Does Sotmarket Affiliate plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Sotmarket Affiliate plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sotmarket Affiliate plugin compatible with WordPress 3.6.1?

According to WordPress.org data, Sotmarket Affiliate plugin 3.0.9 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Sotmarket Affiliate plugin updated?

Sotmarket Affiliate plugin was last updated on Oct 4, 2013. Frequent updates are generally a positive security signal.

What is Sotmarket Affiliate plugin's security score?

Sotmarket Affiliate plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sotmarket Affiliate plugin Security & Risk Analysis

wordpress.org/plugins/sotmarket-affiliate-plugin

Универсальный плагин для работы с партнёрской программой sotmarket.ru

10 active installs v3.0.9 PHP + WP 3.0.0+ Updated Oct 4, 2013

affiliateecommercesidebarwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sotmarket Affiliate plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Sotmarket Affiliate plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "sotmarket-affiliate-plugin" version 3.0.9 exhibits a concerning security posture despite a lack of publicly disclosed vulnerabilities. The static analysis reveals significant red flags, particularly in how the plugin handles data and performs operations. A large number of dangerous functions are present, including `unserialize`, `assert`, and `create_function`. Furthermore, the plugin exclusively uses raw SQL queries without prepared statements, which is a common vector for SQL injection vulnerabilities. The complete absence of proper output escaping across all identified output points is extremely worrying, suggesting a high likelihood of cross-site scripting (XSS) flaws. The taint analysis also highlights critical severity flows with unsanitized paths, indicating potential for severe data manipulation or execution vulnerabilities. While the plugin has no recorded CVEs, this absence of historical vulnerabilities does not equate to a secure codebase, especially given the extensive code-level risks identified. The plugin demonstrates some good practices with nonce and capability checks, but these are overshadowed by the critical flaws in data handling and output sanitization. The overall risk is high, and immediate attention to code quality is recommended.

Key Concerns

Critical taint flows with unsanitized paths
SQL queries exclusively without prepared statements
No proper output escaping
Presence of dangerous functions (unserialize, assert, create_function)
File operations without clear sanitization context

Vulnerabilities

None known

Sotmarket Affiliate plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Sotmarket Affiliate plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

249

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$sResult = unserialize($sContent);classes\SotmarketClientCacheFile.php:35

assertassert('gettype($className) == "string" && preg_match("/^[a-z_][a-z0-9_]*$/i", $className)');classes\SotmarketRPCClient.php:57

assertassert('$rc->hasMethod("instance")');classes\SotmarketRPCClient.php:65

assertassert('$rm->isPublic()');classes\SotmarketRPCClient.php:67

assertassert('$rm->isStatic()');classes\SotmarketRPCClient.php:68

assertassert('$result instanceof ' . $className);classes\SotmarketRPCClient.php:70

assertassert('gettype($aFullResponse) == "array"');classes\SotmarketRPCClient.php:158

unserializelist($this->errors, $this->warnings, $this->code, $this->message) = unserialize($serialized);classes\SotmarketRPCException.php:16

assertassert('gettype($request) == "array"');classes\SotmarketRPCServer.php:55

assertassert('gettype(@$request["className"]) == "string"');classes\SotmarketRPCServer.php:56

assertassert('gettype(@$request["methodName"]) == "string"');classes\SotmarketRPCServer.php:57

assertassert('gettype(@$request["args"]) == "array"');classes\SotmarketRPCServer.php:58

assertassert('@$request["auxdata"] === NULL || ($request["auxdata"] instanceof SotmarketRPCRequestAuxData)classes\SotmarketRPCServer.php:59

assertassert('$response["auxdata"] === NULL || ($response["auxdata"] instanceof SotmarketRPCResponseAuxDatclasses\SotmarketRPCServer.php:72

unserialize$args = @unserialize($_GET['args']);classes\SotmarketRPCServer.php:179

assertassert(is_array($args));classes\SotmarketRPCServer.php:180

assertassert('$responseAuxData === NULL || ($responseAuxData instanceof SotmarketRPCResponseAuxData)');classes\SotmarketRPCServer.php:187

assertassert('$object instanceof SotmarketRPCServerObject');classes\SotmarketRPCServer.php:251

assertassert(in_array($methodName, $object->rpcMethodNames()));classes\SotmarketRPCServer.php:253

assertassert('$class->hasMethod($methodName)');classes\SotmarketRPCServer.php:255

assertassert('$method->isPublic()');classes\SotmarketRPCServer.php:257

unserialize$x = @unserialize($s);classes\SotmarketSerializer.php:61

unserializereturn @unserialize($x["x"]);classes\SotmarketSerializer.php:70

create_functionadd_action('widgets_init', create_function('', 'return register_widget("Sotmarket_Info_Widget");'));sotmarket.php:23

create_functionadd_action('widgets_init', create_function('', 'return register_widget("Sotmarket_Related_Widget");'sotmarket.php:24

create_functionadd_action('widgets_init', create_function('', 'return register_widget("Sotmarket_Analog_Widget");')sotmarket.php:25

create_functionadd_action('widgets_init', create_function('', 'return register_widget("Sotmarket_Popular_Widget");'sotmarket.php:26

create_functionadd_action('admin_init', create_function('', 'return new SotmarketAdminTab();'));SotmarketAdminTab.php:285

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped249 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

sotmarket_wp_options_page (sotmarket.php:126)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sotmarket Affiliate plugin Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actionwidgets_initsotmarket.php:23

actionwidgets_initsotmarket.php:24

actionwidgets_initsotmarket.php:25

actionwidgets_initsotmarket.php:26

actioninitsotmarket.php:28

actionadmin_menusotmarket.php:110

filterthe_contentsotmarket.php:112

filterthe_contentsotmarket.php:114

filterthe_contentsotmarket.php:116

filterthe_contentsotmarket.php:118

actionadd_meta_boxesSotmarketAdminTab.php:9

actionadmin_initSotmarketAdminTab.php:285

Maintenance & Trust

Sotmarket Affiliate plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedOct 4, 2013

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Sotmarket Affiliate plugin Alternatives

Amazon Ranking

amazon-ranking

This widget shows Amazon Bestsellers, Hot New Releases, Most Gifted and Most Wished For.

10 No CVEs

Ownyourblog Banner Widget

ownyourblog-banner-widget

Simple, but powerful widget to show any banner you want in your sidebar. One-click solution!

10 No CVEs

StackCommerce Deal Feed

stackcommerce-deal-feed

The StackCommerce Deal Feed plugin is the best way to surface curated and relevant tech & lifestyle deals in front of your readers.

10 No CVEs

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager

custom-sidebars

Flexible sidebars for custom classic widget configurations on any page or post. Create custom sidebars with ease!

100K 3 CVEs

Developer Profile

Sotmarket Affiliate plugin Developer Profile

GSMtricks

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sotmarket Affiliate plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sotmarket-affiliate-plugin/js/sotmarket_affiliate_plugin.js/wp-content/plugins/sotmarket-affiliate-plugin/css/style.css

Script Paths

/wp-content/plugins/sotmarket-affiliate-plugin/js/sotmarket_affiliate_plugin.js

Version Parameters

sotmarket-affiliate-plugin/css/style.css?ver=sotmarket-affiliate-plugin/js/sotmarket_affiliate_plugin.js?ver=

HTML / DOM Fingerprints

HTML Comments

FAQ

Sotmarket Affiliate plugin Security & Risk Analysis

Is Sotmarket Affiliate plugin Safe to Use in 2026?

Generally Safe

Key Concerns

Sotmarket Affiliate plugin Security Vulnerabilities

Sotmarket Affiliate plugin Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Sotmarket Affiliate plugin Attack Surface

Sotmarket Affiliate plugin Maintenance & Trust

Maintenance Signals

Community Trust

Sotmarket Affiliate plugin Alternatives

Amazon Ranking

Ownyourblog Banner Widget

StackCommerce Deal Feed

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager

Sotmarket Affiliate plugin Developer Profile

How We Detect Sotmarket Affiliate plugin

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Sotmarket Affiliate plugin