Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Security & Risk Analysis

wordpress.org/plugins/simple-urls

Simple URLs helps you to manage links, create product displays, and grow your affiliate marketing business.

4K active installs v145 PHP 7.2+ WP 5.1+ Updated Mar 3, 2026

affiliateaffiliate-link-manageraffiliate-marketingamazon-affiliatelink-cloaking

A · Safe

CVEs total6

Unpatched0

Last CVEOct 11, 2023

Plugin page Download

Safety Verdict

Is Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Safe to Use in 2026?

Generally Safe

Score 98/100

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Oct 11, 2023Updated 1mo ago

Risk Assessment

The "simple-urls" plugin v145 presents a mixed security posture. While it demonstrates good practices with 100% of its SQL queries utilizing prepared statements and a notable number of output escaping operations, significant concerns remain. The plugin has a substantial attack surface with 44 AJAX handlers lacking authentication checks, and 7 taint analysis flows identified as unsanitized paths, with 4 of high severity. This combination of unprotected entry points and potential for code execution or data manipulation through unsanitized input is a serious risk.

The vulnerability history of "simple-urls" is also a cause for concern. With 6 known CVEs, including a historically significant medium severity SQL injection and cross-site scripting vulnerabilities, it indicates a pattern of past security weaknesses. The absence of currently unpatched vulnerabilities is a positive, but the frequent discovery of different types of vulnerabilities suggests potential ongoing issues in secure coding practices within the plugin's development.

In conclusion, while the plugin benefits from prepared SQL statements and extensive output escaping, the high number of unprotected AJAX handlers and critical taint flows present a significant risk of unauthorized access and code execution. The historical trend of various vulnerability types warrants caution and suggests that users should be vigilant about future updates and potential security disclosures.

Key Concerns

44 unprotected AJAX handlers
4 high severity taint flows (unsanitized paths)
Total of 7 unsanitized path taint flows
6 known CVEs with past vulnerabilities
Use of dangerous function 'exec'
Only 3 capability checks found
Only 2 nonce checks found
68% output escaping (potential for XSS)

Vulnerabilities

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Security Vulnerabilities

CVEs by Year

6 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

6 total CVEs

CVE-2023-45606medium · 5.4Cross-Site Request Forgery (CSRF)

Simple URLs <= 120 - Cross-Site Request Forgery via Multiple AJAX Actions

Oct 11, 2023 Patched in 121 (104d)

CVE-2023-40678medium · 4.3Missing Authorization

Simple URLs <= 117 - Missing Authorization via AJAX actions

Aug 21, 2023 Patched in 118 (155d)

CVE-2023-40667medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple URLs <= 117 - Reflected Cross-Site Scripting via 'post_id'

Aug 21, 2023 Patched in 118 (155d)

CVE-2023-40674medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple URLs <= 118 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 21, 2023 Patched in 119 (155d)

CVE-2023-0098high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection

Jan 17, 2023 Patched in 115 (371d)

CVE-2023-0099medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple URLs <= 114 - Reflected Cross-Site Scripting

Jan 17, 2023 Patched in 115 (371d)

Code Analysis

Analyzed Mar 16, 2026

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Code Analysis

Dangerous Functions

Raw SQL Queries

49 prepared

Unescaped Output

127

272 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec@exec( $cmd, $output ); // phpcs:ignoreclasses\class-helper.php:1132

Bundled Libraries

Select2TinyMCEGuzzle

SQL Query Safety

100% prepared49 total queries

Output Escaping

68% escaped399 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths

<index> (admin\views\dashboard\index.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

44 unprotected

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Attack Surface

Entry Points45

Unprotected44

AJAX Handlers 44

authwp_ajax_lasso_lite_get_list_background_processingclasses\processes\class-process.php:70

authwp_ajax_lasso_lite_add_a_new_linkpages\class-ajax.php:27

authwp_ajax_lasso_lite_get_singlepages\class-ajax.php:28

authwp_ajax_lasso_lite_get_shortcode_contentpages\class-ajax.php:29

authwp_ajax_lasso_lite_get_display_htmlpages\class-ajax.php:30

authwp_ajax_lasso_lite_get_link_quick_detailpages\class-ajax.php:31

authwp_ajax_lasso_lite_save_link_quick_detailpages\class-ajax.php:32

authwp_ajax_lasso_lite_get_click_snapshotpages\class-ajax.php:33

authwp_ajax_lasso_lite_get_link_issues_snapshotpages\class-ajax.php:34

authwp_ajax_lasso_lite_get_links_issues_totalspages\class-ajax.php:35

authwp_ajax_lasso_lite_get_earnings_estimatepages\class-ajax.php:36

authwp_ajax_lasso_lite_get_external_signup_configpages\class-ajax.php:37

authwp_ajax_lasso_lite_external_signuppages\class-ajax.php:38

authwp_ajax_lasso_lite_external_signup_exchangepages\class-ajax.php:39

authwp_ajax_lasso_lite_get_setup_progresspages\class-ajax.php:40

authwp_ajax_lasso_lite_save_supportpages\class-ajax.php:41

authwp_ajax_lasso_lite_save_lasso_accountpages\class-ajax.php:42

authwp_ajax_lasso_lite_check_existing_accountpages\class-ajax.php:43

authwp_ajax_lasso_lite_review_snoozepages\class-ajax.php:44

authwp_ajax_lasso_lite_disable_reviewpages\class-ajax.php:45

authwp_ajax_lasso_lite_dismiss_noticepages\class-ajax.php:46

authwp_ajax_lasso_lite_disable_affiliate_promotionspages\class-ajax.php:47

authwp_ajax_lasso_lite_dashboard_get_listpages\dashboard\class-ajax.php:25

authwp_ajax_lasso_lite_update_supportpages\dashboard\class-ajax.php:26

authwp_ajax_lasso_lite_update_customer_flow_enabledpages\dashboard\class-ajax.php:27

authwp_ajax_lasso_lite_store_categorypages\groups\class-ajax.php:26

authwp_ajax_lasso_lite_group_get_listpages\groups\class-ajax.php:27

authwp_ajax_lasso_lite_group_get_linkspages\groups\class-ajax.php:28

authwp_ajax_lasso_lite_delete_categorypages\groups\class-ajax.php:29

authwp_ajax_lasso_lite_importpages\import-urls\class-ajax.php:29

authwp_ajax_lasso_lite_import_all_linkspages\import-urls\class-ajax.php:31

authwp_ajax_lasso_lite_revert_all_linkspages\import-urls\class-ajax.php:32

authwp_ajax_lasso_lite_import_single_linkpages\import-urls\class-ajax.php:34

authwp_ajax_lasso_lite_revert_single_linkpages\import-urls\class-ajax.php:35

authwp_ajax_lasso_lite_is_import_all_processingpages\import-urls\class-ajax.php:37

authwp_ajax_lasso_lite_activate_licensepages\install\class-ajax.php:23

authwp_ajax_lasso_lite_save_settings_amazonpages\settings\class-ajax.php:26

authwp_ajax_lasso_lite_save_settings_generalpages\settings\class-ajax.php:27

authwp_ajax_lasso_lite_store_settingspages\settings\class-ajax.php:28

authwp_ajax_lasso_lite_reactivate_licensepages\settings\class-ajax.php:29

authwp_ajax_lasso_lite_save_lasso_urlpages\url-details\class-ajax.php:22

authwp_ajax_lasso_lite_delete_postpages\url-details\class-ajax.php:23

authwp_ajax_lasso_lite_save_amazon_tracking_idpages\url-details\class-ajax.php:24

authwp_ajax_lasso_lite_upload_thumbnailpages\url-details\class-hook.php:28

Shortcodes 1

[lasso] pages\class-hook.php:49

WordPress Hooks 57

filtercron_schedulesclasses\class-cron.php:40

actionlasso_lite_tracking_support_statusclasses\class-cron.php:41

actionlasso_lite_import_allclasses\class-cron.php:42

actionlasso_lite_revert_allclasses\class-cron.php:43

actionlasso_lite_update_amazonclasses\class-cron.php:44

actionlasso_lite_amazon_shortlinkclasses\class-cron.php:45

actionlasso_lite_update_license_statusclasses\class-cron.php:46

actionlasso_lite_cron_get_snippetclasses\class-cron.php:47

actionlasso_lite_cron_get_js_domainclasses\class-cron.php:48

actionlasso_lite_cron_get_infoclasses\class-cron.php:49

filterpost_updated_messagesincludes\class-simple-urls-admin.php:19

actionadmin_menuincludes\class-simple-urls-admin.php:20

actionsave_postincludes\class-simple-urls-admin.php:21

actionmanage_posts_custom_columnincludes\class-simple-urls-admin.php:22

filtermanage_edit-surl_columnsincludes\class-simple-urls-admin.php:23

actionplugins_loadedincludes\class-simple-urls.php:21

actioninitincludes\class-simple-urls.php:22

actiontemplate_redirectincludes\class-simple-urls.php:23

filterwp_link_queryincludes\class-simple-urls.php:24

actionadmin_initpages\class-hook.php:42

actioninitpages\class-hook.php:43

actionadmin_menupages\class-hook.php:44

actioninitpages\class-hook.php:45

actionupgrader_process_completepages\class-hook.php:46

filterpre_do_shortcode_tagpages\class-hook.php:50

actionwp_headpages\class-hook.php:52

actionadmin_headpages\class-hook.php:53

actionadmin_headpages\class-hook.php:54

actionwp_enqueue_scriptspages\class-hook.php:55

actionadmin_enqueue_scriptspages\class-hook.php:57

actionadmin_enqueue_scriptspages\class-hook.php:58

filtercustom_menu_orderpages\class-hook.php:61

actionenqueue_block_editor_assetspages\class-hook.php:64

actionelementor/initpages\class-hook.php:67

filtermce_external_pluginspages\class-hook.php:70

filtermce_buttonspages\class-hook.php:71

filtersimple_urls_redirect_urlpages\class-hook.php:73

actionadmin_footerpages\class-hook.php:75

filterrest_pre_echo_responsepages\class-hook.php:77

filterwp_link_querypages\class-hook.php:79

filterupdate_footerpages\class-hook.php:80

filterrocket_exclude_jspages\class-hook.php:83

filterquery_varspages\class-hook.php:85

actiontemplate_redirectpages\class-hook.php:88

actionadmin_enqueue_scriptspages\class-hook.php:150

actionadmin_footerpages\class-hook.php:154

actionadmin_footerpages\class-hook.php:155

actionadmin_noticespages\class-hook.php:178

actionwp_footerpages\class-hook.php:181

actionadmin_footerpages\class-hook.php:182

actionelementor/widgets/registerpages\class-hook.php:1105

actionelementor/editor/before_enqueue_stylespages\class-hook.php:1106

actionelementor/document/after_savepages\class-hook.php:1110

actionlasso_import_all_processpages\import-urls\class-hook.php:20

filterget_edit_post_linkpages\url-details\class-hook.php:27

filterwp_link_querypages\url-details\class-hook.php:31

filterrest_pre_echo_responsepages\url-details\class-hook.php:32

Maintenance & Trust

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 3, 2026

PHP min version7.2

Downloads260K

Community Trust

Rating60/100

Number of ratings44

Active installs4K

Alternatives

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Alternatives

AffiliateX – Amazon Affiliate Plugin

affiliatex

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K 3 CVEs

Affiliate Amazon Shortcode

affiliate-amazon-shortcode

100

Display Amazon products with customizable shortcodes. Now with Amazon Creators API support, smart caching, and automatic throttling protection.

200 No CVEs

WP Affiliate Link Manager

affiliate-booster

WP Affiliate Link Manager add the links to your keywords based on the selection being made to make it easier to add the link to the keywords.

10 No CVEs

ShoutCodes Lite

shoutcodes-lite

100

The fastest & powerful affiliate link management plugin. Create branded cloaked URL for your domain name.

10 No CVEs

Boxyfy – Ultimate Affiliate Tool: Product Boxes, Price Alerts, Heatmap and AI

boxyfy

100

Build engaging product pages with dynamic rankings, product boxes, comparison tables, price charts, and real-time Amazon data retrieval.

0 No CVEs

Developer Profile

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Developer Profile

Andrew Fiebert

1 plugin · 4K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

219 days

View full developer profile

Detection Fingerprints

How We Detect Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-urls/admin/assets/css/simple-urls.css/wp-content/plugins/simple-urls/admin/assets/js/simple-urls-admin.js

Script Paths

/wp-content/plugins/simple-urls/admin/assets/js/simple-urls-admin.js

Version Parameters

simple-urls/admin/assets/css/simple-urls.css?ver=simple-urls/admin/assets/js/simple-urls-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

simple-urls-wrapsu-content-wrapper

Data Attributes

data-su-id

JS Globals

simple_urls_params

REST Endpoints

/wp-json/simple-urls/v1/urls

Shortcode Output

[su_button url=

FAQ

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Security & Risk Analysis

Is Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Safe to Use in 2026?

Generally Safe

Key Concerns

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Security Vulnerabilities

CVEs by Year

Severity Breakdown

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Attack Surface

AJAX Handlers 44

Shortcodes 1

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Maintenance & Trust

Maintenance Signals

Community Trust

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Alternatives

AffiliateX – Amazon Affiliate Plugin

Affiliate Amazon Shortcode

WP Affiliate Link Manager

ShoutCodes Lite

Boxyfy – Ultimate Affiliate Tool: Product Boxes, Price Alerts, Heatmap and AI

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Developer Profile

How We Detect Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management