WP-Safety

Ecommerce Affiliate Security & Risk Analysis

wordpress.org/plugins/ecommerce-affiliate

Enhance your eCommerce store with affiliate marketing features, including product commissions, tracking, and easy integration.

0 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Unknown
affiliate-linksaffiliate-managementaffiliate-marketinge-commercewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ecommerce Affiliate Safe to Use in 2026?

Generally Safe

Score 100/100

Ecommerce Affiliate has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "ecommerce-affiliate" plugin v1.0.0 presents a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs, indicating a potentially well-maintained codebase or a lack of prior significant security discoveries. The plugin also demonstrates good practices in handling SQL queries, with 89% utilizing prepared statements, and avoids file operations and external HTTP requests, which are common sources of vulnerabilities.

However, several concerns arise from the static analysis. The presence of 2 AJAX handlers without authentication checks is a significant security risk, potentially allowing unauthorized users to trigger actions within the plugin. Furthermore, the taint analysis reveals 5 flows with unsanitized paths, all classified as high severity. This suggests that user-supplied input might be processed in a way that could lead to code execution or other critical security issues if exploited. The relatively low percentage of properly escaped output (63%) also raises concerns about potential cross-site scripting (XSS) vulnerabilities.

While the plugin benefits from a lack of known historical vulnerabilities, the static analysis highlights immediate and potentially critical weaknesses. The high severity taint flows and unprotected AJAX endpoints require urgent attention. A balanced conclusion would be that the plugin has a potentially solid foundation, but these specific identified risks in its current version pose a considerable threat and need to be addressed proactively.

Key Concerns

  • AJAX handlers without authentication checks
  • High severity taint flows with unsanitized paths
  • Low percentage of properly escaped output
Vulnerabilities
None known

Ecommerce Affiliate Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Ecommerce Affiliate Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
48 prepared
Unescaped Output
154
259 escaped
Nonce Checks
9
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

89% prepared54 total queries

Output Escaping

63% escaped413 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths
icecomaf_cancel_payment (admin\inc\admin-ajax.php:38)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Ecommerce Affiliate Attack Surface

Entry Points22
Unprotected2

AJAX Handlers 17

authwp_ajax_approve_useradmin\inc\admin-ajax.php:2
authwp_ajax_ic_cancel_paymentadmin\inc\admin-ajax.php:36
authwp_ajax_ic_make_paymentadmin\inc\admin-ajax.php:94
noprivwp_ajax_register_affiliate_userinc\register-user.php:215
authwp_ajax_register_affiliate_userinc\register-user.php:216
noprivwp_ajax_affiliate_logininc\register-user.php:359
authwp_ajax_affiliate_logininc\register-user.php:360
authwp_ajax_ic_affiliate_logoutinc\register-user.php:378
noprivwp_ajax_ic_affiliate_logoutinc\register-user.php:379
authwp_ajax_ic_forgot_passwordinc\register-user.php:435
noprivwp_ajax_ic_forgot_passwordinc\register-user.php:436
authwp_ajax_affiliate_verify_otpinc\register-user.php:482
noprivwp_ajax_affiliate_verify_otpinc\register-user.php:483
noprivwp_ajax_resend_otpinc\register-user.php:535
authwp_ajax_resend_otpinc\register-user.php:536
authwp_ajax_ic_claim_paymentinc\register-user.php:539
noprivwp_ajax_ic_claim_paymentinc\register-user.php:540

Shortcodes 5

[icecomaf_affiliate_profile] views\affiliate_profile.php:62
[icecomaf_affiliate_forgot_password] views\forgot_password.php:33
[icecomaf_affiliate_login_form] views\login.php:47
[icecomaf_affiliate_register_form] views\register.php:80
[icecomaf_affiliate_verify_otp] views\verify_otp.php:48
WordPress Hooks 13
actionadmin_initadmin\inc\callback_functions.php:754
actionadmin_enqueue_scriptsadmin\inc\enqueue-admin.php:30
actionadmin_menuadmin\menues.php:4
actionadmin_menuadmin\menues.php:49
actionwp_enqueue_scriptsinc\enqueue-scripts.php:48
actiontemplate_redirectinc\functions.php:5
actioninitinc\functions.php:23
actionwoocommerce_thankyouinc\functions.php:52
actiontemplate_redirectinc\functions.php:146
actioninitinc\register-user.php:16
actioninitinc\register-user.php:255
filterwp_authenticate_userinc\register-user.php:267
filterlogin_errorsinc\register-user.php:276
Maintenance & Trust

Ecommerce Affiliate Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedUnknown
PHP min version7.4
Downloads441

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Ecommerce Affiliate Alternatives

Product Filter for WooCommerce by WBW

Product Filter for WooCommerce by WBW

woo-product-filter

A
89

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 6 CVEs
Klarna for WooCommerce

Klarna for WooCommerce

klarna-payments-for-woocommerce

A
100

Grow your business for increased sales and enhanced shopping experiences at no extra costs.

30K 1 CVE
WCBoost – Wishlist

WCBoost – Wishlist

wcboost-wishlist

A
100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs
Conversion Tracking for WooCommerce

Conversion Tracking for WooCommerce

woocommerce-conversion-tracking

A
98

Adds various conversion tracking codes to cart, checkout, registration success and product page on WooCommerce

20K 4 CVEs
Amazon Pay for WooCommerce

Amazon Pay for WooCommerce

woocommerce-gateway-amazon-payments-advanced

A
100

Install the Amazon Pay plugin for your WooCommerce store and take advantage of a seamless checkout experience

20K 1 CVE
Developer Profile

Ecommerce Affiliate Developer Profile

ITclan BD

2 plugins · 10 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ecommerce Affiliate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ecommerce-affiliate/admin/assets/style-admin.css/wp-content/plugins/ecommerce-affiliate/admin/assets/scripts-admin.js
Version Parameters
ecommerce-affiliate/admin/assets/style-admin.css?ver=ecommerce-affiliate/admin/assets/scripts-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
window.icAffAdminData
Shortcode Output
[icecomaf_affiliate_register_form][icecomaf_affiliate_login_form][icecomaf_affiliate_profile][icecomaf_affiliate_verify_otp]
FAQ

Frequently Asked Questions about Ecommerce Affiliate