[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2TxI2kEdsyu-B2tbzNuhBKxoAG3CkfsQvJBF1GN_bW0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":52,"analysis":133,"fingerprints":223},"affiliates-manager-google-recaptcha-integration","Affiliates Manager Google reCAPTCHA Integration","1.0.7","affmngr","https:\u002F\u002Fprofiles.wordpress.org\u002Faffmngr\u002F","\u003Cp>This addon allows you to specify your Google reCAPTCHA V2 API credentials in the addon settings.\u003C\u002Fp>\n\u003Cp>When affiliates go to the registration page, they will need to manually verify that they are not a robot before submitting the form.\u003C\u002Fp>\n\u003Cp>This addon requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faffiliates-manager\u002F\" rel=\"ugc\">Affiliates Manager Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>After you install this addon, go to the Google reCAPTCHA settings interface, specify your V2 API credentials and save the settings.\u003C\u002Fp>\n\u003Cp>Read the following page for step by step usage documentation:\u003Cbr \u002F>\nhttps:\u002F\u002Fwpaffiliatemanager.com\u002Faffiliates-manager-google-recaptcha-integration\u002F\u003C\u002Fp>\n","An addon for the Affiliates Manager plugin to add Google reCAPTCHA to the registration page",400,11325,0,"2025-05-10T03:54:00.000Z","6.8.5","3.0","",[19,20,21,22,23],"affiliate","affiliates","affiliates-manager","captcha","google","https:\u002F\u002Fwpaffiliatemanager.com\u002Faffiliates-manager-google-recaptcha-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliates-manager-google-recaptcha-integration.zip",99,1,"2025-05-19 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-48233","affiliates-manager-google-recaptcha-integration-cross-site-request-forgery-to-stored-cross-site-scripting","Affiliates Manager Google reCAPTCHA Integration \u003C= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Affiliates Manager Google reCAPTCHA Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.6","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-05-28 16:47:37",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F54db4fef-f834-4026-a7ad-1fffaa3266b5?source=api-prod",10,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":45,"trust_score":50,"computed_at":51},6,910,93,89,"2026-04-04T09:53:47.909Z",[53,72,84,98,117],{"slug":54,"name":55,"version":56,"author":7,"author_profile":8,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":17,"tags":66,"homepage":69,"download_link":70,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"auto-woocommerce-affiliate-account-creation","Auto WooCommerce Affiliate Account Creation","1.1.3","\u003Cp>This addon allows you to automatically create affiliate accounts for your WooCommerce users.\u003C\u002Fp>\n\u003Cp>When customers create user accounts via WooCommerce, this addon will also create affiliate accounts for them.\u003C\u002Fp>\n\u003Cp>This addon requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faffiliates-manager\u002F\" rel=\"ugc\">Affiliates Manager Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Read the usage documentation \u003Ca href=\"https:\u002F\u002Fwpaffiliatemanager.com\u002Fautomatically-create-affiliate-account-woocommerce-customers\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Automatically create affiliate accounts for your WooCommerce users.",200,14738,100,2,"2025-01-21T22:59:00.000Z","6.7.5","3.8",[19,20,21,67,68],"integration","users","https:\u002F\u002Fwpaffiliatemanager.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-woocommerce-affiliate-account-creation.zip",92,{"slug":73,"name":74,"version":75,"author":7,"author_profile":8,"description":76,"short_description":77,"active_installs":61,"downloaded":78,"rating":13,"num_ratings":13,"last_updated":79,"tested_up_to":64,"requires_at_least":65,"requires_php":17,"tags":80,"homepage":82,"download_link":83,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"affiliates-manager-woocommerce-subscription-integration","Affiliates Manager WooCommerce Subscription Integration","1.1.5","\u003Cp>This addon allows you to integrate WooCommerce subscription extension with the Affiliates Manager plugin.\u003C\u002Fp>\n\u003Cp>When a recurring payment is charged, this addon will check to see if the original sale was referred to your site by an affiliate. It will then give appropriate commission to the affiliate.\u003C\u002Fp>\n\u003Cp>This addon requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faffiliates-manager\u002F\" rel=\"ugc\">Affiliates Manager Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Read the usage documentation \u003Ca href=\"https:\u002F\u002Fwpaffiliatemanager.com\u002Faffiliates-manager-woocommerce-subscription-integration\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Process an affiliate commission via Affiliates Manager plugin after a WooCommerce subscription payment",11383,"2025-01-21T22:53:00.000Z",[19,20,21,67,81],"woocommerce","https:\u002F\u002Fwpaffiliatemanager.com\u002Faffiliates-manager-woocommerce-subscription-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliates-manager-woocommerce-subscription-integration.zip",{"slug":85,"name":86,"version":87,"author":7,"author_profile":8,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":92,"tested_up_to":64,"requires_at_least":65,"requires_php":17,"tags":93,"homepage":96,"download_link":97,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"affiliates-manager-stripe-payments-integration","Affiliates Manager Stripe Payments Integration","1.0.2","\u003Cp>This addon allows you to integrate Stripe Payments with the Affiliates Manager plugin.\u003C\u002Fp>\n\u003Cp>When a user pays for an item on your site, this addon will check to see if the user was referred to by an affiliate. It will then give commission to the affiliate who referred the user.\u003C\u002Fp>\n\u003Cp>This addon requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faffiliates-manager\u002F\" rel=\"ugc\">Affiliates Manager\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstripe-payments\u002F\" rel=\"ugc\">Stripe Payments\u003C\u002Fa> plugins.\u003C\u002Fp>\n\u003Cp>Read the usage instructions \u003Ca href=\"https:\u002F\u002Fwpaffiliatemanager.com\u002Faffiliates-manager-stripe-payments-integration\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","Process an affiliate commission via Affiliates Manager after a Stripe Payments checkout",80,4295,"2025-01-21T22:51:00.000Z",[19,20,21,94,95],"payment","stripe","https:\u002F\u002Fwpaffiliatemanager.com\u002Faffiliates-manager-stripe-payments-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliates-manager-stripe-payments-integration.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":13,"num_ratings":13,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":115,"download_link":116,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"affiliates-recaptcha","Affiliates reCAPTCHA","2.3.0","itthinx","https:\u002F\u002Fprofiles.wordpress.org\u002Fitthinx\u002F","\u003Cp>Integrates \u003Ca href=\"http:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\" rel=\"nofollow ugc\">Google reCAPTCHA\u003C\u002Fa> with the affiliate registration of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faffiliates\u002F\" rel=\"ugc\">Affiliates\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\u002Fshop\u002Faffiliates-pro\u002F\" rel=\"nofollow ugc\">Affiliates Pro\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\u002Fshop\u002Faffiliates-enterprise\u002F\" rel=\"nofollow ugc\">Affiliates Enterprise\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This integration works with reCAPTCHA v2. It does not support reCAPTCHA v3.\u003C\u002Fp>\n\u003Cp>Configure it with your Site Key and Secret Key from Google reCAPTCHA. The reCAPTCHA will be displayed and verified on the affiliate registration form.\u003C\u002Fp>\n\u003Cp>The reCAPTCHA is displayed with the Affiliates Dashboard block, the Affiliates Dashboard Registration block and the  \u003Ccode>[affiliates_dashboard]\u003C\u002Fcode>, \u003Ccode>[affiliates_dashboard_registration]\u003C\u002Fcode> and \u003Ccode>[affiliates_registration]\u003C\u002Fcode> shortcodes.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faffiliates\u002F\" rel=\"ugc\">Affiliates\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\u002Fshop\u002Faffiliates-pro\u002F\" rel=\"nofollow ugc\">Affiliates Pro\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\u002Fshop\u002Faffiliates-enterprise\u002F\" rel=\"nofollow ugc\">Affiliates Enterprise\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Setup\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Get the Site and Secret reCAPTCHA keys for your site from http:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\u003C\u002Fli>\n\u003Cli>Go to \u003Cem>Affiliates > reCAPTCHA\u003C\u002Fem> and input the \u003Cem>Site Key\u003C\u002Fem> and the \u003Cem>Secret Key\u003C\u002Fem>.\u003C\u002Fli>\n\u003C\u002Fol>\n","Affiliates, Affiliates Pro and Affiliates Enterprise registration reCAPTCHA integration.",50,4378,"2025-12-20T16:43:00.000Z","6.9.4","6.5","7.4",[19,113,20,22,114],"affiliate-marketing","recaptcha","https:\u002F\u002Fgithub.com\u002Fitthinx\u002Faffiliates-recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliates-recaptcha.2.3.0.zip",{"slug":118,"name":119,"version":120,"author":102,"author_profile":103,"description":121,"short_description":122,"active_installs":45,"downloaded":123,"rating":13,"num_ratings":13,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":130,"download_link":131,"security_score":132,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"affiliates-captcha","Affiliates Captcha","1.0.1","\u003Cp>Activate and the Captcha will appear on the affiliate registration form when the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcaptcha\u002F\" rel=\"ugc\">Captcha\u003C\u002Fa> plugin is activated.\u003C\u002Fp>\n\u003Cp>Requirements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faffiliates\u002F\" rel=\"ugc\">Affiliates\u003C\u002Fa> or \u003Ca href=\"http:\u002F\u002Fwww.itthinx.com\u002Fshop\u002Faffiliates-pro\u002F\" rel=\"nofollow ugc\">Affiliates Pro\u003C\u002Fa> or \u003Ca href=\"http:\u002F\u002Fwww.itthinx.com\u002Fshop\u002Faffiliates-enterprise\u002F\" rel=\"nofollow ugc\">Affiliates Enterprise\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcaptcha\u002F\" rel=\"ugc\">Captcha\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Affiliates, Affiliates Pro and Affiliates Enterprise integration with the Captcha plugin.",2739,"2017-11-23T16:36:00.000Z","4.9.29","4.0.0","5.5.0",[19,113,20,22,129],"referral","https:\u002F\u002Fgithub.com\u002Fitthinx\u002Faffiliates-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliates-captcha.1.0.1.zip",85,{"attackSurface":134,"codeSignals":163,"taintFlows":174,"riskAssessment":212,"analyzedAt":222},{"hooks":135,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":13,"unprotectedCount":13},[136,142,146,150,155],{"type":137,"name":138,"callback":139,"priority":13,"file":140,"line":141},"action","init","plugin_init","affmgr-recaptcha-addon.php",30,{"type":137,"name":143,"callback":144,"file":140,"line":145},"admin_notices","admin_notice",31,{"type":137,"name":147,"callback":148,"file":140,"line":149},"wpam_after_main_admin_menu","google_recaptcha_do_admin_menu",32,{"type":151,"name":152,"callback":153,"file":140,"line":154},"filter","wpam_before_registration_submit_button","add_google_recaptcha_code",34,{"type":151,"name":156,"callback":157,"priority":45,"file":140,"line":158},"wpam_validate_registration_form_submission","validate_google_recaptcha_code",35,[],[],[],[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":13,"externalRequests":13,"nonceChecks":27,"capabilityChecks":13,"bundledLibraries":173},[],{"prepared":13,"raw":13,"locations":166},[],{"escaped":168,"rawEcho":27,"locations":169},7,[170],{"file":140,"line":171,"context":172},59,"raw output",[],[175,201],{"entryPoint":176,"graph":177,"unsanitizedCount":13,"severity":200},"wpam_google_recaptcha_admin_interface (affmgr-recaptcha-settings.php:3)",{"nodes":178,"edges":196},[179,185,190,194],{"id":180,"type":181,"label":182,"file":183,"line":184},"n0","source","$_REQUEST['wpam_google_recaptcha_site_key']","affmgr-recaptcha-settings.php",11,{"id":186,"type":187,"label":188,"file":183,"line":184,"wp_function":189},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":191,"type":181,"label":192,"file":183,"line":193},"n2","$_REQUEST['wpam_google_recaptcha_secret_key']",12,{"id":195,"type":187,"label":188,"file":183,"line":193,"wp_function":189},"n3",[197,199],{"from":180,"to":186,"sanitized":198},true,{"from":191,"to":195,"sanitized":198},"low",{"entryPoint":202,"graph":203,"unsanitizedCount":13,"severity":200},"\u003Caffmgr-recaptcha-settings> (affmgr-recaptcha-settings.php:0)",{"nodes":204,"edges":209},[205,206,207,208],{"id":180,"type":181,"label":182,"file":183,"line":184},{"id":186,"type":187,"label":188,"file":183,"line":184,"wp_function":189},{"id":191,"type":181,"label":192,"file":183,"line":193},{"id":195,"type":187,"label":188,"file":183,"line":193,"wp_function":189},[210,211],{"from":180,"to":186,"sanitized":198},{"from":191,"to":195,"sanitized":198},{"summary":213,"deductions":214},"The security posture of the 'affiliates-manager-google-recaptcha-integration' plugin v1.0.7 appears to be generally good, with no critical or high severity issues identified in the static analysis or taint flows. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and having a high percentage of properly escaped output. The presence of a nonce check also adds a layer of security against CSRF attacks.  However, the absence of any capability checks is a notable concern, as it suggests that certain actions performed by the plugin might not be properly restricted to authorized users.\n\nThe vulnerability history shows one known CVE, which has been patched. While this is positive, the fact that a CSRF vulnerability was present in the past indicates a potential area of weakness that warrants continued vigilance. The plugin's limited attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without authentication, is a strong point. However, the lack of capability checks on the few existing entry points (even if zero in this analysis) remains a potential risk if functionality is added later without proper authorization checks.\n\nOverall, the plugin is well-developed from a code hygiene perspective, particularly concerning database interactions and output sanitization. The previous CSRF vulnerability has been addressed, which is reassuring. The primary area for improvement lies in implementing capability checks to ensure robust authorization for all plugin functionalities. The current low risk profile is a testament to good development practices but should not lead to complacency, especially regarding authorization.",[215,217,220],{"reason":216,"points":45},"Missing capability checks on entry points",{"reason":218,"points":219},"1 medium severity CVE in history",5,{"reason":221,"points":62},"88% output escaping (not 100%)","2026-03-16T19:45:52.997Z",{"wat":224,"direct":232},{"assetPaths":225,"generatorPatterns":227,"scriptPaths":228,"versionParams":230},[226],"\u002Fwp-content\u002Fplugins\u002Faffiliates-manager-google-recaptcha-integration\u002Faffmgr-recaptcha-addon.php",[],[229],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js",[231],"affiliates-manager-google-recaptcha-integration\u002Faffmgr-recaptcha-addon.php?ver=",{"cssClasses":233,"htmlComments":235,"htmlAttributes":236,"restEndpoints":238,"jsGlobals":239,"shortcodeOutput":240},[234],"wpam_g_captcha",[],[237],"data-sitekey",[],[],[]]