WP-Safety

AffiliateX – Amazon Affiliate Plugin Security & Risk Analysis

wordpress.org/plugins/affiliatex

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K active installs v1.4.4.1 PHP 7.4+ WP 5.8+ Updated Apr 6, 2026
affiliateaffiliate-blocksaffiliate-marketingaffiliate-pluginamazon-affiliate
96
A · Safe
CVEs total3
Unpatched0
Last CVEJan 15, 2026
Plugin page Download
Safety Verdict

Is AffiliateX – Amazon Affiliate Plugin Safe to Use in 2026?

Generally Safe

Score 96/100

AffiliateX – Amazon Affiliate Plugin has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jan 15, 2026Updated 1mo ago
Risk Assessment

The affiliatex plugin v1.4.2.2 exhibits a mixed security posture. On the positive side, it demonstrates strong practices with 100% of SQL queries using prepared statements and a very high percentage (97%) of properly escaped output. The absence of dangerous functions, file operations, and taint flows with unsanitized paths are also encouraging signs. However, the plugin has a notable attack surface with 9 AJAX handlers, 4 of which lack authentication checks, presenting a significant concern. While there are no currently unpatched CVEs, the history of 3 medium severity vulnerabilities, including missing authorization and cross-site scripting, is a red flag, suggesting recurring security weaknesses in these areas. The last vulnerability being in 2026 also suggests this analysis might be based on future information or a typo.

Key Concerns

  • Unprotected AJAX handlers
  • History of medium severity vulnerabilities
  • Bundled Freemius v1.0 library
Vulnerabilities
3 published

AffiliateX – Amazon Affiliate Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-13859medium · 6.4Missing Authorization

AffiliateX 1.0.0 - 1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting via save_customization_settings

Jan 15, 2026 Patched in 1.4.0 (1d)
CVE-2025-69346medium · 4.3Missing Authorization

AffiliateX <= 1.3.9.3 - Missing Authorization

Jan 6, 2026 Patched in 1.4.0 (9d)
CVE-2024-49692medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AffiliateX <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 21, 2024 Patched in 1.2.9.1 (10d)
Version History

AffiliateX – Amazon Affiliate Plugin Release Timeline

v1.4.4.1Current
v1.4.4
v1.4.3.1
v1.4.3
v1.4.2.2
v1.4.2.1
v1.4.2
v1.4.1.2
v1.4.1.1
v1.4.1
v1.4.0
v1.3.9.32 CVEs
CVE-2025-13859 CVE-2025-69346
v1.3.9.22 CVEs
CVE-2025-13859 CVE-2025-69346
v1.3.9.12 CVEs
CVE-2025-13859 CVE-2025-69346
v1.3.92 CVEs
CVE-2025-13859 CVE-2025-69346
v1.3.8.22 CVEs
CVE-2025-13859 CVE-2025-69346
v1.3.8.12 CVEs
CVE-2025-13859 CVE-2025-69346
v1.3.82 CVEs
CVE-2025-13859 CVE-2025-69346
v1.3.7.22 CVEs
CVE-2025-13859 CVE-2025-69346
v1.3.7.12 CVEs
CVE-2025-13859 CVE-2025-69346
Code Analysis
Analyzed Mar 16, 2026

AffiliateX – Amazon Affiliate Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
433 escaped
Nonce Checks
6
Capability Checks
8
File Operations
0
External Requests
9
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

97% escaped445 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
save_block_settings (includes\functions\AjaxFunctions.php:68)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

AffiliateX – Amazon Affiliate Plugin Attack Surface

Entry Points14
Unprotected4

AJAX Handlers 9

noprivwp_ajax_get_template_libraryincludes\AffiliateXTemplateLibrary.php:62
authwp_ajax_get_template_libraryincludes\AffiliateXTemplateLibrary.php:63
authwp_ajax_get_elementor_template_libraryincludes\AffiliateXTemplateLibrary.php:66
authwp_ajax_affiliatex_get_fonts_listincludes\classes\class-ab-fonts-manager.php:884
authwp_ajax_get_block_settingsincludes\functions\AjaxFunctions.php:48
authwp_ajax_save_block_settingsincludes\functions\AjaxFunctions.php:49
authwp_ajax_get_customization_settingsincludes\functions\AjaxFunctions.php:50
authwp_ajax_save_customization_settingsincludes\functions\AjaxFunctions.php:51
authwp_ajax_affiliatex_notice_dismissedincludes\notice\NoticeBase.php:17

REST API Routes 5

POST/wp-json/affiliatex/v1/api/save-amazon-settingsincludes\amazon\admin\AmazonSettings.php:32
GET/wp-json/affiliatex/v1/api/get-amazon-settingsincludes\amazon\admin\AmazonSettings.php:44
GET/wp-json/affiliatex/v1/api/get-amazon-countriesincludes\amazon\admin\AmazonSettings.php:56
GET/wp-json/affiliatex/v1/api/get-amazon-statusincludes\amazon\admin\AmazonSettings.php:68
GET/wp-json/affiliatex/v1/api/get-usage-statsincludes\amazon\admin\AmazonSettings.php:80
WordPress Hooks 36
actioninitincludes\AffiliateX.php:105
actionenqueue_block_editor_assetsincludes\AffiliateXAdmin.php:34
actionelementor/editor/after_enqueue_scriptsincludes\AffiliateXAdmin.php:35
filterblock_categories_allincludes\AffiliateXAdmin.php:36
actionadmin_enqueue_scriptsincludes\AffiliateXAdmin.php:37
actionadmin_enqueue_scriptsincludes\AffiliateXAdmin.php:39
actionadmin_menuincludes\AffiliateXAdmin.php:41
actionwp_enqueue_scriptsincludes\AffiliateXPublic.php:34
actionwpincludes\AffiliateXPublic.php:35
actionwp_headincludes\AffiliateXPublic.php:36
actioninitincludes\AffiliateXTemplateLibrary.php:59
actioninitincludes\AffiliateXTemplateLibrary.php:60
actionaffiliatex_daily_template_updateincludes\AffiliateXTemplateLibrary.php:61
actionelementor/initincludes\AffiliateXWidgets.php:30
filteraffiliatex_widgets_before_initincludes\AffiliateXWidgets.php:31
actionrest_api_initincludes\amazon\admin\AmazonSettings.php:23
actioninitincludes\blocks\BaseBlock.php:41
actionenqueue_block_editor_assetsincludes\blocks\BaseBlock.php:42
actionelementor/controls/controls_registeredincludes\elementor\ControlsManager.php:51
actionelementor/editor/after_enqueue_scriptsincludes\elementor\ElementorManager.php:24
actionelementor/icons_manager/additional_tabsincludes\elementor\ElementorManager.php:25
actionelementor/editor/after_enqueue_stylesincludes\elementor\ElementorManager.php:26
actionelementor/preview/enqueue_stylesincludes\elementor\ElementorManager.php:27
actionelementor/widgets/registerincludes\elementor\WidgetManager.php:37
actionelementor/elements/categories_registeredincludes\elementor\WidgetManager.php:40
actionelementor/frontend/after_enqueue_stylesincludes\elementor\WidgetManager.php:43
actionelementor/editor/after_enqueue_stylesincludes\elementor\WidgetManager.php:44
actionelementor/preview/enqueue_scriptsincludes\elementor\WidgetManager.php:45
actionwp_enqueue_scriptsincludes\elementor\WidgetManager.php:48
actioninitincludes\migration\MigrationManager.php:21
actionadmin_enqueue_scriptsincludes\notice\AdminNoticeManager.php:32
actionadmin_initincludes\notice\CampaignNoticeHandler.php:14
actionadmin_initincludes\notice\CampaignNoticeHandler.php:15
actionadmin_noticesincludes\notice\NoticeBase.php:16
actionadmin_initincludes\notice\NoticeHandler.php:16
actionadmin_enqueue_scriptsincludes\notice\NoticeHandler.php:17

Scheduled Events 1

affiliatex_daily_template_update
Maintenance & Trust

AffiliateX – Amazon Affiliate Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 6, 2026
PHP min version7.4
Downloads438K

Community Trust

Rating90/100
Number of ratings32
Active installs10K
Alternatives

AffiliateX – Amazon Affiliate Plugin Alternatives

Boxyfy – Ultimate Affiliate Tool: Product Boxes, Price Alerts, Heatmap and AI

Boxyfy – Ultimate Affiliate Tool: Product Boxes, Price Alerts, Heatmap and AI

boxyfy

A
100

Build engaging product pages with dynamic rankings, product boxes, comparison tables, price charts, and real-time Amazon data retrieval.

0 No CVEs
YITH WooCommerce Affiliates

YITH WooCommerce Affiliates

yith-woocommerce-affiliates

A
99

YITH WooCommerce Affiliates allows you to create affiliate profiles and grant your affiliates earnings each time someone purchases from their link.

7K 1 CVE
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

simple-urls

A
98

Simple URLs helps you to manage links, create product displays, and grow your affiliate marketing business.

4K 6 CVEs
Amazing Affiliates – Toolkit for Amazon Associates with Amazon Product Blocks and Amazon PAAPI5 / Creators API integration

Amazing Affiliates – Toolkit for Amazon Associates with Amazon Product Blocks and Amazon PAAPI5 / Creators API integration

amazingaffiliates

A
100

Monetize your Amazon Affiliate Income with Amazon API Integration & Amazon Product Blocks!

700 No CVEs
Coupon Plugin

Coupon Plugin

coupon-lite

B
70

A powerful coupon plugin for affiliate marketers and bloggers to create responsive and customizable coupon and deal boxes in WordPress.

300 1 unpatched
Developer Profile

AffiliateX – Amazon Affiliate Plugin Developer Profile

WPCenter

1 plugin · 10K total installs

97
trust score
Avg Security Score
96/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect AffiliateX – Amazon Affiliate Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/affiliatex/build/adminJS.js/wp-content/plugins/affiliatex/build/dashboard.css/wp-content/plugins/affiliatex/build/admin.css/wp-content/plugins/affiliatex/assets/css/toastr.min.css/wp-content/plugins/affiliatex/build/adminCSS.css
Script Paths
/wp-content/plugins/affiliatex/build/adminJS.js
Version Parameters
affiliatex/style.css?ver=affiliatex/script.js?ver=affiliatex/build/adminJS.js?ver=affiliatex/build/dashboard.css?ver=affiliatex/build/admin.css?ver=affiliatex/assets/css/toastr.min.css?ver=affiliatex/build/adminCSS.css?ver=

HTML / DOM Fingerprints

CSS Classes
affiliatex-adminaffx-googlefontsaffiliatex-dashboardaffiliatex-options-style-csstoastraffiliatex-admin-css
Data Attributes
data-affiliatex-admin
JS Globals
AffiliateXAdmin
FAQ

Frequently Asked Questions about AffiliateX – Amazon Affiliate Plugin