Does PW WooCommerce Affiliates have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is PW WooCommerce Affiliates compatible with WordPress 6.9.4?

According to WordPress.org data, PW WooCommerce Affiliates 2.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PW WooCommerce Affiliates compatible with PHP 7.4+?

PW WooCommerce Affiliates requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PW WooCommerce Affiliates updated?

PW WooCommerce Affiliates was last updated on Mar 15, 2026. Frequent updates are generally a positive security signal.

What is PW WooCommerce Affiliates's security score?

PW WooCommerce Affiliates has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PW WooCommerce Affiliates Security & Risk Analysis

wordpress.org/plugins/pw-woocommerce-affiliates

Easily track and reward affiliates in your WooCommerce store.

40 active installs v2.8 PHP 7.4+ WP 4.5+ Updated Mar 15, 2026

affiliatespimwickreferralswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PW WooCommerce Affiliates Safe to Use in 2026?

Generally Safe

Score 100/100

PW WooCommerce Affiliates has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin 'pw-woocommerce-affiliates' v2.8 exhibits a generally strong security posture with several positive indicators. The absence of any known CVEs and the robust implementation of nonce and capability checks across its 7 AJAX entry points are commendable. The plugin also demonstrates good practices by utilizing prepared statements for a significant majority of its SQL queries and avoiding external HTTP requests, which are common vectors for attack.

However, there are notable areas of concern. The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data might be processed in an insecure manner. While the total number of flows is small, the presence of high-severity issues warrants attention. Additionally, the output escaping is not consistently applied, with 33% of outputs not being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is displayed without proper sanitization.

In conclusion, while the plugin has a clean vulnerability history and implements several security best practices, the identified high-severity taint flows and inadequate output escaping are significant weaknesses. These issues, if exploited, could lead to serious security compromises. The plugin is recommended for further investigation and potential patching.

Key Concerns

High severity taint flows with unsanitized paths
Significant portion of outputs not properly escaped

Vulnerabilities

None known

PW WooCommerce Affiliates Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

PW WooCommerce Affiliates Release Timeline

v2.8Current

v2.7

v2.6

v2.5

v2.4

v2.3

v2.2

v2.1

v2.0

v1.44

v1.43

v1.42

v1.41

v1.40

v1.39

v1.38

v1.37

v1.36

v1.35

v1.34

Code Analysis

Analyzed Mar 16, 2026

PW WooCommerce Affiliates Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared10 total queries

Output Escaping

67% escaped70 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

send_exported_file (admin\admin.php:358)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PW WooCommerce Affiliates Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_pwwa-affiliates-reportadmin\admin.php:107

authwp_ajax_pwwa-export-reportadmin\admin.php:108

authwp_ajax_pwwa-create-affiliateadmin\admin.php:109

authwp_ajax_pwwa-edit-affiliateadmin\admin.php:110

authwp_ajax_pwwa-delete-affiliateadmin\admin.php:111

authwp_ajax_pwwa-save-commissionsadmin\admin.php:112

authwp_ajax_pwwa-save-settingsadmin\admin.php:113

WordPress Hooks 20

actionadmin_noticesadmin\admin.php:96

actionadmin_menuadmin\admin.php:100

filtercustom_menu_orderadmin\admin.php:101

actionadmin_enqueue_scriptsadmin\admin.php:102

actionrestrict_manage_postsadmin\admin.php:103

filterrequestadmin\admin.php:104

actionadmin_initadmin\admin.php:105

actionplugins_loadedpw-affiliates.php:78

actionwoocommerce_initpw-affiliates.php:79

actioninitpw-affiliates.php:80

actionbefore_woocommerce_initpw-affiliates.php:86

filterwoocommerce_order_item_display_meta_valuepw-affiliates.php:110

actionwp_enqueue_scriptspw-affiliates.php:113

filterwoocommerce_account_menu_itemspw-affiliates.php:114

filterwoocommerce_order_data_store_cpt_get_orders_querypw-affiliates.php:116

actionwoocommerce_checkout_update_order_metapw-affiliates.php:117

actionwoocommerce_store_api_checkout_update_order_metapw-affiliates.php:118

actionwoocommerce_cart_totals_before_order_totalpw-affiliates.php:119

actionwoocommerce_review_order_before_order_totalpw-affiliates.php:120

filterwoocommerce_attribute_labelpw-affiliates.php:123

Maintenance & Trust

PW WooCommerce Affiliates Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 15, 2026

PHP min version7.4

Downloads12K

Community Trust

Rating70/100

Number of ratings6

Active installs40

Alternatives

PW WooCommerce Affiliates Alternatives

AFFI – Affiliate Marketing for WooCommerce

affi-affiliate-marketing-for-woo

100

Support affiliate management with flexible commissions, real-time performance record, auto payouts, email notifications for events, etc...

20 No CVEs

Affiliate Program Suite — SliceWP Affiliates

slicewp

SliceWP is the quickest and easiest WordPress affiliates plugin for building your affiliate program. Track affiliate commissions, easily pay your affi …

10K 7 CVEs

Affiliates Manager

affiliates-manager

Affiliates Manager plugin can help you manage an affiliate marketing program to drive more traffic and more sales to your site.

9K 12 CVEs

Coupon Affiliates – Affiliate Plugin for WooCommerce

woo-coupon-usage

The most powerful affiliate plugin for WooCommerce. Track commission, generate referral URLs, assign affiliate coupons, and display detailed stats.

5K 13 CVEs

Affiliates WooCommerce Light

affiliates-woocommerce-light

100

Grow your Business with your own Affiliate Network and let your partners earn commissions on referred sales. Integrates Affiliates and WooCommerce.

1K No CVEs

Developer Profile

PW WooCommerce Affiliates Developer Profile

pimwick

10 plugins · 43K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect PW WooCommerce Affiliates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pw-woocommerce-affiliates/assets/js/pw-affiliates.js/wp-content/plugins/pw-woocommerce-affiliates/assets/css/jquery-ui-style.min.css

Script Paths

/wp-content/plugins/pw-woocommerce-affiliates/assets/js/pw-affiliates.js

Version Parameters

pw-woocommerce-affiliates/assets/js/pw-affiliates.js?ver=pw-woocommerce-affiliates/assets/css/jquery-ui-style.min.css?ver=

HTML / DOM Fingerprints

Data Attributes

data-noncedata-postiddata-affiliate-id

JS Globals

pwwa

FAQ