Does Pochipp have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Pochipp compatible with WordPress 6.9.4?

According to WordPress.org data, Pochipp 1.18.12 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Pochipp compatible with PHP 7.4+?

Pochipp requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pochipp updated?

Pochipp was last updated on Apr 12, 2026. Frequent updates are generally a positive security signal.

What is Pochipp's security score?

Pochipp has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pochipp Security & Risk Analysis

wordpress.org/plugins/pochipp

Amazonや楽天市場から商品を検索してアフィリエイトリンクを管理できるプラグインです。

20K active installs v1.18.12 PHP 7.4+ WP 5.6+ Updated Apr 12, 2026

affiliateblock

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 25, 2026

Plugin page Download

Safety Verdict

Is Pochipp Safe to Use in 2026?

Generally Safe

Score 98/100

Pochipp has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Feb 25, 2026Updated 1mo ago

Risk Assessment

The pochipp v1.18.11 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has a high percentage of properly escaped outputs. The absence of dangerous functions, file operations, and critical or high-severity taint flows is also encouraging. However, significant concerns arise from the attack surface analysis. With 7 out of 12 total entry points lacking authentication checks, this plugin presents a substantial risk of unauthorized access and malicious actions.

The vulnerability history shows a single known medium-severity CVE, which is noted as currently unpatched. While the fact that it's not critical or high is good, the presence of a past vulnerability, particularly one related to missing authorization, reinforces the concern identified in the static analysis regarding unprotected entry points. This suggests a recurring pattern or a persistent weakness in how access controls are implemented.

In conclusion, while pochipp v1.18.11 has some strong security foundations, the high number of unprotected AJAX handlers is a critical weakness that could be exploited. The unpatched medium CVE further underscores the need for immediate attention to these authorization gaps. Addressing these vulnerabilities will be crucial to improving the plugin's overall security.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Unpatched medium severity CVE
Flows with unsanitized paths
Limited nonce checks

Vulnerabilities

2 published

Pochipp Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2026-32417medium · 4.3Missing Authorization

Pochipp < 1.18.9 - Missing Authorization

Feb 25, 2026 Patched in 1.18.9 (50d)

CVE-2025-66129medium · 5.3Missing Authorization

Pochipp <= 1.18.0 - Missing Authorization

Dec 14, 2025 Patched in 1.18.1 (24d)

Version History

Pochipp Release Timeline

v1.18.12Current

v1.18.11

v1.18.10

v1.18.9

v1.18.81 CVE

v1.18.71 CVE

v1.18.61 CVE

v1.18.41 CVE

v1.18.31 CVE

v1.18.21 CVE

v1.18.11 CVE

v1.18.02 CVEs

CVE-2025-66129 CVE-2026-32417

v1.17.32 CVEs

CVE-2025-66129 CVE-2026-32417

v1.17.22 CVEs

CVE-2025-66129 CVE-2026-32417

v1.17.12 CVEs

CVE-2025-66129 CVE-2026-32417

v1.17.02 CVEs

CVE-2025-66129 CVE-2026-32417

v1.16.02 CVEs

CVE-2025-66129 CVE-2026-32417

v1.15.02 CVEs

CVE-2025-66129 CVE-2026-32417

v1.14.12 CVEs

CVE-2025-66129 CVE-2026-32417

v1.14.02 CVEs

CVE-2025-66129 CVE-2026-32417

Code Analysis

Analyzed Mar 16, 2026

Pochipp Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

298 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

88% escaped339 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<search_rakuten> (inc\ajax\search_rakuten.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Pochipp Attack Surface

Entry Points12

Unprotected7

AJAX Handlers 7

authwp_ajax_auto_updateinc\ajax\auto_update.php:9

authwp_ajax_pochipp_search_amazoninc\ajax\search_amazon.php:9

authwp_ajax_pochipp_search_rakuteninc\ajax\search_rakuten.php:9

authwp_ajax_pochipp_search_registerdinc\ajax\search_registerd.php:9

authwp_ajax_pochipp_search_yahooinc\ajax\search_yahoo.php:11

authwp_ajax_pochipp_update_datainc\ajax.php:62

authwp_ajax_pochipp_registerd_by_blockinc\ajax.php:96

REST API Routes 1

POST/wp-json/pochipp/datainc\__register_rest.php:10

Shortcodes 4

[pochipp] inc\register_shortcode.php:9

[pochipp_btn] inc\register_shortcode.php:28

[pochipp_link] inc\register_shortcode.php:36

[pochipp_img] inc\register_shortcode.php:44

WordPress Hooks 54

filterget_amazon_item_datainc\ajax\search_amazon.php:111

actionpochipp_auto_update_croninc\cron.php:9

actioninitinc\cron.php:10

filterposts_whereinc\cron.php:65

actionwp_enqueue_scriptsinc\enqueues.php:9

actionwp_footerinc\enqueues.php:18

actionadmin_enqueue_scriptsinc\enqueues.php:26

actionenqueue_block_editor_assetsinc\enqueues.php:77

filtermanage_posts_columnsinc\manage_columns.php:9

actionmanage_posts_custom_columninc\manage_columns.php:32

actionadmin_noticesinc\menu\notices.php:6

actionadmin_menuinc\menu.php:9

actionadmin_initinc\menu.php:29

actionwp_headinc\output.php:62

actionadmin_headinc\output.php:94

actionwpinc\output.php:126

filterpochipp_show_review_urlinc\output.php:129

actionwpinc\output.php:136

filterpochipp_amazon_sale_textinc\output.php:149

filterpochipp_show_rakuten_btninc\output.php:155

filterpochipp_show_yahoo_btninc\output.php:158

filterpochipp_show_mercari_btninc\output.php:161

filterpochipp_show_custom_btninc\output.php:164

filterpochipp_show_custom_btn_2inc\output.php:165

filterpochipp_rakuten_sale_textinc\output.php:171

filterpochipp_show_amazon_btninc\output.php:177

filterpochipp_show_yahoo_btninc\output.php:180

filterpochipp_show_mercari_btninc\output.php:183

filterpochipp_show_custom_btninc\output.php:186

filterpochipp_show_custom_btn_2inc\output.php:187

filterpochipp_yahoo_sale_textinc\output.php:193

filterpochipp_show_amazon_btninc\output.php:199

filterpochipp_show_rakuten_btninc\output.php:202

filterpochipp_show_mercari_btninc\output.php:205

filterpochipp_show_custom_btninc\output.php:208

filterpochipp_show_custom_btn_2inc\output.php:209

filterpochipp_mercari_sale_textinc\output.php:215

filterpochipp_show_amazon_btninc\output.php:221

filterpochipp_show_rakuten_btninc\output.php:224

filterpochipp_show_yahoo_btninc\output.php:227

filterpochipp_show_custom_btninc\output.php:230

filterpochipp_show_custom_btn_2inc\output.php:231

actionwp_footerinc\output.php:240

actioninitinc\register_blocks.php:9

actioninitinc\register_meta.php:9

actionsave_postinc\register_meta.php:27

actioninitinc\register_pt.php:9

actioninitinc\register_tax.php:9

actionmedia_upload_pochippinc\thickbox.php:10

filtermedia_upload_tabsinc\thickbox.php:23

actionrest_api_initinc\__register_rest.php:9

actioninitpochipp.php:68

actionafter_setup_themepochipp.php:69

actionplugins_loadedpochipp.php:146

Scheduled Events 1

pochipp_auto_update_cron

Maintenance & Trust

Pochipp Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 12, 2026

PHP min version7.4

Downloads697K

Community Trust

Rating84/100

Number of ratings5

Active installs20K

Alternatives

Pochipp Alternatives

AffiliateX – Amazon Affiliate Plugin

affiliatex

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K 3 CVEs

WP eBay Product Feeds

ebay-feeds-for-wordpress

Display feeds of eBay Products from eBay Partner Network on your site.

800 4 CVEs

Affiliaterg – Affiliate Products Booster Blocks

affiliate-products-blocks

A collection of custom Gutenberg blocks for Affiliate Products Review.

300 No CVEs

Affiliate Reviews

affiliate-reviews

Custom affiliate blocks for your product, casino, forex affiliate site, using your favorite theme!

200 1 CVE

Affilizz

affilizz

Affilizz allows you to manage all your affiliated content in one place regardless of your activity.

200 No CVEs

Developer Profile

Pochipp Developer Profile

wppochipp

1 plugin · 20K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

37 days

View full developer profile

Detection Fingerprints

How We Detect Pochipp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pochipp/dist/css/style.css/wp-content/plugins/pochipp/dist/css/setting.css/wp-content/plugins/pochipp/dist/js/setting.js/wp-content/plugins/pochipp/dist/js/colorpicker.js/wp-content/plugins/pochipp/assets/datetimepicker/jquery.datetimepicker.min.css/wp-content/plugins/pochipp/assets/datetimepicker/jquery.datetimepicker.full.min.js/wp-content/plugins/pochipp/dist/js/datepicker.js/wp-content/plugins/pochipp/dist/js/validation.js+3 more

Script Paths

/wp-content/plugins/pochipp/dist/js/setting.js/wp-content/plugins/pochipp/dist/js/colorpicker.js/wp-content/plugins/pochipp/assets/datetimepicker/jquery.datetimepicker.full.min.js/wp-content/plugins/pochipp/dist/js/datepicker.js/wp-content/plugins/pochipp/dist/js/validation.js/wp-content/plugins/pochipp/dist/blocks/toolbar/index.js

Version Parameters

pochipp-frontpochipp-settingpochipp-color-pickerdatetimepickerpochipp-datetimepickerpochipp-validatorpochipp-toolbarpochipp-blocks

HTML / DOM Fingerprints

CSS Classes

pochipp-btnpochipp-color-pickerpochipp-input-itempochipp-input-item-wrapperpochipp-btn-colorpochipp-text-colorpochipp-btn-submitpochipp-input-text+1 more

Data Attributes

data-pochipp-id

JS Globals

POCHIPP

FAQ

Pochipp Security & Risk Analysis

Is Pochipp Safe to Use in 2026?

Generally Safe

Key Concerns

Pochipp Security Vulnerabilities

CVEs by Year

Severity Breakdown

Pochipp Release Timeline

Pochipp Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Pochipp Attack Surface

AJAX Handlers 7

REST API Routes 1

Shortcodes 4

Scheduled Events 1

Pochipp Maintenance & Trust

Maintenance Signals

Community Trust

Pochipp Alternatives

AffiliateX – Amazon Affiliate Plugin

WP eBay Product Feeds

Affiliaterg – Affiliate Products Booster Blocks

Affiliate Reviews

Affilizz

Pochipp Developer Profile

How We Detect Pochipp

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Pochipp