Does Infusionsoft Affiliates have any unpatched vulnerabilities?

No. All known vulnerabilities in Infusionsoft Affiliates have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Infusionsoft Affiliates compatible with WordPress 3.9.40?

According to WordPress.org data, Infusionsoft Affiliates 2.4 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Infusionsoft Affiliates updated?

Infusionsoft Affiliates was last updated on Jul 7, 2014. Frequent updates are generally a positive security signal.

What is Infusionsoft Affiliates's security score?

Infusionsoft Affiliates has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Infusionsoft Affiliates Security & Risk Analysis

wordpress.org/plugins/infusionsoft-affiliates

This plugin allows you to load an Infusionsoft Affiliate's information into your wordpress pages using the [affiliate] shortcode.

10 active installs v2.4 PHP + WP 2.0.2+ Updated Jul 7, 2014

affiliate-programaffiliatesinfusioninfusionsofttracking

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Infusionsoft Affiliates Safe to Use in 2026?

Generally Safe

Score 85/100

Infusionsoft Affiliates has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'infusionsoft-affiliates' plugin v2.4 exhibits a concerning security posture, primarily due to a lack of robust access control and inadequate output sanitization. The presence of two AJAX handlers without authentication checks is a significant risk, potentially allowing unauthorized users to trigger plugin functionalities. Furthermore, the taint analysis revealing two high-severity flows with unsanitized paths, coupled with zero percent proper output escaping, strongly suggests a high likelihood of cross-site scripting (XSS) or other injection vulnerabilities. While the plugin has no recorded vulnerability history and employs prepared statements for some SQL queries, these positive aspects are heavily overshadowed by the identified weaknesses in its entry points and data handling.

Key Concerns

AJAX handlers without auth checks
High severity taint flows
Output escaping is not used
SQL queries with no prepared statements
No capability checks

Vulnerabilities

None known

Infusionsoft Affiliates Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Infusionsoft Affiliates Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

20% prepared5 total queries

Output Escaping

0% escaped12 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

infusionsoftaffiliates_ajaxreg (infusionsoft-affiliates.php:134)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Infusionsoft Affiliates Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_infusionsoftaffiliates_reginfusionsoft-affiliates.php:403

authwp_ajax_check_infusionsoft_redirectinfusionsoft-affiliates.php:404

Shortcodes 1

[affiliate] infusionsoft-affiliates.php:17

WordPress Hooks 5

filterplugin_action_linksinfusionsoft-affiliates.php:393

actionadmin_initinfusionsoft-affiliates.php:400

actionadmin_menuinfusionsoft-affiliates.php:401

actionsave_postinfusionsoft-affiliates.php:402

actionwpinfusionsoft-affiliates.php:407

Maintenance & Trust

Infusionsoft Affiliates Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedJul 7, 2014

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Infusionsoft Affiliates Alternatives

SegMetrics Marketing Analytics

segmetrics

Connect your SegMetrics account to get unparalleled insights into your visitor journey.

100 No CVEs

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs

Affiliate Program Suite — SliceWP Affiliates

slicewp

SliceWP is the quickest and easiest WordPress affiliates plugin for building your affiliate program. Track affiliate commissions, easily pay your affi …

10K 5 CVEs

Affiliates Manager

affiliates-manager

Affiliates Manager plugin can help you manage an affiliate marketing program to drive more traffic and more sales to your site.

9K 12 CVEs

Coupon Affiliates – Affiliate Plugin for WooCommerce

woo-coupon-usage

The most powerful affiliate plugin for WooCommerce. Track commission, generate referral URLs, assign affiliate coupons, and display detailed stats.

5K 12 CVEs

Developer Profile

Infusionsoft Affiliates Developer Profile

Jeremy B. Shapiro

4 plugins · 8K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

273 days

View full developer profile

Detection Fingerprints

How We Detect Infusionsoft Affiliates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/infusionsoft-affiliates/infusionsoft-affiliates.php

HTML / DOM Fingerprints

HTML Comments

+1 more

Data Attributes

name="noaffiliate_defaultpage_override"id="noaffiliate_defaultpage"name="noaffiliate_defaultpage"

JS Globals

var infusionsoftaffiliate

Shortcode Output

[affiliate field="" format="" dateshift="" htmldecode=false default=""]

FAQ