WP-Safety

LATMMO Aff Amazon Security & Risk Analysis

wordpress.org/plugins/latmmo-aff-amazon

Amazon Aff LATMMO is the best plugin for WordPress Amazon affiliates with a suite of features to help you more effectively promote Amazon products and …

10 active installs v1.0.0 PHP 5.3+ WP 4.6+ Updated Nov 20, 2021
amazonamazon-affiliate
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is LATMMO Aff Amazon Safe to Use in 2026?

Generally Safe

Score 85/100

LATMMO Aff Amazon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "latmmo-aff-amazon" plugin v1.0.0 presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and shows a strong emphasis on output escaping with a high percentage of properly escaped outputs. The absence of known vulnerabilities (CVEs) in its history is also a positive indicator, suggesting a level of maturity or a lack of prior exploitable flaws.

However, significant security concerns arise from the static analysis. A notable portion of the plugin's attack surface, specifically 6 out of 10 entry points, lacks authentication checks. This is further compounded by the taint analysis revealing 2 flows with unsanitized paths, indicating potential for malicious data to be processed without proper validation. The absence of nonce checks on its AJAX handlers is a critical oversight, making it susceptible to CSRF attacks. While no critical or high severity taint flows were explicitly noted, the presence of unsanitized paths coupled with unprotected entry points creates a fertile ground for exploitation.

The plugin's vulnerability history is currently clear, which is encouraging. However, this does not negate the immediate risks identified in the code. The combination of unprotected entry points, unsanitized data flows, and the lack of nonce checks on AJAX endpoints represents the most significant security weaknesses. Moving forward, addressing these immediate code-level issues is paramount to improving the plugin's overall security.

Key Concerns

  • AJAX handlers without auth checks
  • Unsanitized paths in taint flows
  • No nonce checks on AJAX handlers
  • Low percentage of properly escaped outputs
  • No capability checks
Vulnerabilities
None known

LATMMO Aff Amazon Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

LATMMO Aff Amazon Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
39
50 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

56% escaped89 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
import_product_ajax (classes\table.php:167)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

LATMMO Aff Amazon Attack Surface

Entry Points10
Unprotected6

AJAX Handlers 6

authwp_ajax_latmmo_product_search_ajaxclasses\table.php:16
noprivwp_ajax_latmmo_product_search_ajaxclasses\table.php:17
authwp_ajax_latmmo_import_product_to_table_ajaxclasses\table.php:19
noprivwp_ajax_latmmo_import_product_to_table_ajaxclasses\table.php:20
authwp_ajax_latmmo_table_update_info_when_change_productclasses\table.php:22
noprivwp_ajax_latmmo_table_update_info_when_change_productclasses\table.php:23

Shortcodes 4

[latmmo_product_history] shortcodes\product-history\template.php:98
[amazon_single_product] shortcodes\product-link\template.php:74
[latmmo_product_link] shortcodes\single-product\template.php:66
[latmmo_table_compare] shortcodes\table-compare\template.php:60
WordPress Hooks 13
actionadmin_footerclasses\admin.php:16
actionadmin_print_scripts-post.phpclasses\table.php:12
actionadmin_print_scripts-post-new.phpclasses\table.php:13
actionadmin_footerclasses\table.php:14
filtertemplate_includefunc\filters.php:30
actionlatmmo_cron_amazon_productfunc\hooks.php:60
actioninitfunc\post-type.php:36
actioninitfunc\post-type.php:66
actiondelete_attachmentfunc\resize.php:23
actioninitmain.php:22
actioninitmain.php:23
actionadmin_menumain.php:24
actionwp_enqueue_scriptsmain.php:27
Maintenance & Trust

LATMMO Aff Amazon Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedNov 20, 2021
PHP min version5.3
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

LATMMO Aff Amazon Alternatives

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

A
95

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs
AffiliateX – Amazon Affiliate Plugin

AffiliateX – Amazon Affiliate Plugin

affiliatex

A
96

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K 3 CVEs
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

simple-urls

A
98

Simple URLs helps you to manage links, create product displays, and grow your affiliate marketing business.

4K 6 CVEs
Shop Page WP

Shop Page WP

shop-page-wp

A
92

Create an affiliate shop page on your website. Simple to setup and add products to start making money from affiliate links on your blog.

3K 1 CVE
Tableberg – Simple Gutenberg Table Block

Tableberg – Simple Gutenberg Table Block

tableberg

A
98

Table Block For the Block Editor. Craft Beautiful Tables With Ease.

2K 2 CVEs
Developer Profile

LATMMO Aff Amazon Developer Profile

AffiliateCMS.com

2 plugins · 110 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect LATMMO Aff Amazon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/latmmo-aff-amazon/assets/css/style.css/wp-content/plugins/latmmo-aff-amazon/assets/css/vendor/fancybox.min.css/wp-content/plugins/latmmo-aff-amazon/assets/css/vendor/font-awesome/fontawesome.min.css/wp-content/plugins/latmmo-aff-amazon/assets/css/vendor/slick.css/wp-content/plugins/latmmo-aff-amazon/assets/js/fe/shortcode.js/wp-content/plugins/latmmo-aff-amazon/assets/js/fe/script.js/wp-content/plugins/latmmo-aff-amazon/assets/js/vendor/chart.min.js/wp-content/plugins/latmmo-aff-amazon/assets/js/vendor/jquery.fancybox.min.js+3 more
Script Paths
latmmo-aff-amazon/assets/css/style.csslatmmo-aff-amazon/assets/css/vendor/fancybox.min.csslatmmo-aff-amazon/assets/css/vendor/font-awesome/fontawesome.min.csslatmmo-aff-amazon/assets/css/vendor/slick.csslatmmo-aff-amazon/assets/js/fe/shortcode.jslatmmo-aff-amazon/assets/js/fe/script.js+5 more
Version Parameters
latmmo-aff-amazon/assets/css/style.css?ver=latmmo-aff-amazon/assets/css/vendor/fancybox.min.css?ver=latmmo-aff-amazon/assets/css/vendor/font-awesome/fontawesome.min.css?ver=latmmo-aff-amazon/assets/css/vendor/slick.css?ver=latmmo-aff-amazon/assets/js/fe/shortcode.js?ver=latmmo-aff-amazon/assets/js/fe/script.js?ver=latmmo-aff-amazon/assets/js/vendor/chart.min.js?ver=latmmo-aff-amazon/assets/js/vendor/jquery.fancybox.min.js?ver=latmmo-aff-amazon/assets/js/vendor/slick.min.js?ver=latmmo-aff-amazon/assets/css/admin/admin.css?ver=latmmo-aff-amazon/assets/css/admin/table.css?ver=

HTML / DOM Fingerprints

CSS Classes
latmmo-shortcode-wrapper
HTML Comments
LATMMO Amazon AffCopyright
Data Attributes
data-latmmo-product-iddata-latmmo-shortcode-type
JS Globals
latmmo_script
REST Endpoints
/wp-json/latmmo-aff-amazon/
Shortcode Output
[table-compare[single-product[product-link[product-history
FAQ

Frequently Asked Questions about LATMMO Aff Amazon