WP-Safety

Affiliates Manager Security & Risk Analysis

wordpress.org/plugins/affiliates-manager

Affiliates Manager plugin can help you manage an affiliate marketing program to drive more traffic and more sales to your site.

9K active installs v2.9.49 PHP 7.4+ WP 3.5+ Updated Jan 9, 2026
affiliateaffiliate-marketingaffiliate-programaffiliateswoocommerce
95
A · Safe
CVEs total12
Unpatched0
Last CVEJan 30, 2024
Plugin page Download
Safety Verdict

Is Affiliates Manager Safe to Use in 2026?

Generally Safe

Score 95/100

Affiliates Manager has a strong security track record. Known vulnerabilities have been patched promptly.

12 known CVEsLast CVE: Jan 30, 2024Updated 2mo ago
Risk Assessment

The "affiliates-manager" v2.9.49 plugin presents a mixed security posture. While it exhibits good practices in areas like prepared SQL statements (91%) and a high percentage of properly escaped output (82%), significant concerns arise from its attack surface and historical vulnerability patterns. A substantial portion of its entry points, particularly AJAX handlers (8 out of 8 analyzed), lack authentication checks, creating a broad attack vector. The taint analysis reveals a concerning 8 high-severity flows with unsanitized paths, indicating potential for exploitable vulnerabilities even if no critical ones were found in this specific analysis run. The plugin's history of 12 known CVEs, including critical and high-severity issues, with the most recent in early 2024, suggests a recurring pattern of security weaknesses. The common vulnerability types also point to common attack vectors that have been exploited in the past. While the absence of currently unpatched vulnerabilities is positive, the overall trend and the identified static analysis issues necessitate a cautious approach.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Critical and High severity CVE history
  • Use of unserialize function
  • File operations present
Vulnerabilities
12

Affiliates Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2020
2020
2 CVEs in 2021
2021
4 CVEs in 2022
2022
3 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
High
4
Medium
7

12 total CVEs

CVE-2024-0859medium · 4.3Cross-Site Request Forgery (CSRF)

Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery

Jan 30, 2024 Patched in 2.9.35 (182d)
CVE-2023-52130medium · 6.5Cross-Site Request Forgery (CSRF)

Affiliates Manager <= 2.9.31 - Cross-Site Request Forgery via multiple AJAX actions

Dec 28, 2023 Patched in 2.9.32 (26d)
CVE-2023-52148medium · 5.3Insertion of Sensitive Information into Log File

Affiliates Manager <= 2.9.30 - Sensitive Information Exposure via Log File

Dec 28, 2023 Patched in 2.9.31 (26d)
CVE-2023-28986medium · 4.3Cross-Site Request Forgery (CSRF)

Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action()

Mar 29, 2023 Patched in 2.9.21 (300d)
CVE-2022-2799medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 16, 2022 Patched in 2.9.14 (525d)
CVE-2022-2798critical · 9Improper Neutralization of Formula Elements in a CSV File

Affiliates Manager <= 2.9.13 - CSV Injection

Aug 16, 2022 Patched in 2.9.14 (525d)
WF-ddd37b7a-3ef8-4269-ba3b-665ae34bde26-affiliates-managerhigh · 8.8Cross-Site Request Forgery (CSRF)

Affiliates Manager <= 2.9.13 - Cross-Site Request Forgery

Aug 16, 2022 Patched in 2.9.14 (525d)
WF-ecbb40a5-3e33-4084-a19b-daf014ce68c8-affiliates-managermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affiliates Manager <= 2.9.13 - Reflected Cross-Site Scripting

Aug 16, 2022 Patched in 2.9.14 (525d)
CVE-2021-25078high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affiliates Manager <= 2.8.9 - Unauthenticated Stored Cross-Site Scripting

Dec 24, 2021 Patched in 2.9.0 (760d)
CVE-2021-24844high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affiliate Manager <= 2.8.6 - Admin+ SQL injection

Oct 11, 2021 Patched in 2.8.7 (834d)
WF-7ff58a34-93ab-4e51-b857-fed1107631ea-affiliates-managermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affiliates Manager <= 2.7.7 - Cross-Site Scripting

Sep 11, 2020 Patched in 2.7.8 (1229d)
CVE-2019-15868high · 8.8Cross-Site Request Forgery (CSRF)

Affiliates Manager <= 2.6.5 - Cross-Site Request Forgery

May 26, 2019 Patched in 2.6.6 (1703d)
Code Analysis
Analyzed Mar 16, 2026

Affiliates Manager Code Analysis

Dangerous Functions
2
Raw SQL Queries
10
99 prepared
Unescaped Output
185
829 escaped
Nonce Checks
43
Capability Checks
4
File Operations
11
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->userData = unserialize($rowData->userData);source\Data\Models\AffiliateModel.php:55
unserialize$this->errors = unserialize($this->errors);source\Data\Models\PaypalLogModel.php:33

SQL Query Safety

91% prepared109 total queries

Output Escaping

82% escaped1014 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

24 flows11 with unsanitized paths
search_box (classes\ListTable.php:82)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Affiliates Manager Attack Surface

Entry Points12
Unprotected8

AJAX Handlers 8

authwp_ajax_wpam_ajax_approve_applicationsource\Plugin.php:98
authwp_ajax_wpam_ajax_decline_applicationsource\Plugin.php:99
authwp_ajax_wpam_ajax_block_applicationsource\Plugin.php:100
authwp_ajax_wpam_ajax_activate_affiliatesource\Plugin.php:101
authwp_ajax_wpam_ajax_deactivate_affiliatesource\Plugin.php:102
authwp_ajax_wpam_ajax_set_creative_statussource\Plugin.php:103
authwp_ajax_wpam_ajax_add_transactionsource\Plugin.php:104
authwp_ajax_wpam_ajax_delete_creativesource\Plugin.php:105

Shortcodes 4

[wpam_custom_input] source\Plugin.php:82
[AffiliatesRegister] source\Plugin.php:124
[AffiliatesHome] source\Plugin.php:125
[AffiliatesLogin] source\Plugin.php:126
WordPress Hooks 51
filterwp_mail_fromclasses\CommissionTracking.php:122
filterwp_mail_from_nameclasses\CommissionTracking.php:123
filterwp_mail_content_typeclasses\CommissionTracking.php:124
filterwp_mail_fromclasses\CommissionTracking.php:150
filterwp_mail_from_nameclasses\CommissionTracking.php:151
filterwp_mail_content_typeclasses\CommissionTracking.php:152
actionadmin_footerclasses\ListTable.php:35
actionadmin_footersource\Pages\Admin\MyAffiliatesPage.php:77
actionadmin_footersource\Pages\Admin\MyCreativesPage.php:71
actionadmin_footersource\Pages\Admin\NewAffiliatePage.php:64
actionadmin_footersource\Pages\Admin\SettingsPage.php:307
actionwp_footersource\Pages\AffiliatesHome.php:302
actionwp_footersource\Pages\AffiliatesHome.php:534
actionwp_footersource\Pages\AffiliatesRegister.php:115
actionplugins_loadedsource\Plugin.php:84
actioninitsource\Plugin.php:87
actionwp_enqueue_scriptssource\Plugin.php:89
actionwp_headsource\Plugin.php:91
actiontemplate_redirectsource\Plugin.php:94
actionadmin_menusource\Plugin.php:95
actioncurrent_screensource\Plugin.php:96
filterpre_user_emailsource\Plugin.php:107
actionprofile_updatesource\Plugin.php:109
actionadmin_noticessource\Plugin.php:118
filterwidget_textsource\Plugin.php:121
actionsave_postsource\Plugin.php:127
actionadmin_initsource\Plugin.php:130
actionwpam_process_affiliate_commissionsource\Plugin.php:133
actionwpsc_transaction_result_cart_itemsource\Plugin.php:137
actionwoocommerce_new_ordersource\Plugin.php:140
actionwoocommerce_order_status_completedsource\Plugin.php:142
actionwoocommerce_order_status_processingsource\Plugin.php:143
actionwoocommerce_checkout_order_processedsource\Plugin.php:144
actionwoocommerce_order_status_refundedsource\Plugin.php:145
actionwoocommerce_order_status_cancelledsource\Plugin.php:146
filterit_exchange_add_transactionsource\Plugin.php:148
filterwpspc_cart_custom_field_valuesource\Plugin.php:151
actionwpspc_paypal_ipn_processedsource\Plugin.php:152
filteredd_payment_metasource\Plugin.php:155
actionedd_complete_purchasesource\Plugin.php:156
actionjigoshop_new_ordersource\Plugin.php:159
actionswpm_front_end_registration_complete_user_datasource\Plugin.php:161
filterwp_mail_fromsource\Util\EmailHandler.php:10
filterwp_mail_from_namesource\Util\EmailHandler.php:11
filterwp_mail_content_typesource\Util\EmailHandler.php:12
filterwp_mailsource\Util\EmailHandler.php:29
filterwp_mail_fromsource\Util\EmailHandler.php:30
filterwp_mail_from_namesource\Util\EmailHandler.php:31
filterwp_mail_fromsource\Util\EmailHandler.php:40
filterwp_mail_from_namesource\Util\EmailHandler.php:41
filterwp_mail_content_typesource\Util\EmailHandler.php:42
Maintenance & Trust

Affiliates Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 9, 2026
PHP min version7.4
Downloads1.0M

Community Trust

Rating82/100
Number of ratings61
Active installs9K
Alternatives

Affiliates Manager Alternatives

Affiliate Program Suite — SliceWP Affiliates

Affiliate Program Suite — SliceWP Affiliates

slicewp

A
97

SliceWP is the quickest and easiest WordPress affiliates plugin for building your affiliate program. Track affiliate commissions, easily pay your affi &hellip;

10K 5 CVEs
Coupon Affiliates – Affiliate Plugin for WooCommerce

Coupon Affiliates – Affiliate Plugin for WooCommerce

woo-coupon-usage

A
90

The most powerful affiliate plugin for WooCommerce. Track commission, generate referral URLs, assign affiliate coupons, and display detailed stats.

5K 12 CVEs
Affiliates WooCommerce Light

Affiliates WooCommerce Light

affiliates-woocommerce-light

A
100

Grow your Business with your own Affiliate Network and let your partners earn commissions on referred sales. Integrates Affiliates and WooCommerce.

1K No CVEs
Affiliates for WooCommerce – Boost your Earnings with Affiliate Marketing Program

Affiliates for WooCommerce – Boost your Earnings with Affiliate Marketing Program

affiliates-for-woocommerce

A
100

Run a WooCommerce affiliate program from your store. Affiliates get referral links, track commissions, and request payouts from their own dashboard.

300 No CVEs
Partnero – Affiliate & Referral Program Management for WooCommerce

Partnero – Affiliate & Referral Program Management for WooCommerce

partnero

A
92

Partnero is a powerful tool designed to effortlessly manage affiliate and refer-a-friend programs directly within your WooCommerce store.

200 No CVEs
Developer Profile

Affiliates Manager Developer Profile

wp.insider

14 plugins · 76K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
556 days
View full developer profile
Detection Fingerprints

How We Detect Affiliates Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/affiliates-manager/js/wpam-admin-scripts.js/wp-content/plugins/affiliates-manager/css/wpam-admin-styles.css/wp-content/plugins/affiliates-manager/css/wpam-public.css/wp-content/plugins/affiliates-manager/js/wpam-public-scripts.js/wp-content/plugins/affiliates-manager/js/affiliate-dashboard.js/wp-content/plugins/affiliates-manager/js/affiliate-registration.js/wp-content/plugins/affiliates-manager/js/affiliate-login.js/wp-content/plugins/affiliates-manager/js/affiliate-recover-password.js+31 more
Script Paths
/wp-content/plugins/affiliates-manager/js/wpam-admin-scripts.js/wp-content/plugins/affiliates-manager/js/wpam-public-scripts.js/wp-content/plugins/affiliates-manager/js/affiliate-dashboard.js/wp-content/plugins/affiliates-manager/js/affiliate-registration.js/wp-content/plugins/affiliates-manager/js/affiliate-login.js/wp-content/plugins/affiliates-manager/js/affiliate-recover-password.js+31 more
Version Parameters
affiliates-manager/js/wpam-admin-scripts.js?ver=affiliates-manager/css/wpam-admin-styles.css?ver=affiliates-manager/css/wpam-public.css?ver=affiliates-manager/js/wpam-public-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpam-affiliate-dashboard-widgetwpam-affiliate-dashboard-report-widgetwpam-affiliate-dashboard-commission-widgetwpam-affiliate-dashboard-payout-widgetwpam-affiliate-dashboard-referral-widgetwpam-affiliate-dashboard-creative-widgetwpam-affiliate-dashboard-coupon-widgetwpam-affiliate-dashboard-transaction-widget+27 more
HTML Comments
<!--WP Affiliate Manager Admin Scripts--><!--WP Affiliate Manager Admin Styles--><!--WP Affiliate Manager Public Styles--><!--WP Affiliate Manager Public Scripts-->+34 more
Data Attributes
data-wpam-affiliate-dashboard-widgetdata-wpam-affiliate-dashboard-report-widgetdata-wpam-affiliate-dashboard-commission-widgetdata-wpam-affiliate-dashboard-payout-widgetdata-wpam-affiliate-dashboard-referral-widgetdata-wpam-affiliate-dashboard-creative-widget+28 more
JS Globals
wpam_admin_paramswpam_public_paramswpam_affiliate_dashboard_paramswpam_affiliate_registration_paramswpam_affiliate_login_paramswpam_affiliate_recover_password_params+11 more
Shortcode Output
[wpam_affiliate_dashboard][wpam_affiliate_registration][wpam_affiliate_login][wpam_affiliate_recover_password]
FAQ

Frequently Asked Questions about Affiliates Manager