Does QuickAffiLink have any unpatched vulnerabilities?

No. All known vulnerabilities in QuickAffiLink have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is QuickAffiLink compatible with WordPress 6.6.5?

According to WordPress.org data, QuickAffiLink 1.1.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is QuickAffiLink compatible with PHP 7.0+?

QuickAffiLink requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is QuickAffiLink updated?

QuickAffiLink was last updated on Nov 8, 2024. Frequent updates are generally a positive security signal.

What is QuickAffiLink's security score?

QuickAffiLink has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

QuickAffiLink Security & Risk Analysis

wordpress.org/plugins/quickaffilink

QuickAffiLink is an easy-to-use plugin that simplifies the display of Amazon affiliate products for WordPress site owners.

10 active installs v1.1.0 PHP 7.0+ WP 5.0+ Updated Nov 8, 2024

amazon-affiliateamazon-affiliate-displaymonetizationproduct-shortcodeswordpress-affiliate-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is QuickAffiLink Safe to Use in 2026?

Generally Safe

Score 92/100

QuickAffiLink has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The quickaffilink plugin version 1.1.0 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to good coding practices in several areas. A very high percentage of output is properly escaped, and there are no identified dangerous functions or file operations, which significantly reduces the risk of common vulnerabilities. The plugin also makes good use of prepared statements for SQL queries, with only a small portion not using them. The absence of any known vulnerabilities in its history is a strong indicator of a well-maintained and secure plugin.

However, there are notable areas of concern. The plugin exposes two unprotected entry points: one AJAX handler and one REST API route lacking permission callbacks. This is particularly worrying given that the taint analysis revealed four high-severity flows. While no critical severity flows were found, these high-severity flows, combined with the unprotected entry points, suggest a potential for attackers to exploit these weaknesses. The seven flows with unsanitized paths also raise red flags, indicating that data is not being properly validated before use in potentially sensitive operations, which could lead to various injection-style attacks if combined with the unprotected entry points.

In conclusion, while the plugin has a solid foundation with good output escaping and SQL practices, and a clean vulnerability history, the presence of unprotected entry points and high-severity taint flows presents a tangible risk. The plugin developer should prioritize addressing these specific security flaws to further strengthen its security posture and mitigate potential exploits.

Key Concerns

AJAX handler without auth checks
REST API route without permission callbacks
High severity taint flows (4)
Flows with unsanitized paths (7)
SQL queries without prepared statements (35%)

Vulnerabilities

None known

QuickAffiLink Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

QuickAffiLink Code Analysis

Dangerous Functions

Raw SQL Queries

40 prepared

Unescaped Output

404 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

65% prepared62 total queries

Output Escaping

99% escaped407 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

11 flows7 with unsanitized paths

quickaffilink_update_product_info_callback (functions.php:310)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

QuickAffiLink Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 3

authwp_ajax_quickaffilink_fetch_product_datafunctions.php:302

authwp_ajax_quickaffilink_update_product_infofunctions.php:305

authwp_ajax_quickaffilink_save_product_datafunctions.php:435

REST API Routes 1

POST/wp-json/quickaffilink/v1/record_clickfunctions.php:1034

Shortcodes 1

[quickaffilink] includes\shortcodes_handler.php:172

WordPress Hooks 11

filterplugin_action_links_quickaffilink/quickaffilink.phpfunctions.php:108

actionadmin_initfunctions.php:589

actionadmin_initfunctions.php:609

actionadmin_post_delete_productfunctions.php:873

actionadmin_post_nopriv_delete_productfunctions.php:874

actionadmin_enqueue_scriptsfunctions.php:946

actionwp_enqueue_scriptsfunctions.php:973

actionrest_api_initfunctions.php:1031

actionadmin_menuquickaffilink.php:30

actionplugins_loadedquickaffilink.php:33

actionplugins_loadedquickaffilink.php:34

Maintenance & Trust

QuickAffiLink Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedNov 8, 2024

PHP min version7.0

Downloads574

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

QuickAffiLink Alternatives

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs

Website Article Monetization By MageNet

website-article-monetization-by-magenet

100

Get additional income from your website or blog by placing text ads automatically.

20K 1 CVE

Website Monetization by MageNet

website-monetization-by-magenet

100

Get additional income from your website or blog by placing text ads automatically.

20K 1 CVE

AffiliateX – Amazon Affiliate Plugin

affiliatex

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K 3 CVEs

Ezoic

ezoic-integration

Ezoic plugin provides a simple and intuitive way to integrate and connect with the entire Ezoic technology platform for ad optimization and revenue gr …

10K 2 CVEs

Developer Profile

QuickAffiLink Developer Profile

siliconways

1 plugin · 10 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect QuickAffiLink

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/quickaffilink/assets/js/quickaffilink.js/wp-content/plugins/quickaffilink/assets/css/quickaffilink.css/wp-content/plugins/quickaffilink/assets/js/shortcode_preview.js/wp-content/plugins/quickaffilink/assets/js/quickaffilink-admin.js

Script Paths

/wp-content/plugins/quickaffilink/assets/js/quickaffilink.js/wp-content/plugins/quickaffilink/assets/js/shortcode_preview.js/wp-content/plugins/quickaffilink/assets/js/quickaffilink-admin.js

Version Parameters

quickaffilink/assets/css/quickaffilink.css?ver=quickaffilink/assets/js/quickaffilink.js?ver=quickaffilink/assets/js/shortcode_preview.js?ver=quickaffilink/assets/js/quickaffilink-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

quickaffilink-shortcode-container

Data Attributes

data-quickaffilink-product-id

JS Globals

quickaffilink_vars

Shortcode Output

[quickaffilink-display-product][quickaffilink-product-details]

FAQ