WP-Safety

AffiliateWP – Sign Up Bonus Security & Risk Analysis

wordpress.org/plugins/affiliatewp-sign-up-bonus

Entice more affiliates to register by offering them a sign up bonus

400 active installs v1.3.1 PHP 7.4+ WP 5.2+ Updated May 8, 2025
affiliate-bonusaffiliatewpnew-affiliate-bonusregistration-bonussign-up-bonus
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AffiliateWP – Sign Up Bonus Safe to Use in 2026?

Generally Safe

Score 100/100

AffiliateWP – Sign Up Bonus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The static analysis of affiliatewp-sign-up-bonus v1.3.1 reveals a seemingly strong security posture with no identified dangerous functions, SQL injection vulnerabilities, file operations, or external HTTP requests. The absence of any identified taint flows, critical or high severity, further suggests that the code might be well-sanitized against common injection attacks. The plugin also boasts zero known CVEs, indicating a history of security diligence or a lack of prior exploitation.

However, the analysis also highlights significant areas of concern. The complete lack of nonces and capability checks across all identified code signals is a substantial weakness. While the attack surface is reported as zero, this likely means there are no publicly exposed AJAX handlers, REST API routes, or shortcodes in this version that the analysis could detect. If any functionality is present, its absence of proper authorization and integrity checks leaves it vulnerable to various attacks, especially if any hidden entry points exist or are introduced in future versions.

Despite the clean bill of health regarding known vulnerabilities and injection flaws, the lack of fundamental security controls like nonces and capability checks represents a significant risk. This absence means that even if no direct code execution vulnerabilities are present, an attacker could potentially manipulate the plugin's intended behavior through unauthorized actions or by exploiting a Cross-Site Request Forgery (CSRF) if any form of interaction is possible. The overall risk is moderate, leaning towards higher due to the missing essential security measures.

Key Concerns

  • No nonce checks found
  • No capability checks found
  • 60% of output escaping is not properly escaped
Vulnerabilities
None known

AffiliateWP – Sign Up Bonus Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

AffiliateWP – Sign Up Bonus Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

60% escaped5 total outputs
Attack Surface

AffiliateWP – Sign Up Bonus Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 7
actionaffwp_plugins_loadedaffiliatewp-sign-up-bonus.php:109
actionplugins_loadedaffiliatewp-sign-up-bonus.php:111
actionadmin_noticesincludes\class-activation.php:69
actionaffwp_insert_affiliateincludes\class-affiliatewp-sign-up-bonus.php:200
actionaffwp_set_affiliate_statusincludes\class-affiliatewp-sign-up-bonus.php:202
actionaffwp_new_affiliate_endincludes\class-affiliatewp-sign-up-bonus.php:204
filteraffwp_settings_integrationsincludes\class-affiliatewp-sign-up-bonus.php:206
Maintenance & Trust

AffiliateWP – Sign Up Bonus Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 8, 2025
PHP min version7.4
Downloads13K

Community Trust

Rating0/100
Number of ratings0
Active installs400
Alternatives

AffiliateWP – Sign Up Bonus Alternatives

AffiliateWP – Affiliate Area Tabs

AffiliateWP – Affiliate Area Tabs

affiliatewp-affiliate-area-tabs

A
100

Add and reorder tabs in AffiliateWP's Affiliate Area

4K No CVEs
AffiliateWP – Affiliate Product Rates

AffiliateWP – Affiliate Product Rates

affiliatewp-affiliate-product-rates

A
100

Allows you to set product referral rates on a per-affiliate level in AffiliateWP.

2K No CVEs
AffiliateWP – Order Details For Affiliates

AffiliateWP – Order Details For Affiliates

affiliatewp-order-details-for-affiliates

A
100

Allow affiliates to see order details on referrals they generated

2K No CVEs
AffiliateWP – Affiliate Info

AffiliateWP – Affiliate Info

affiliatewp-affiliate-info

A
100

Display information based on the affiliate's referral URL.

1K No CVEs
AffiliateWP – Affiliate QR Codes

AffiliateWP – Affiliate QR Codes

affiliatewp-affiliate-qr-codes

A
85

Allows affiliates to save, print, or share their affiliate URL as a QR code.

1K No CVEs
Developer Profile

AffiliateWP – Sign Up Bonus Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect AffiliateWP – Sign Up Bonus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/affiliatewp-sign-up-bonus/assets/css/affiliatewp-sign-up-bonus.css/wp-content/plugins/affiliatewp-sign-up-bonus/assets/js/affiliatewp-sign-up-bonus.js
Script Paths
/wp-content/plugins/affiliatewp-sign-up-bonus/assets/js/affiliatewp-sign-up-bonus.js
Version Parameters
affiliatewp-sign-up-bonus/assets/css/affiliatewp-sign-up-bonus.css?ver=affiliatewp-sign-up-bonus/assets/js/affiliatewp-sign-up-bonus.js?ver=

HTML / DOM Fingerprints

CSS Classes
affiliatewp-sign-up-bonus-requirements
Data Attributes
data-affwp-sb-referral-id
JS Globals
affwp_sign_up_bonus_params
FAQ

Frequently Asked Questions about AffiliateWP – Sign Up Bonus