atkp_shortcode_generator_modern.php:403
filterposts_searchincludes\atkp_shortcode_generator_modern.php:1038
filterposts_whereincludes\atkp_shortcode_generator_modern.php:1039
actionatkp_debug_actionincludes\atkp_tools_debug.php:11
actionatkp_debug_actionincludes\atkp_tools_debug.php:13
actionatkp_debug_actionincludes\atkp_tools_debug.php:15
actionatkp_migrate_actionincludes\atkp_tools_debug.php:18
actionatkp_migrate_actionincludes\atkp_tools_debug.php:19
actionatkp_register_submenuincludes\atkp_tools_shortcodegenerator.php:11
filtercron_schedulesincludes\atkp_wp_cronjob.php:12
filteratkp_queue_collect_entriesincludes\dataservices\atkp_queueservices.php:20
filteratkp_queue_collect_entriesincludes\dataservices\atkp_queueservices.php:21
filteratkp_queue_collect_entriesincludes\dataservices\atkp_queueservices.php:22
filteratkp_queue_collect_entriesincludes\dataservices\atkp_queueservices.php:23
filteratkp_queue_process_entries_productupdateincludes\dataservices\atkp_queueservices.php:25
filteratkp_queue_process_entries_listupdateincludes\dataservices\atkp_queueservices.php:29
filteratkp_queue_process_entries_listproductupdateincludes\dataservices\atkp_queueservices.php:33
filteratkp_queue_process_entries_productfinishincludes\dataservices\atkp_queueservices.php:38
actionatkp_datacheck_reportincludes\dataservices\atkp_queueservices.php:44
actionatkp_register_submenuincludes\pages\atkp_queue_view.php:25
filterset-screen-optionincludes\pages\atkp_queue_view.php:27
actionatkp_register_submenuincludes\pages\atkp_template_view.php:27
filterset-screen-optionincludes\pages\atkp_template_view.php:29
actionadmin_footerincludes\widgets\atkp_widget.php:22
actionwidgets_initincludes\widgets\atkp_widget.php:560
Maintenance & Trust

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 8, 2026
PHP min version7.4
Downloads126K

Community Trust

Rating90/100
Number of ratings22
Active installs3K
Alternatives

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Alternatives

Affiliate AI Lite

Affiliate AI Lite

affiliate-ai-lite

A
99

Amazon affiliate plugin that lets you add product boxes with your affiliate links to any page or post.

50 1 CVE
Amazon Product Feeder

Amazon Product Feeder

amazon-product-feeder

A
85

Amazon Product Feeder is a WordPress plugin which will help you to create amazon product pages on your website with your amazon affiliate link.

40 No CVEs
Marbl

Marbl

marbl

A
100

Embeds a user-selectable multi-contry Amazon or eBay store drop-down buyer link into the page at any point the shortcode is added.

0 No CVEs
Advanced Ads – Ad Manager & AdSense

Advanced Ads – Ad Manager & AdSense

advanced-ads

A
88

The only complete toolkit for all ad types. Grow your revenue with AdSense, Amazon—or any affiliate network. Get pinpoint targeting and best support!

100K 8 CVEs
ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

A
95

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs
Developer Profile

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display Developer Profile

SERVIT Software Solutions

1 plugin · 3K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
57 days
View full developer profile
Detection Fingerprints

How We Detect affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/affiliate-toolkit-starter/css/atkp-frontend.css/wp-content/plugins/affiliate-toolkit-starter/css/atkp-theme.css/wp-content/plugins/affiliate-toolkit-starter/css/atkp-frontend-elementor.css/wp-content/plugins/affiliate-toolkit-starter/js/atkp-frontend.js/wp-content/plugins/affiliate-toolkit-starter/js/atkp-frontend-editor.js
Script Paths
/wp-content/plugins/affiliate-toolkit-starter/js/atkp-frontend.js/wp-content/plugins/affiliate-toolkit-starter/js/atkp-frontend-editor.js
Version Parameters
affiliate-toolkit-starter/css/atkp-frontend.css?ver=affiliate-toolkit-starter/css/atkp-theme.css?ver=affiliate-toolkit-starter/css/atkp-frontend-elementor.css?ver=affiliate-toolkit-starter/js/atkp-frontend.js?ver=affiliate-toolkit-starter/js/atkp-frontend-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes
atkp-product-boxatkp-product-titleatkp-product-priceatkp-product-ctaatkp-product-imageatkp-table-wrapatkp-comparison-tableatkp-settings-admin+1 more
HTML Comments
<!-- Plugin initialisieren --><!-- Modern Shortcode Generator mit Gutenberg-Unterstützung --><!-- Initialize for both frontend and backend to support block rendering --><!-- Alternative: Alter Generator (deprecated) -->+1 more
Data Attributes
data-atkp-iddata-atkp-typedata-atkp-product-iddata-atkp-list-iddata-atkp-shop-id
JS Globals
atkp_frontend_paramsatkp_frontend_editor_paramsATKP_AJAX_URLatkp_gutenberg_editor_block_params
REST Endpoints
/wp-json/atkp/v1/products/wp-json/atkp/v1/lists/wp-json/atkp/v1/shops
Shortcode Output
[affiliate-toolkit-starter][atkp_product][atkp_list][atkp_shop]
FAQ

Frequently Asked Questions about affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display