Does asAffili have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is asAffili compatible with WordPress 5.3.21?

According to WordPress.org data, asAffili 1.1.1 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

Is asAffili compatible with PHP 5.2.4+?

asAffili requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is asAffili updated?

asAffili was last updated on Jan 5, 2020. Frequent updates are generally a positive security signal.

What is asAffili's security score?

asAffili has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

asAffili Security — No Known CVEs

Safety Verdict

Is asAffili Safe to Use in 2026?

Generally Safe

Score 85/100

asAffili has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

This plugin exhibits a concerning security posture, primarily due to a significant attack surface that is largely unprotected. With 14 total entry points, a striking 12 are exposed without any authentication checks. This, combined with 11 high-severity taint flows involving unsanitized paths, strongly suggests a high likelihood of remote code execution or data compromise vulnerabilities. While the plugin does not appear to have a history of disclosed vulnerabilities (CVEs), this absence might be due to a lack of scrutiny rather than inherent security. The heavy reliance on prepared statements for SQL queries and the relatively good handling of output escaping in some areas are positive signs, but they are overshadowed by the critical lack of authorization checks on its numerous AJAX endpoints and the presence of untrusted data flowing through the application.

Key Concerns

Large attack surface without auth checks
High severity taint flows with unsanitized paths
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

None known

asAffili Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

asAffili Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

asAffili Code Analysis

Dangerous Functions

0

Raw SQL Queries

1

27 prepared

Unescaped Output

181

196 escaped

Nonce Checks

0

Capability Checks

0

File Operations

8

External Requests

0

Bundled Libraries

0

SQL Query Safety

96% prepared28 total queries

Output Escaping

52% escaped377 total outputs

Data Flows · Security

13 unsanitized

Data Flow Analysis

13 flows13 with unsanitized paths

ajax_asaffili_head_print (admin\imports.php:874)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

12 unprotected

asAffili Attack Surface

Entry Points14

Unprotected12

AJAX Handlers 12

authwp_ajax_asaffili-set-catidadmin\imports.php:108

authwp_ajax_asaffili-del-catidadmin\imports.php:109

authwp_ajax_asaffili-noimport-catidadmin\imports.php:110

authwp_ajax_asaffilinewcatstradmin\imports.php:112

noprivwp_ajax_asaffilinewcatstradmin\imports.php:113

authwp_ajax_asaffili-head-printadmin\imports.php:115

authwp_ajax_asaffili-read-importadmin\imports.php:116

authwp_ajax_asaffili-import-file2admin\imports.php:118

authwp_ajax_asaffili-import-file2-setdateadmin\imports.php:119

authwp_ajax_asaffili-stat-delcatadmin\imports.php:120

authwp_ajax_asaffili-stat-delpostsadmin\imports.php:121

authwp_ajax_asaffili-stat-delpostsoldadmin\imports.php:122

Shortcodes 2

[asaffili_products_page] public\shortcode-asaffili-products.php:7

[asaffili_products] public\shortcode-asaffili-products.php:8

WordPress Hooks 15

actionadmin_menuadmin\admin.php:9

actionwp_enqueue_scriptsadmin\admin.php:10

actionplugins_loadedadmin\admin.php:14

actioninitadmin\imports.php:103

actionadmin_initadmin\imports.php:104

actionsave_postadmin\imports.php:105

actionadmin_enqueue_scriptsadmin\imports.php:106

filtermanage_edit-asaffili_imports_columnsadmin\imports.php:124

actionmanage_asaffili_imports_posts_custom_columnadmin\imports.php:125

filtermanage_edit-asaffili_imports_sortable_columnsadmin\imports.php:126

actionadmin_initadmin\options.php:7

actioninitadmin\products.php:7

actionadmin_initadmin\products.php:8

actionsave_postadmin\products.php:9

filterthe_contentpublic\shortcode-asaffili-products.php:10

Maintenance & Trust

asAffili Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedJan 5, 2020

PHP min version5.2.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

asAffili Alternatives

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

A

90

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

A

95

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

betterlinks

A

98

Ultimate plugin to create, shorten, track and manage any URL. Gather analytics reports and run successful marketing campaigns easily.

20K 3 CVEs

Content Egg – Affiliate Product Importer & Price Comparison

content-egg

A

96

Import affiliate products, compare prices, sync to WooCommerce, and auto-generate SEO content with AI — all in one toolkit.

10K 3 CVEs

URL Shortify – Simple and Easy URL Shortener

url-shortify

A

92

URL Shortify helps you beautify, manage, share & cloak any links on or off your WordPress website. Create links using your domain name!

10K 9 CVEs

Developer Profile

asAffili Developer Profile

Alexander Süß

1 plugin · 0 total installs

84

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect asAffili

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/asaffili/assets/css/asaffili.css

HTML / DOM Fingerprints

FAQ

asAffili Security & Risk Analysis