WP-Safety

Easy Affiliate Links Security & Risk Analysis

wordpress.org/plugins/easy-affiliate-links

Easily manage and cloak all your affiliate links.

8K active installs v3.8.1 PHP + WP 3.5+ Updated Jan 20, 2026
affiliatecloakinglinksshortlink
98
A · Safe
CVEs total3
Unpatched0
Last CVEJun 27, 2024
Plugin page Download
Safety Verdict

Is Easy Affiliate Links Safe to Use in 2026?

Generally Safe

Score 98/100

Easy Affiliate Links has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 27, 2024Updated 2mo ago
Risk Assessment

The 'easy-affiliate-links' plugin v3.8.1 presents a mixed security posture. While it demonstrates good practices such as a high percentage of properly escaped output and numerous nonce and capability checks, there are significant areas of concern. The presence of an unprotected REST API route is a critical vulnerability, allowing unauthenticated access to potentially sensitive operations. Furthermore, the taint analysis revealing three flows with unsanitized paths, even without critical or high severity flags, indicates a potential for vulnerabilities if these paths are exploited. The plugin's vulnerability history, with three medium severity CVEs, two of which were historically related to missing authorization and cross-site scripting, suggests a recurring pattern of weaknesses that need continuous attention and rigorous patching. Although there are currently no unpatched vulnerabilities, the past indicates a need for vigilance. Overall, the plugin has strengths in its coding practices but requires immediate attention to its exposed entry points and historical vulnerability trends.

Key Concerns

  • Unprotected REST API route
  • Flows with unsanitized paths
  • Medium severity CVEs in history
  • Historically common vulnerability types (XSS, Missing Auth)
Vulnerabilities
3

Easy Affiliate Links Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-5864medium · 4.3Missing Authorization

Easy Affiliate Links <= 3.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

Jun 27, 2024 Patched in 3.7.4 (1d)
CVE-2024-34441medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Affiliate Links <= 3.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2024 Patched in 3.7.3 (9d)
CVE-2023-0375medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Affiliate Links <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Settings

Jan 24, 2023 Patched in 3.7.1 (364d)
Code Analysis
Analyzed Mar 16, 2026

Easy Affiliate Links Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
7 prepared
Unescaped Output
27
153 escaped
Nonce Checks
11
Capability Checks
22
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

58% prepared12 total queries

Output Escaping

85% escaped180 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
cleanup_page (includes\admin\class-eafl-statistics.php:120)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Easy Affiliate Links Attack Surface

Entry Points22
Unprotected1

AJAX Handlers 8

authwp_ajax_eafl_feedbackincludes\admin\class-eafl-feedback.php:30
authwp_ajax_eafl_reset_settingsincludes\admin\class-eafl-tools-manager.php:38
authwp_ajax_eafl_find_relationsincludes\admin\tools\class-eafl-tools-find-relations.php:29
authwp_ajax_eafl_register_clickincludes\public\class-eafl-clicks.php:36
noprivwp_ajax_eafl_register_clickincludes\public\class-eafl-clicks.php:37
authwp_ajax_eafl_get_linkincludes\public\class-eafl-link-manager.php:37
authwp_ajax_eafl_search_linksincludes\public\class-eafl-link-manager.php:38
authwp_ajax_eafl_save_linkincludes\public\class-eafl-link-saver.php:28

REST API Routes 13

DELETE/wp-json/easy-affiliate-links/v1/click/(?P<id>\d+)includes\public\api\class-eafl-api-clicks.php:38
DELETE/wp-json/easy-affiliate-links/v1/click/link/(?P<id>\d+)includes\public\api\class-eafl-api-clicks.php:48
POST/wp-json/easy-affiliate-links/v1/manage/categoriesincludes\public\api\class-eafl-api-manage-categories.php:38
POST/wp-json/easy-affiliate-links/v1/manage/categories/bulkincludes\public\api\class-eafl-api-manage-categories.php:43
POST/wp-json/easy-affiliate-links/v1/manage/categories/mergeincludes\public\api\class-eafl-api-manage-categories.php:48
POST/wp-json/easy-affiliate-links/v1/manage/clicksincludes\public\api\class-eafl-api-manage-clicks.php:38
POST/wp-json/easy-affiliate-links/v1/manage/clicks/bulkincludes\public\api\class-eafl-api-manage-clicks.php:43
DELETE/wp-json/easy-affiliate-links/v1/manage/clicks/(?P<id>\d+)includes\public\api\class-eafl-api-manage-clicks.php:48
POST/wp-json/easy-affiliate-links/v1/manage/linksincludes\public\api\class-eafl-api-manage-links.php:38
POST/wp-json/easy-affiliate-links/v1/manage/links/bulkincludes\public\api\class-eafl-api-manage-links.php:43
POST/wp-json/easy-affiliate-links/v1/manage/relationsincludes\public\api\class-eafl-api-manage-relations.php:38
DELETE/wp-json/easy-affiliate-links/v1/noticeincludes\public\api\class-eafl-api-notices.php:38
POST/wp-json/easy-affiliate-links/v1/search/linksincludes\public\api\class-eafl-api-search.php:38

Shortcodes 1

[eafl] includes\public\class-eafl-shortcode.php:34
WordPress Hooks 84
actioneafl_modal_noticeincludes\admin\class-eafl-feedback.php:28
actionadmin_menuincludes\admin\class-eafl-manage-modal.php:28
actionadmin_footerincludes\admin\class-eafl-manage-modal.php:29
actionadmin_enqueue_scriptsincludes\admin\class-eafl-manage-modal.php:31
actionadmin_menuincludes\admin\class-eafl-marketing.php:80
filtereafl_admin_noticesincludes\admin\class-eafl-marketing.php:81
actionadmin_initincludes\admin\class-eafl-migrations.php:36
actionadmin_menuincludes\admin\class-eafl-migrations.php:37
filtereafl_admin_noticesincludes\admin\class-eafl-notices.php:28
filtereafl_admin_noticesincludes\admin\class-eafl-notices.php:29
filtereafl_admin_noticesincludes\admin\class-eafl-notices.php:30
actionadmin_initincludes\admin\class-eafl-permalinks.php:28
actionadmin_initincludes\admin\class-eafl-privacy.php:28
filterwp_privacy_personal_data_exportersincludes\admin\class-eafl-privacy.php:29
actionadmin_menuincludes\admin\class-eafl-statistics.php:28
actioneafl_statistics_pageincludes\admin\class-eafl-statistics.php:29
filtereafl_statistics_tabsincludes\admin\class-eafl-statistics.php:30
actionadmin_post_eafl_statistics_cleanupincludes\admin\class-eafl-statistics.php:32
actioneafl_migration_pageincludes\admin\class-eafl-statistics.php:33
actionadmin_menuincludes\admin\class-eafl-tools-manager.php:37
filtereafl_toolsincludes\admin\class-eafl-tools-manager.php:40
filtereafl_import_export_tabsincludes\admin\import-export\class-eafl-ie-export-csv.php:28
actioneafl_import_export_pageincludes\admin\import-export\class-eafl-ie-export-csv.php:29
filtereafl_import_export_tabsincludes\admin\import-export\class-eafl-ie-export-xml.php:28
actioneafl_import_export_pageincludes\admin\import-export\class-eafl-ie-export-xml.php:29
filtereafl_import_export_tabsincludes\admin\import-export\class-eafl-ie-import-csv.php:28
actioneafl_import_export_pageincludes\admin\import-export\class-eafl-ie-import-csv.php:29
filtereafl_import_export_tabsincludes\admin\import-export\class-eafl-ie-import-xml.php:28
actioneafl_import_export_pageincludes\admin\import-export\class-eafl-ie-import-xml.php:29
actionadmin_menuincludes\admin\import-export\class-eafl-import-export.php:28
actionadmin_menuincludes\admin\menu\class-eafl-admin-menu-addons.php:28
actionadmin_initincludes\admin\menu\class-eafl-admin-menu-faq.php:28
actionadmin_head-affiliate-links_page_eafl_faqincludes\admin\menu\class-eafl-admin-menu-faq.php:29
actionadmin_menuincludes\admin\menu\class-eafl-admin-menu-faq.php:30
actionadmin_menuincludes\admin\menu\class-eafl-admin-menu.php:28
actioncurrent_screenincludes\admin\migrations\eafl-2-1-0-clicks-db.php:27
actioneafl_migration_pageincludes\admin\migrations\eafl-2-1-0-clicks-db.php:28
actionadmin_noticesincludes\admin\migrations\eafl-2-1-0-clicks-db.php:42
actioninitincludes\admin\tinymce\class-eafl-button.php:28
filtermce_external_pluginsincludes\admin\tinymce\class-eafl-button.php:38
filtermce_buttonsincludes\admin\tinymce\class-eafl-button.php:39
filtermce_external_pluginsincludes\admin\tinymce\class-eafl-shortcode-preview.php:28
actionadmin_menuincludes\admin\tools\class-eafl-tools-find-relations.php:28
filtereafl_toolsincludes\admin\tools\class-eafl-tools-find-relations.php:31
actioninitincludes\class-eafl-i18n.php:31
actionplugins_loadedincludes\class-easy-affiliate-links.php:49
actionadmin_noticesincludes\class-easy-affiliate-links.php:50
actionrest_api_initincludes\public\api\class-eafl-api-clicks.php:28
actionrest_api_initincludes\public\api\class-eafl-api-links.php:28
actionrest_api_initincludes\public\api\class-eafl-api-manage-categories.php:28
filterterms_clausesincludes\public\api\class-eafl-api-manage-categories.php:117
actionrest_api_initincludes\public\api\class-eafl-api-manage-clicks.php:28
actionrest_api_initincludes\public\api\class-eafl-api-manage-links.php:28
filterposts_whereincludes\public\api\class-eafl-api-manage-links.php:479
actionrest_api_initincludes\public\api\class-eafl-api-manage-relations.php:28
actionrest_api_initincludes\public\api\class-eafl-api-notices.php:28
actionrest_api_initincludes\public\api\class-eafl-api-search.php:28
actionwp_enqueue_scriptsincludes\public\class-eafl-assets.php:27
actionadmin_enqueue_scriptsincludes\public\class-eafl-assets.php:28
actionwp_headincludes\public\class-eafl-assets.php:29
actionenqueue_block_editor_assetsincludes\public\class-eafl-assets.php:30
actioninitincludes\public\class-eafl-blocks.php:27
actionplugins_loadedincludes\public\class-eafl-clicks-database.php:45
actionadmin_initincludes\public\class-eafl-clicks-database.php:46
filterwp_sitemaps_post_typesincludes\public\class-eafl-compatibility.php:27
filterwpseo_sitemap_exclude_post_typeincludes\public\class-eafl-compatibility.php:28
filterwpupg_output_item_classesincludes\public\class-eafl-compatibility.php:30
filterwpupg_output_item_dataincludes\public\class-eafl-compatibility.php:31
filterwpupg_output_item_linkincludes\public\class-eafl-compatibility.php:32
actionelementor/editor/before_enqueue_scriptsincludes\public\class-eafl-compatibility.php:34
filtereafl_link_shortcodeincludes\public\class-eafl-disclaimer.php:28
filterwp_insert_post_dataincludes\public\class-eafl-link-saver.php:30
actioninitincludes\public\class-eafl-post-type.php:28
actioninitincludes\public\class-eafl-post-type.php:29
filterwp_link_query_argsincludes\public\class-eafl-post-type.php:68
filterrest_post_search_queryincludes\public\class-eafl-post-type.php:70
actiontemplate_redirectincludes\public\class-eafl-redirect.php:27
actionplugins_loadedincludes\public\class-eafl-relations-database.php:45
actionadmin_initincludes\public\class-eafl-relations-database.php:46
filtereafl_settings_required_addonsincludes\public\class-eafl-settings.php:44
filterthe_contentincludes\public\class-eafl-shortcode.php:28
filterrest_prepare_postincludes\public\class-eafl-shortcode.php:31
filterrest_prepare_pageincludes\public\class-eafl-shortcode.php:32
actioninitincludes\public\class-eafl-taxonomies.php:28
Maintenance & Trust

Easy Affiliate Links Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 20, 2026
PHP min version
Downloads297K

Community Trust

Rating84/100
Number of ratings34
Active installs8K
Alternatives

Easy Affiliate Links Alternatives

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

betterlinks

A
98

Ultimate plugin to create, shorten, track and manage any URL. Gather analytics reports and run successful marketing campaigns easily.

20K 3 CVEs
URL Shortify – Simple and Easy URL Shortener

URL Shortify – Simple and Easy URL Shortener

url-shortify

A
92

URL Shortify helps you beautify, manage, share & cloak any links on or off your WordPress website. Create links using your domain name!

10K 9 CVEs
Affiliate Links – Link Cloaking and Management

Affiliate Links – Link Cloaking and Management

affiliate-links

A
96

Create any redirect links to any website from your WordPress Admin. Perfect for the affiliate links masking.

3K 3 CVEs
LinkCentral – URL shortener, Custom Links & Affiliate Link Shortener with Link Tracking

LinkCentral – URL shortener, Custom Links & Affiliate Link Shortener with Link Tracking

linkcentral

A
100

The easiest URL shortener, short links manager, and link tracking plugin. Fast and optimised for better short links, redirects and affiliate links.

300 No CVEs
Affiliate Link Cloaker

Affiliate Link Cloaker

alc

A
85

A plugin that generates geo targeted cloaked affiliate links.

30 No CVEs
Developer Profile

Easy Affiliate Links Developer Profile

Brecht

6 plugins · 79K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect Easy Affiliate Links

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-affiliate-links/dist/admin-manage-modal.css/wp-content/plugins/easy-affiliate-links/dist/admin-manage-modal.js
Script Paths
/wp-content/plugins/easy-affiliate-links/dist/admin-manage-modal.js
Version Parameters
easy-affiliate-links/dist/admin-manage-modal.css?ver=easy-affiliate-links/dist/admin-manage-modal.js?ver=

HTML / DOM Fingerprints

CSS Classes
eafl-admin-manageeafl-admin-modal
Data Attributes
data-eafl-iddata-eafl-type
JS Globals
eafl_admin_manage_modal
FAQ

Frequently Asked Questions about Easy Affiliate Links