WP-Safety

RefPress – Affiliates Manager Plugin Security & Risk Analysis

wordpress.org/plugins/refpress

WordPress Affiliate Plugin. The most powerful affiliates plugin to start Affiliate Marketing Program and spread your business.

0 active installs v1.0.0 PHP 7.1.0+ WP 4.7+ Updated Sep 23, 2021
affiliateaffiliate-marketingaffiliates-managergrowth-marketingreferral
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is RefPress – Affiliates Manager Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

RefPress – Affiliates Manager Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The refpress plugin version 1.0.0 presents a concerning security posture primarily due to an unprotected AJAX handler, which represents its entire attack surface for direct external interaction. While the plugin exhibits some good practices like a low number of file operations and no external HTTP requests, the lack of authentication on its single entry point is a significant vulnerability. The code analysis reveals a concerning trend in SQL query handling, with only 12% using prepared statements, and a similarly low rate of proper output escaping at 29%. This suggests a high risk of SQL injection and cross-site scripting (XSS) vulnerabilities, despite the absence of reported critical taint flows in the static analysis. The vulnerability history being clean is a positive sign, indicating that historically, the plugin has not been a source of known exploits. However, this does not negate the immediate risks identified in the current version's code. The plugin's strengths lie in its contained nature and absence of external dependencies or file manipulation, but these are overshadowed by the critical oversight in securing its primary interaction point.

Key Concerns

  • Unprotected AJAX handler
  • Low percentage of prepared SQL statements
  • Low percentage of properly escaped output
Vulnerabilities
None known

RefPress – Affiliates Manager Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

RefPress – Affiliates Manager Plugin Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

RefPress – Affiliates Manager Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
30
4 prepared
Unescaped Output
158
64 escaped
Nonce Checks
4
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

12% prepared34 total queries

Output Escaping

29% escaped222 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
<list> (includes\admin\accounts\list.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

RefPress – Affiliates Manager Plugin Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_refpress_save_settingsincludes\Ajax_Actions.php:13
WordPress Hooks 37
actionadmin_menuincludes\admin\Bootstrap.php:13
filterdisplay_post_statesincludes\admin\Bootstrap.php:14
actionrefpress_settings/field_group/after/payouts/payout_methodsincludes\admin\Payouts.php:14
actionrefpress_after_save_settingsincludes\admin\Payouts.php:17
filterquery_varsincludes\admin\Permalinks.php:13
actiongenerate_rewrite_rulesincludes\admin\Permalinks.php:14
actionadmin_enqueue_scriptsincludes\App.php:33
actionwp_enqueue_scriptsincludes\App.php:34
actionadmin_enqueue_scriptsincludes\App.php:36
actionwp_enqueue_scriptsincludes\App.php:37
actionin_admin_headerincludes\App.php:39
filtertemplate_includeincludes\functions-hooks.php:3
actionrefpress_db_update_afterincludes\functions-hooks.php:45
actionrefpress_new_account_afterincludes\functions-hooks.php:62
actionrefpress_accounts_status_update_afterincludes\functions-hooks.php:63
filterrefpress_form_errorsincludes\functions-request.php:444
filterrefpress_form_errorsincludes\functions-request.php:470
filterrefpress_settings_integrationincludes\integrations\EDD.php:14
actionadd_meta_boxesincludes\integrations\EDD.php:17
actionsave_postincludes\integrations\EDD.php:18
actionedd_insert_paymentincludes\integrations\EDD.php:20
actionedd_update_payment_statusincludes\integrations\EDD.php:21
actionedd_payment_deleteincludes\integrations\EDD.php:22
filteredd_payments_table_columnsincludes\integrations\EDD.php:25
actionedd_payments_table_columnincludes\integrations\EDD.php:26
filterwoocommerce_product_data_tabsincludes\integrations\WC.php:14
actionwoocommerce_product_data_panelsincludes\integrations\WC.php:15
actionwoocommerce_checkout_update_order_metaincludes\integrations\WC.php:16
filtermanage_shop_order_posts_columnsincludes\integrations\WC.php:17
actionmanage_shop_order_posts_custom_columnincludes\integrations\WC.php:18
actionwoocommerce_order_status_changedincludes\integrations\WC.php:20
actiontemplate_redirectincludes\Referral.php:13
actionrefpress_user_register_afterincludes\Ref_Accounts.php:17
actiontemplate_redirectincludes\Ref_Accounts.php:18
actionuser_registerincludes\Ref_Accounts.php:21
filterrefpress_admin_accounts_pageincludes\Ref_Accounts.php:24
actioninitrefpress.php:57
Maintenance & Trust

RefPress – Affiliates Manager Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedSep 23, 2021
PHP min version7.1.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

RefPress – Affiliates Manager Plugin Alternatives

Affiliates

Affiliates

affiliates

A
100

The Affiliates system provides the most powerful growth-oriented tools to run a successful Affiliate Marketing Program.

2K No CVEs
Affiliates Events Manager

Affiliates Events Manager

affiliates-events-manager

A
100

Integrates Affiliates, Affiliates Pro and Affiliates Enterprise with Events Manager.

40 No CVEs
Affiliates Import

Affiliates Import

affiliates-import

A
100

Import affiliate accounts with Affiliates, Affiliates Pro and Affiliates Enterprise.

30 No CVEs
Affiliates WooCommerce Light

Affiliates WooCommerce Light

affiliates-woocommerce-light

A
100

Grow your Business with your own Affiliate Network and let your partners earn commissions on referred sales. Integrates Affiliates and WooCommerce.

1K No CVEs
WP Referral Code

WP Referral Code

wp-referral-code

A
92

This plugin brings referral marketing to your WordPress website. It's dead simple, fast, customizable, and it's all free!

700 No CVEs
Developer Profile

RefPress – Affiliates Manager Plugin Developer Profile

themeqx

5 plugins · 130 total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect RefPress – Affiliates Manager Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/refpress/public/libraries/select2/css/select2.min.css/wp-content/plugins/refpress/public/libraries/select2/js/select2.min.js/wp-content/plugins/refpress/public/libraries/Chart.js/Chart.bundle.min.js/wp-content/plugins/refpress/public/css/refpress.css/wp-content/plugins/refpress/public/css-rtl/refpress-rtl.css/wp-content/plugins/refpress/public/js/refpress.js
Script Paths
/wp-content/plugins/refpress/public/libraries/select2/js/select2.min.js/wp-content/plugins/refpress/public/libraries/Chart.js/Chart.bundle.min.js/wp-content/plugins/refpress/public/js/refpress.js
Version Parameters
refpress/public/css/refpress.css?ver=refpress/public/css-rtl/refpress-rtl.css?ver=refpress/public/js/refpress.js?ver=refpress-select2?ver=refpress-chart.js?ver=

HTML / DOM Fingerprints

CSS Classes
refpress-section-headingrefpress-content
HTML Comments
<!-- RefPress ChartJS Supported pages in Array --><!-- Tell WP if RefPress should load ChartJS --><!-- RefPress --><!-- RefPress Settings -->
Data Attributes
data-refpress-settings
JS Globals
_refpress
FAQ

Frequently Asked Questions about RefPress – Affiliates Manager Plugin