Does Cashback have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Cashback compatible with WordPress 4.7.33?

According to WordPress.org data, Cashback 1.1.0 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Cashback updated?

Cashback was last updated on Jun 2, 2017. Frequent updates are generally a positive security signal.

What is Cashback's security score?

Cashback has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cashback Security & Risk Analysis

wordpress.org/plugins/cashback

Members of 24/7 Discount receive cashback at over 2,500 shops. Aside from famous brands such as Zalando, Bol.com and Wehkamp many small retailers are …

0 active installs v1.1.0 PHP + WP 3.0.1+ Updated Jun 2, 2017

advertisingdiscountposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Cashback Safe to Use in 2026?

Generally Safe

Score 85/100

Cashback has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "cashback" plugin v1.1.0 exhibits a concerning security posture due to a significant number of unprotected entry points. All five identified AJAX handlers lack authentication checks, creating a substantial attack surface that could be exploited by unauthenticated users. The taint analysis reveals one high-severity flow with unsanitized paths, indicating a potential for code injection or other malicious operations if this flow is triggered with user-controlled input. While the plugin employs prepared statements for all SQL queries and has no recorded vulnerability history, these strengths are overshadowed by the critical flaw of unprotected AJAX endpoints.

The presence of dangerous functions like `set_time_limit` warrants careful review, as these can be misused. The low percentage of properly escaped output (24%) is another significant weakness, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is not correctly sanitized before being displayed. Despite the absence of known CVEs, the identified code signals and taint analysis present clear and immediate risks that require remediation.

Key Concerns

All AJAX handlers lack authentication checks
High severity unsanitized path in taint analysis
Only 24% of outputs are properly escaped
Presence of dangerous function set_time_limit
No nonce checks on AJAX handlers

Vulnerabilities

None known

Cashback Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Cashback Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Cashback Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

set_time_limitset_time_limit(30);includes/CashBackContentScanner.php:75

set_time_limitset_time_limit(30);includes/CashBackContentScanner.php:85

set_time_limitset_time_limit(30);includes/CashBackContentScanner.php:174

set_time_limitset_time_limit(30);includes/CashBackInstaller.php:99

SQL Query Safety

100% prepared18 total queries

Output Escaping

24% escaped49 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

adminProcessLogin (includes/CashBackAdminPanel.php:344)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Cashback Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_c247_process_registercashback.php:46

authwp_ajax_c247_process_logincashback.php:47

authwp_ajax_c247_process_imagecashback.php:48

authwp_ajax_c247_installcashback.php:67

authwp_ajax_c247_status_installcashback.php:68

WordPress Hooks 13

actionadmin_menucashback.php:41

actionadmin_enqueue_scriptscashback.php:42

actionadmin_initcashback.php:43

actionadmin_initcashback.php:44

actionadmin_initcashback.php:45

actionsave_postcashback.php:49

actionplugins_loadedcashback.php:56

filterthe_contentcashback.php:59

filterthe_contentcashback.php:60

actionc247_daily_updatecashback.php:63

actionc247_hourly_updatecashback.php:64

actionwp_enqueue_scriptscashback.php:81

actionadmin_initcashback.php:88

Scheduled Events 2

c247_daily_update

c247_hourly_update

Maintenance & Trust

Cashback Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedJun 2, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Cashback Alternatives

All-in-one Widget

all-in-one-widget

Add fundamental functionality to your WordPress sidebars with a set of proper widgets.

100 No CVEs

FS Revenue Maximizer

fs-revenue-mazimizer

Adds your Adsense or any other ads inside your content ( after the first or second paragraph ), enabling you to increase your revenue 10 times.

10 No CVEs

Duplicate Page

duplicate-page

Duplicate Posts, Pages and Custom Posts easily using single click

3.0M 3 CVEs

Post Types Order

post-types-order

100

Sort posts and custom post type objects using a drag-and-drop, sortable JavaScript AJAX interface, or through the default WordPress dashboard

600K No CVEs

Intuitive Custom Post Order

intuitive-custom-post-order

Intuitively reorder Posts, Pages, Custom Post Types, Taxonomies, and Sites with a simple drag-and-drop interface.

400K 4 CVEs

Developer Profile

Cashback Developer Profile

hotshopper

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Cashback

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cashback/assets/css/c247.css/wp-content/plugins/cashback/assets/js/c247.js

Script Paths

/wp-content/plugins/cashback/assets/js/c247.js

Version Parameters

cashback/assets/css/c247.css?ver=cashback/assets/js/c247.js?ver=

HTML / DOM Fingerprints

CSS Classes

c247-css

Data Attributes

c247-disabledc247_keywordsc247_keywords_statusc247_total_postsc247_replace_existing_linksc247_disable_offers+1 more

JS Globals

c247_keywords_statusc247_total_posts

REST Endpoints

/wp-json/cashback/v1/offers/wp-json/cashback/v1/settings/wp-json/cashback/v1/profile

FAQ