WP-Safety

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Security & Risk Analysis

wordpress.org/plugins/frumbik-affiliate-hub

Free affiliate link management, Amazon product displays, click tracking, and GA4 integration for WordPress.

0 active installs v2.1.8 PHP 8.1+ WP 6.2+ Updated Apr 10, 2026
affiliate-linksamazon-productsanalyticsclick-trackinglink-management
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Safe to Use in 2026?

Generally Safe

Score 100/100

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The frumbik-affiliate-hub plugin v2.1.8 presents a mixed security posture. On the positive side, it demonstrates strong adherence to WordPress security best practices with 100% of its SQL queries using prepared statements and a significant portion of output being properly escaped. The plugin also incorporates a good number of nonce and capability checks, contributing to a generally protected attack surface. Its vulnerability history is remarkably clean, with no recorded CVEs, which suggests a history of responsible development and maintenance.

However, the static analysis reveals several areas of concern. The presence of dangerous functions like `preg_replace(/e)`, `exec`, and `shell_exec` are inherently risky and can be exploited if not handled with extreme care and strict input validation. Furthermore, a high number of taint flows (51) with unsanitized paths, and 45 identified as high severity, indicate a significant risk of input manipulation leading to potentially harmful actions, despite the absence of directly exploitable critical vulnerabilities in this run. The high number of file operations (10) when combined with unsanitized paths is also a red flag that warrants investigation.

In conclusion, while the plugin benefits from excellent SQL handling and a clean CVE history, the identified dangerous functions and numerous high-severity unsanitized taint flows present a considerable risk. The developers have clearly invested in fundamental security practices, but the aforementioned issues necessitate careful scrutiny and potential remediation to achieve a truly robust security profile.

Key Concerns

  • High severity unsanitized taint flows
  • Presence of dangerous functions (exec, shell_exec)
  • Presence of dangerous function (preg_replace(/e))
  • Unsanitized paths in taint flows
  • High number of file operations
  • Bundled library (TinyMCE) could be outdated
Vulnerabilities
None known

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Release Timeline

v2.1.8Current
v2.1.6
v2.1.4
v2.1.3
v2.1.2
v2.0.1
v2.0.0
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.0.14
v1.0.12
v1.0.5
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Code Analysis

Dangerous Functions
3
Raw SQL Queries
3
851 prepared
Unescaped Output
641
2339 escaped
Nonce Checks
38
Capability Checks
54
File Operations
10
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace( '/eincludes/Core/CdnManager.php:547
execexec($command, $output, $return_code);includes/Modules/MaxMindManager.php:174
shell_exec$test = shell_exec("which $command 2>/dev/null");includes/Modules/MaxMindManager.php:238

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared854 total queries

Output Escaping

78% escaped2980 total outputs
Data Flows · Security
51 unsanitized

Data Flow Analysis

25 flows51 with unsanitized paths
render_step_2_configure (includes/Admin/Migration/MigrationPage.php:317)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Attack Surface

Entry Points40
Unprotected0

AJAX Handlers 39

authwp_ajax_frumbik_analytics_dataincludes/Admin/AnalyticsDashboard.php:36
authwp_ajax_frumbik_export_analyticsincludes/Admin/AnalyticsDashboard.php:37
authwp_ajax_frumbik_recent_activityincludes/Admin/AnalyticsDashboard.php:38
authwp_ajax_frumbik_dismiss_db_noticeincludes/Admin/DatabaseStatus.php:177
authwp_ajax_frumbik_geo_statsincludes/Admin/GeoLocationAdmin.php:26
authwp_ajax_frumbik_maxmind_updateincludes/Admin/GeoLocationAdmin.php:27
authwp_ajax_frumbik_install_native_geoip2includes/Admin/GeoLocationAdmin.php:28
authwp_ajax_frumbik_uninstall_native_geoip2includes/Admin/GeoLocationAdmin.php:29
authwp_ajax_frumbik_run_benchmarkincludes/Admin/GeoLocationAdmin.php:30
authwp_ajax_frumbik_test_real_lookupincludes/Admin/GeoLocationAdmin.php:31
authwp_ajax_frumbik_reset_performance_metricsincludes/Admin/GeoLocationAdmin.php:32
authwp_ajax_frumbik_maxmind_downloadincludes/Admin/Settings.php:28
authwp_ajax_frumbik_run_optimizationincludes/Admin/SmartOptimizationDashboard.php:45
authwp_ajax_frumbik_get_optimization_statusincludes/Admin/SmartOptimizationDashboard.php:46
authwp_ajax_frumbik_clear_cacheincludes/Admin/SmartOptimizationDashboard.php:47
authwp_ajax_frumbik_get_performance_reportincludes/Admin/SmartOptimizationDashboard.php:48
authwp_ajax_frumbik_toggle_optimizationincludes/Admin/SmartOptimizationDashboard.php:49
authwp_ajax_frumbik_get_analytics_dataincludes/Analytics/AdvancedAnalytics.php:39
authwp_ajax_frumbik_get_device_statsincludes/Analytics/AdvancedAnalytics.php:40
authwp_ajax_frumbik_get_trends_dataincludes/Analytics/AdvancedAnalytics.php:41
authwp_ajax_frumbik_create_affiliate_linkincludes/Controllers/LinkController.php:27
authwp_ajax_frumbik_update_affiliate_linkincludes/Controllers/LinkController.php:28
authwp_ajax_frumbik_delete_affiliate_linkincludes/Controllers/LinkController.php:29
authwp_ajax_frumbik_search_affiliate_linksincludes/Controllers/LinkController.php:30
authwp_ajax_frumbik_check_affiliate_slugincludes/Controllers/LinkController.php:31
authwp_ajax_frumbik_get_statsincludes/Controllers/StatsController.php:41
authwp_ajax_frumbik_get_stats_dataincludes/Controllers/StatsController.php:42
authwp_ajax_frumbik_get_dashboard_statsincludes/Controllers/StatsController.php:43
authwp_ajax_frumbik_get_chart_dataincludes/Controllers/StatsController.php:44
authwp_ajax_frumbik_get_top_linksincludes/Controllers/StatsController.php:45
authwp_ajax_frumbik_get_geographic_dataincludes/Controllers/StatsController.php:46
authwp_ajax_frumbik_export_statsincludes/Controllers/StatsController.php:47
authwp_ajax_frumbik_get_table_dataincludes/Controllers/StatsController.php:48
authwp_ajax_frumbik_save_modulesincludes/Core/Admin.php:1567
authwp_ajax_frumbik_track_clickincludes/Modules/ClickTracker.php:44
noprivwp_ajax_frumbik_track_clickincludes/Modules/ClickTracker.php:45
authwp_ajax_frumbik_test_geoincludes/Modules/GeoLocation.php:141
authwp_ajax_frumbik_get_affiliate_links_listincludes/Modules/LinkShortener.php:36
authwp_ajax_frumbik_download_geoipincludes/Modules/MaxMindManager.php:42

Shortcodes 1

[frumbik_link] includes/Modules/LinkShortener.php:27
WordPress Hooks 89
actionadmin_noticesaffiliate-hub.php:27
actionadmin_noticesaffiliate-hub.php:43
actionadmin_noticesaffiliate-hub.php:58
actioninitaffiliate-hub.php:72
actionadmin_noticesaffiliate-hub.php:82
actionplugins_loadedaffiliate-hub.php:228
actionadmin_initaffiliate-hub.php:231
actionadmin_initaffiliate-hub.php:256
actionwp_loadedaffiliate-hub.php:300
actionadmin_noticesaffiliate-hub.php:327
actionadmin_initaffiliate-hub.php:340
actionadmin_noticesaffiliate-hub.php:344
actionadmin_menuincludes/Admin/AnalyticsDashboard.php:34
actionadmin_enqueue_scriptsincludes/Admin/AnalyticsDashboard.php:35
actionadmin_post_frumbik_stream_exportincludes/Admin/AnalyticsDashboard.php:39
actionwp_dashboard_setupincludes/Admin/DashboardWidget.php:27
actionadmin_enqueue_scriptsincludes/Admin/DashboardWidget.php:28
actionadmin_enqueue_scriptsincludes/Admin/DatabaseStatus.php:21
actionadmin_noticesincludes/Admin/DatabaseStatus.php:70
actionadmin_initincludes/Admin/DatabaseStatus.php:176
actionadmin_enqueue_scriptsincludes/Admin/GeoLocationAdmin.php:25
actioncurrent_screenincludes/Admin/GeoLocationAdmin.php:35
filterparent_fileincludes/Admin/GeoLocationAdmin.php:36
filtersubmenu_fileincludes/Admin/GeoLocationAdmin.php:37
actionadd_meta_boxesincludes/Admin/MetaBoxes.php:33
actionsave_postincludes/Admin/MetaBoxes.php:34
actionadmin_enqueue_scriptsincludes/Admin/MetaBoxes.php:35
actionsave_postincludes/Admin/MetaBoxes.php:718
actionadmin_enqueue_scriptsincludes/Admin/Settings/LinkScannerTab.php:14
actionadmin_enqueue_scriptsincludes/Admin/Settings/LinksTab.php:26
actionadmin_enqueue_scriptsincludes/Admin/Settings/ModulesTab.php:32
actionadmin_enqueue_scriptsincludes/Admin/Settings/PerformanceTab.php:14
actionadmin_initincludes/Admin/Settings.php:26
actionadmin_enqueue_scriptsincludes/Admin/Settings.php:27
actionadmin_menuincludes/Admin/SetupWizard.php:51
actionadmin_initincludes/Admin/SetupWizard.php:52
actionadmin_menuincludes/Admin/SmartOptimizationDashboard.php:42
actionadmin_enqueue_scriptsincludes/Admin/SmartOptimizationDashboard.php:52
actionadmin_enqueue_scriptsincludes/Admin/UnifiedSettings.php:173
actionadmin_initincludes/Admin/UnifiedSettings.php:174
actioncurrent_screenincludes/Admin/UnifiedSettings.php:207
actionadmin_initincludes/Admin/UnifiedSettings.php:214
actionadmin_noticesincludes/Core/Admin.php:69
actionadmin_menuincludes/Core/Admin.php:128
filterparent_fileincludes/Core/Admin.php:131
filtersubmenu_fileincludes/Core/Admin.php:132
actionadmin_headincludes/Core/Admin.php:135
actionadmin_initincludes/Core/Admin.php:138
actionadmin_initincludes/Core/Admin.php:141
actionmanage_affiliate_link_posts_custom_columnincludes/Core/Admin.php:152
actionpre_get_postsincludes/Core/Admin.php:155
filterpost_row_actionsincludes/Core/Admin.php:162
actionadmin_action_frumbik_duplicateincludes/Core/Admin.php:164
actionrestrict_manage_postsincludes/Core/Admin.php:167
filterparse_queryincludes/Core/Admin.php:168
filteredit_posts_per_pageincludes/Core/Admin.php:171
actionrestrict_manage_postsincludes/Core/Admin.php:172
actionadmin_enqueue_scriptsincludes/Core/Admin.php:175
actionadmin_initincludes/Core/CacheWarmer.php:36
actionfrumbik_warm_cacheincludes/Core/CacheWarmer.php:39
actionpre_get_postsincludes/Core/CacheWarmer.php:47
actionthe_postsincludes/Core/CacheWarmer.php:101
actionwp_enqueue_scriptsincludes/Core/CdnManager.php:73
actionadmin_enqueue_scriptsincludes/Core/CdnManager.php:74
filterscript_loader_srcincludes/Core/CdnManager.php:77
filterstyle_loader_srcincludes/Core/CdnManager.php:78
filterfrumbik_minify_jsincludes/Core/CdnManager.php:81
filterfrumbik_minify_cssincludes/Core/CdnManager.php:82
filterscript_loader_tagincludes/Core/CdnManager.php:264
actionwp_footerincludes/Core/PerformanceMonitor.php:70
actionadmin_footerincludes/Core/PerformanceMonitor.php:71
actionwp_headincludes/Core/PerformanceMonitor.php:72
actionshutdownincludes/Core/PerformanceMonitor.php:73
actionwp_enqueue_scriptsincludes/Modules/ClickTracker.php:35
filterthe_contentincludes/Modules/ClickTracker.php:36
filterfrumbik_before_track_clickincludes/Modules/GeoLocation.php:124
actionfrumbik_enrich_geoincludes/Modules/GeoLocation.php:127
actionfrumbik_maxmind_updateincludes/Modules/GeoLocation.php:130
filtercron_schedulesincludes/Modules/GeoLocation.php:136
actionfrumbik_geo_cleanupincludes/Modules/GeoLocation.php:138
actionadmin_initincludes/Modules/KeywordsAutolinker/Settings.php:36
actionadmin_initincludes/Modules/KeywordsAutolinker/Settings.php:39
actionadmin_enqueue_scriptsincludes/Modules/KeywordsAutolinker/Settings.php:42
actionmedia_buttonsincludes/Modules/LinkShortener.php:35
actionenqueue_block_editor_assetsincludes/Modules/LinkShortener.php:42
filtermce_external_pluginsincludes/Modules/LinkShortener.php:221
filtermce_buttonsincludes/Modules/LinkShortener.php:222
actionfrumbik_update_geoipincludes/Modules/MaxMindManager.php:41
actioninitincludes/Modules/ModuleManager.php:32

Scheduled Events 10

frumbik_warm_cache
frumbik_cdn_optimization
frumbik_database_optimization
frumbik_database_cleanup
frumbik_deferred_operations
frumbik_performance_cleanup
frumbik_maxmind_update
frumbik_geo_cleanup
frumbik_enrich_geo
frumbik_update_geoip
Maintenance & Trust

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 10, 2026
PHP min version8.1
Downloads446

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Alternatives

LinkAlert

LinkAlert

codirun-linkalert

A
100

Link management and click tracking plugin for WordPress. Monitor clicks in real time, manage short links, and receive instant notifications.

0 No CVEs
Royal Links

Royal Links

royal-links

A
100

Free affiliate link management, URL shortener, and link cloaking plugin with geo-targeting, A/B testing, QR codes, and auto-linking. No premium tier.

0 No CVEs
Click Counter by Simple Tools

Click Counter by Simple Tools

click-counter

A
100

Advanced click tracking for any CSS selector. Analytics, charts, goals, CSV export, visual picker, and more.

100 No CVEs
ShortLinks Pro – Affiliate Links, Link Shortening, Click Tracking & Marketing

ShortLinks Pro – Affiliate Links, Link Shortening, Click Tracking & Marketing

shortlinkspro

A
99

Shorten, track, manage and share any URL using your own domain name!

100 1 CVE
Smart Click Tracker

Smart Click Tracker

smart-click-tracker

A
100

Track clicks on any element of your WordPress site and view detailed statistics with beautiful charts.

100 No CVEs
Developer Profile

Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting Developer Profile

Frumbik

2 plugins · 40 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/frumbik-affiliate-hub/assets/css/admin-app.css/wp-content/plugins/frumbik-affiliate-hub/assets/css/frontend-app.css/wp-content/plugins/frumbik-affiliate-hub/assets/js/admin-app.js/wp-content/plugins/frumbik-affiliate-hub/assets/js/frontend-app.js
Script Paths
/wp-content/plugins/frumbik-affiliate-hub/assets/js/admin-app.js/wp-content/plugins/frumbik-affiliate-hub/assets/js/frontend-app.js
Version Parameters
frumbik-affiliate-hub/assets/css/admin-app.css?ver=frumbik-affiliate-hub/assets/css/frontend-app.css?ver=frumbik-affiliate-hub/assets/js/admin-app.js?ver=frumbik-affiliate-hub/assets/js/frontend-app.js?ver=

HTML / DOM Fingerprints

CSS Classes
frumbik-affiliate-hub-welcome-screen
HTML Comments
<!-- Frumbik Affiliate Hub: Options Page --><!-- Frumbik Affiliate Hub: Welcome Page --><!-- Frumbik Affiliate Hub: Link Shortener Settings --><!-- Frumbik Affiliate Hub: Advanced Settings -->+60 more
Data Attributes
data-dismiss-key="frumbik_wp_org_notice"
JS Globals
window.frumbik_affiliate_hub_admin_paramswindow.frumbik_affiliate_hub_frontend_params
FAQ

Frequently Asked Questions about Frumbik Affiliate Hub – Affiliate Links, Amazon Product Displays, Click Tracking & Geo-Targeting