Does Affiliate Super Assistent have any unpatched vulnerabilities?

No. All known vulnerabilities in Affiliate Super Assistent have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Affiliate Super Assistent compatible with WordPress 6.9.0?

According to WordPress.org data, Affiliate Super Assistent 1.9.0 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is Affiliate Super Assistent compatible with PHP 8.1+?

Affiliate Super Assistent requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Affiliate Super Assistent updated?

Affiliate Super Assistent was last updated on Jan 28, 2026. Frequent updates are generally a positive security signal.

What is Affiliate Super Assistent's security score?

Affiliate Super Assistent has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Affiliate Super Assistent Security & Risk Analysis

wordpress.org/plugins/amazonsimpleadmin

The flexible plugin for WordPress affiliates working with Amazon. Create your own templates, embed products by use of [asa]ASIN[/asa] shortcodes

2K active installs v1.9.0 PHP 8.1+ WP 5.1+ Updated Jan 28, 2026

affiliateamazoncommissionmarketingmonetize

A · Safe

CVEs total2

Unpatched0

Last CVESep 9, 2024

Plugin page Download

Safety Verdict

Is Affiliate Super Assistent Safe to Use in 2026?

Generally Safe

Score 98/100

Affiliate Super Assistent has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 9, 2024Updated 2mo ago

Risk Assessment

The amazonsimpleadmin plugin version 1.9.0 exhibits a mixed security posture. While it demonstrates good practices in areas like utilizing prepared statements for SQL queries (89%) and a significant number of capability checks (26), there are notable areas of concern. The presence of two AJAX handlers without proper authentication checks presents a direct attack vector, as does the fact that 5 out of 8 analyzed taint flows had unsanitized paths, with 3 identified as high severity. This suggests potential for vulnerabilities like arbitrary file access or command execution if these flows are exploitable.

The plugin's vulnerability history, with 2 known CVEs including a high and a medium severity issue, further reinforces these concerns. The common vulnerability types indicate past instances of code injection and CSRF, which are critical security flaws. The fact that the last vulnerability was recently discovered (2024-09-09) and is currently patched suggests a recurring pattern of security weaknesses that require diligent patching.

Overall, while the plugin incorporates some security features, the unprotected entry points and high-severity taint flows, coupled with its historical vulnerability record, indicate a moderate to high risk. The plugin requires careful monitoring and potentially more robust input validation and authorization checks to mitigate the identified risks.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Unpatched high severity CVE
Unpatched medium severity CVE
Unsanitized paths in taint flows
Bundled library Guzzle

Vulnerabilities

Affiliate Super Assistent Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2024-8478high · 7.3Improper Control of Generation of Code ('Code Injection')

Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution

Sep 9, 2024 Patched in 1.5.4 (1d)

CVE-2023-27417medium · 4.3Cross-Site Request Forgery (CSRF)

Affiliate Super Assistent <= 1.5.1 - Cross-Site Request Forgery to Settings Update and Cache Clearing

Mar 8, 2023 Patched in 1.5.2 (321d)

Code Analysis

Analyzed Mar 16, 2026

Affiliate Super Assistent Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

157 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

89% prepared19 total queries

Output Escaping

68% escaped232 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths

asa_async_load_callback (include\asa_ajax_callback.php:9)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Affiliate Super Assistent Attack Surface

Entry Points6

Unprotected2

AJAX Handlers 4

authwp_ajax_asa_load_feed_newsinclude\asa_actions.php:39

authwp_ajax_asa_load_setup_bannerinclude\asa_actions.php:46

authwp_ajax_asa_async_loadinclude\asa_ajax_callback.php:3

noprivwp_ajax_asa_async_loadinclude\asa_ajax_callback.php:4

Shortcodes 2

[asa] AsaCore.php:260

[asa_collection] AsaCore.php:261

WordPress Hooks 23

actioninitAsaCapabilities.php:43

actionadmin_menuAsaCore.php:257

filterthe_excerptAsaCore.php:264

filterthe_excerpt_feedAsaCore.php:265

filterthe_excerpt_rssAsaCore.php:266

filterthe_content_feedAsaCore.php:267

filterthe_content_rssAsaCore.php:268

filterwidget_textAsaCore.php:269

actionwp_metaAsaCore.php:272

filtercomment_textAsaCore.php:282

filterupgrader_pre_installAsaCore.php:285

filterupgrader_post_installAsaCore.php:286

actionin_plugin_update_message-amazonsimpleadmin/amazonsimpleadmin.phpAsaCore.php:287

filterplugin_action_links_amazonsimpleadmin/amazonsimpleadmin.phpAsaCore.php:288

actioninitAsaCore.php:374

actionadmin_headAsaCore.php:665

actionadmin_noticesAsaCore.php:4006

actioninitAsaEmail.php:49

actionwidgets_initAsaWidget.php:206

actionadmin_enqueue_scriptsinclude\asa_actions.php:8

actionadmin_footerinclude\asa_actions.php:12

actionadmin_enqueue_scriptsinclude\asa_php_functions.php:159

filterasa_admin_pointers-settings_page_amazonsimpleadmin/amazonsimpleadmininclude\asa_pointers.php:2

Maintenance & Trust

Affiliate Super Assistent Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedJan 28, 2026

PHP min version8.1

Downloads194K

Community Trust

Rating92/100

Number of ratings36

Active installs2K

Alternatives

Affiliate Super Assistent Alternatives

AffiliateX – Amazon Affiliate Plugin

affiliatex

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K 3 CVEs

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

simple-urls

Simple URLs helps you to manage links, create product displays, and grow your affiliate marketing business.

4K 6 CVEs

Amazing Affiliates – Toolkit for Amazon Associates with Amazon Product Blocks and PAAPI5 Amazon API integration

amazingaffiliates

100

Monetize your Amazon Affiliate Income with Amazon API Integration & Amazon Product Blocks!

600 No CVEs

AmaSync – Amazon Product Importer & Affiliate for WooCommerce

affiliate-products-importer-for-woocommerce

100

Easily import Amazon affiliate products into your WooCommerce store.

300 No CVEs

Affiliate Amazon Shortcode

affiliate-amazon-shortcode

100

Display Amazon products with customizable shortcodes. Now with Amazon Creators API support, smart caching, and automatic throttling protection.

200 No CVEs

Developer Profile

Affiliate Super Assistent Developer Profile

Timo

2 plugins · 3K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

158 days

View full developer profile

Detection Fingerprints

How We Detect Affiliate Super Assistent

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/amazonsimpleadmin/css/bootstrap.min.css/wp-content/plugins/amazonsimpleadmin/css/bootstrap-theme.min.css/wp-content/plugins/amazonsimpleadmin/css/font-awesome.min.css/wp-content/plugins/amazonsimpleadmin/css/jquery.fancybox.css/wp-content/plugins/amazonsimpleadmin/css/colorpicker.css/wp-content/plugins/amazonsimpleadmin/css/admin.css/wp-content/plugins/amazonsimpleadmin/css/frontend.css/wp-content/plugins/amazonsimpleadmin/js/bootstrap.min.js+7 more

Script Paths

/wp-content/plugins/amazonsimpleadmin/js/bootstrap.min.js/wp-content/plugins/amazonsimpleadmin/js/bootstrap-tooltip.js/wp-content/plugins/amazonsimpleadmin/js/jquery.fancybox.pack.js/wp-content/plugins/amazonsimpleadmin/js/colorpicker.js/wp-content/plugins/amazonsimpleadmin/js/admin.js/wp-content/plugins/amazonsimpleadmin/js/frontend.js+1 more

Version Parameters

amazonsimpleadmin/css/bootstrap.min.css?ver=amazonsimpleadmin/css/bootstrap-theme.min.css?ver=amazonsimpleadmin/css/font-awesome.min.css?ver=amazonsimpleadmin/css/jquery.fancybox.css?ver=amazonsimpleadmin/css/colorpicker.css?ver=amazonsimpleadmin/css/admin.css?ver=amazonsimpleadmin/css/frontend.css?ver=amazonsimpleadmin/js/bootstrap.min.js?ver=amazonsimpleadmin/js/bootstrap-tooltip.js?ver=amazonsimpleadmin/js/jquery.fancybox.pack.js?ver=amazonsimpleadmin/js/colorpicker.js?ver=amazonsimpleadmin/js/admin.js?ver=amazonsimpleadmin/js/frontend.js?ver=amazonsimpleadmin/js/jquery.validate.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

asa_tooltipasa_tabasa_collection_item_previewasa_amazon_product_linkasa_price_nowrap

HTML Comments

Data Attributes

data-asa-asindata-asa-countrydata-asa-tracking-iddata-asa-image-sizedata-asa-template-iddata-asa-show-price

JS Globals

ASAASA1_DEBUG_OFFERS_V2ASA_COLLECTION_ITEM_PREVIEW_AJAX_URLASA_AJAX_URL

Shortcode Output

[asa][/asa][asa_collection][/asa_collection]

FAQ