WP-Safety

Grow by Tradedoubler – Advertiser Plugin for WooCommerce Security & Risk Analysis

wordpress.org/plugins/tradedoubler-affiliate-tracker

Grow is an affiliate marketing solution for small businesses and start-ups wanting to increase online visibility, traffic, and product sales.

200 active installs v2.0.23 PHP 7.2.7+ WP 3.5+ Updated Jan 8, 2025
advertiseraffiliatemarketingtrackingtradedoubler
89
A · Safe
CVEs total1
Unpatched0
Last CVEJul 26, 2024
Plugin page Download
Safety Verdict

Is Grow by Tradedoubler – Advertiser Plugin for WooCommerce Safe to Use in 2026?

Generally Safe

Score 89/100

Grow by Tradedoubler – Advertiser Plugin for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 26, 2024Updated 1yr ago
Risk Assessment

The "tradedoubler-affiliate-tracker" plugin v2.0.23 presents a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices by ensuring all SQL queries use prepared statements and all output is properly escaped. The absence of critical or high-severity taint analysis findings is also a good sign. However, significant concerns arise from the attack surface and its vulnerability history.

The plugin exposes a single AJAX handler that lacks authentication checks, creating a direct entry point for potential attackers. This is compounded by a history that includes a past critical vulnerability classified as PHP Remote File Inclusion. While currently unpatched CVEs are zero, the nature of the past critical vulnerability suggests a potential for severe impact if similar weaknesses were to be re-introduced or if this existing unprotected AJAX endpoint could be leveraged in conjunction with other, as yet undiscovered, flaws.

In conclusion, while the code exhibits good practices in data handling and output, the unprotected AJAX endpoint and the historical presence of a critical RFI vulnerability represent significant security risks that require immediate attention. The plugin has strengths in its query and output sanitization but fundamental weaknesses in access control for its entry points.

Key Concerns

  • Unprotected AJAX handler
  • Past critical vulnerability (RFI)
  • No nonce checks on AJAX handlers
Vulnerabilities
1

Grow by Tradedoubler – Advertiser Plugin for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2024-6460critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Grow by Tradedoubler <= 2.0.21 - Unauthenticated Local File Inclusion

Jul 26, 2024 Patched in 2.0.22 (12d)
Code Analysis
Analyzed Mar 16, 2026

Grow by Tradedoubler – Advertiser Plugin for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
309 escaped
Nonce Checks
0
Capability Checks
1
File Operations
2
External Requests
7
Bundled Libraries
2

Bundled Libraries

jQuery3.6.0Select2

Output Escaping

100% escaped310 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<dashboard> (templates\dashboard.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Grow by Tradedoubler – Advertiser Plugin for WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_tm_load_datasrc\TradedoublerActions\TradedoublerActions.php:34
WordPress Hooks 12
actioninitindex.php:24
actionadmin_menuindex.php:32
filterwoocommerce_default_address_fieldsindex.php:1040
actionadmin_headsrc\TradedoublerActions\TradedoublerActions.php:23
actionadmin_footersrc\TradedoublerActions\TradedoublerActions.php:24
actioninitsrc\TradedoublerActions\TradedoublerActions.php:26
actionadmin_noticessrc\TradedoublerActions\TradedoublerActions.php:28
actionwp_loadedsrc\TradedoublerActions\TradedoublerActions.php:29
actionwp_headsrc\TradedoublerActions\TradedoublerActions.php:31
actionwoocommerce_thankyousrc\TradedoublerActions\TradedoublerActions.php:32
actionpre_post_updatesrc\TradedoublerActions\TradedoublerActions.php:45
actionwp_insert_postsrc\TradedoublerActions\TradedoublerActions.php:91
Maintenance & Trust

Grow by Tradedoubler – Advertiser Plugin for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 8, 2025
PHP min version7.2.7
Downloads12K

Community Trust

Rating60/100
Number of ratings1
Active installs200
Alternatives

Grow by Tradedoubler – Advertiser Plugin for WooCommerce Alternatives

Sovrn

Sovrn

viglink

A
100

Maximize your affiliate revenue with Sovrn Commerce - link optimization, price comparisons, and unified reporting.

1K No CVEs
LeadDyno WordPress Plugin

LeadDyno WordPress Plugin

leaddyno

A
100

Integrates the LeadDyno affiliate tracking and web analytics service into your blog/wordpress/woocommerce site.

200 No CVEs
TradeTracker Connect

TradeTracker Connect

tradetracker-connect

A
100

TradeTracker Connect enables Merchants using WooCommerce to start selling products or services using TradeTracker's Affiliate Marketing Network.

200 No CVEs
WC Affiliate – WooCommerce Affiliate Plugin

WC Affiliate – WooCommerce Affiliate Plugin

wc-affiliate

A
95

The most complete WooCommerce affiliate plugin - unlimited affiliates, real-time tracking, flexible commissions. Free to start.

200 4 CVEs
Shoparize Partner

Shoparize Partner

shoparize

A
92

Shoparize Partner Plugin for Woocommerce

100 No CVEs
Developer Profile

Grow by Tradedoubler – Advertiser Plugin for WooCommerce Developer Profile

tradedoubler

1 plugin · 200 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
12 days
View full developer profile
Detection Fingerprints

How We Detect Grow by Tradedoubler – Advertiser Plugin for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tradedoubler-affiliate-tracker/src/TradedoublerHotspot/TradedoublerHotspot.js/wp-content/plugins/tradedoubler-affiliate-tracker/src/TradedoublerRouting/TradedoublerRouting.js/wp-content/plugins/tradedoubler-affiliate-tracker/src/TradedoublerViews/TradedoublerViews.js/wp-content/plugins/tradedoubler-affiliate-tracker/src/TradedoublerActions/TradedoublerActions.js/wp-content/plugins/tradedoubler-affiliate-tracker/src/TradedoublerAPI/TradedoublerAPI.js/wp-content/plugins/tradedoubler-affiliate-tracker/src/TradedoublerDiscount/TradedoublerDiscount.js/wp-content/plugins/tradedoubler-affiliate-tracker/assets/css/tradedoubler-hotspot.css/wp-content/plugins/tradedoubler-affiliate-tracker/assets/css/tradedoubler.css+2 more
Script Paths
/wp-content/plugins/tradedoubler-affiliate-tracker/assets/js/tradedoubler-hotspot.js/wp-content/plugins/tradedoubler-affiliate-tracker/assets/js/tradedoubler.js
Version Parameters
tradedoubler-affiliate-tracker/assets/css/tradedoubler-hotspot.css?ver=tradedoubler-affiliate-tracker/assets/css/tradedoubler.css?ver=tradedoubler-affiliate-tracker/assets/js/tradedoubler-hotspot.js?ver=tradedoubler-affiliate-tracker/assets/js/tradedoubler.js?ver=

HTML / DOM Fingerprints

CSS Classes
tradedoublerApp
Data Attributes
data-td-action-urldata-td-api-keydata-td-affiliate-iddata-td-campaign-iddata-td-tracker-id
JS Globals
tradedoublerApp
FAQ

Frequently Asked Questions about Grow by Tradedoubler – Advertiser Plugin for WooCommerce