[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCfoJBQGAYAuUuTNhZzm48K_v_bzn_2I-Sah4qVPqtnE":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":55,"analysis":89,"fingerprints":298},"wecantrack","Affiliate Sales in Google Analytics and other tools","4.0.2","https:\u002F\u002Fprofiles.wordpress.org\u002Fwecantrack\u002F","\u003Cp>We Can Track is an affiliate data tracking, processing and integration software that attributes affiliate sales data to publishers’ traffic data.\u003Cbr \u002F>\nWith We Can Track, affiliate publishers can finally integrate their sales data in the marketing tools they use.\u003C\u002Fp>\n\u003Cp>Registration is free and you will be able to make use of a 30 days trial period once you connected network accounts.\u003C\u002Fp>\n\u003Cp>By installing and enabling the We Can Track plugin, your affiliate links will automatically contain unique SubIDs that will be used to trace a sale back to the click it originated from.\u003C\u002Fp>\n\u003Cp>Furthermore, the We Can Track plugin is compliant with most redirection (cloaking) plugins, making automatic SubID placements possible.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English – default, always included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n","Integrate all your affiliate sales in Google Analytics, Google Ads, Facebook, Data Studio and more!",2000,38242,96,12,"2025-11-13T21:55:00.000Z","6.8.5","5.0","7.4",[19,20,21,22,23],"affiliate-conversion-tracking","affiliate-dashboard","google-ads-integration","google-analytics-integration","subid-tracking","https:\u002F\u002Fwecantrack.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwecantrack.4.0.2.zip",99,1,0,"2025-05-20 20:30:45","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-12561","affiliate-sales-in-google-analytics-and-other-tools-open-redirect","Affiliate Sales in Google Analytics and other tools \u003C= 2.0.0 - Open Redirect","The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.0. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.",null,"\u003C=2.0.0","2.0.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","URL Redirection to Untrusted Site ('Open Redirect')","2025-07-03 12:39:15",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa4b205ab-f042-46d9-a331-f18809477384?source=api-prod",44,{"slug":4,"display_name":4,"profile_url":7,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":52,"trust_score":53,"computed_at":54},2,5000,98,214,78,"2026-04-04T01:06:25.903Z",[56,75],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":27,"last_updated":67,"tested_up_to":15,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":73,"download_link":74,"security_score":66,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"affiliatewp-affiliate-area-tabs","AffiliateWP – Affiliate Area Tabs","1.4.2","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cblockquote>\n\u003Cp>This plugin requires \u003Ca href=\"https:\u002F\u002Faffiliatewp.com\u002F\" title=\"AffiliateWP\" rel=\"nofollow ugc\">AffiliateWP\u003C\u002Fa> in order to function.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Affiliate Area Tabs allows you to add custom tabs to AffiliateWP’s Affiliate Area. Each tab is linked to a WordPress page making it exceptionally easy to add and manage the tab’s content. Pages assigned to a tab are only viewable to affiliates.\u003C\u002Fp>\n\u003Cp>Affiliate Area Tabs allows you to:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add new custom tabs to your Affiliate Area\u003C\u002Fli>\n\u003Cli>Reorder any tab via drag and drop\u003C\u002Fli>\n\u003Cli>Hide tabs from appearing on the front-end Affiliate Area\u003C\u002Fli>\n\u003Cli>Manage tabs added by other AffiliateWP add-ons (Direct Link Tracking, Show Affiliate Coupons, Order Details For Affiliates)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Here are just some of the things you could do:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add a “Request Payout” tab and then insert a form. Your affiliates can now request that they be paid at any time.\u003C\u002Fli>\n\u003Cli>Add a “Contact” tab and insert a contact form. Your affiliates can now contact you from the Affiliate Area.\u003C\u002Fli>\n\u003Cli>Add a “FAQs” tab and insert some common questions and answers for your affiliates.\u003C\u002Fli>\n\u003Cli>Add an “Important Dates” tab and list some special dates and promotions for your affiliates to remember.\u003C\u002Fli>\n\u003Cli>Add a “URLs” tab and list some special URLs (landing pages or product pages) for your affiliates. You can even show their own referral URL using AffiliateWP’s [affiliate_referral_url] shortcode.\u003C\u002Fli>\n\u003Cli>Add a “Leaderboard” tab and insert an affiliate leaderboard, using the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faffiliatewp-leaderboard\u002F\" title=\"AffiliateWP Leaderboard\" rel=\"ugc\">AffiliateWP Leaderboard\u003C\u002Fa> plugin.\u003C\u002Fli>\n\u003Cli>Add a “News” tab and share important news with your affiliates (or link to other blog posts).\u003C\u002Fli>\n\u003Cli>Add an “Affiliate Brand Assets” or “Downloadables” tab, and add documents or images from your WordPress Media Library that don’t suit the existing Creatives tab.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>What is AffiliateWP?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Faffiliatewp.com\u002F\" title=\"AffiliateWP\" rel=\"nofollow ugc\">AffiliateWP\u003C\u002Fa> provides a complete affiliate management system for your WordPress website that seamlessly integrates with all major WordPress e-commerce and membership platforms. It aims to provide everything you need in a simple, clean, easy to use system that you will love to use.\u003C\u002Fp>\n","Add and reorder tabs in AffiliateWP's Affiliate Area",4000,70499,100,"2025-05-20T03:06:00.000Z","5.2",[70,20,71,72],"affiliate-area","affiliatewp","custom-tabs","https:\u002F\u002Faffiliatewp.com\u002Faddons\u002Faffiliate-area-tabs\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliatewp-affiliate-area-tabs.1.4.2.zip",{"slug":76,"name":77,"version":78,"author":60,"author_profile":61,"description":79,"short_description":80,"active_installs":10,"downloaded":81,"rating":28,"num_ratings":28,"last_updated":82,"tested_up_to":15,"requires_at_least":68,"requires_php":17,"tags":83,"homepage":87,"download_link":88,"security_score":66,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"affiliatewp-order-details-for-affiliates","AffiliateWP – Order Details For Affiliates","1.3.0","\u003Cblockquote>\n\u003Cp>This plugin requires \u003Ca href=\"https:\u002F\u002Faffiliatewp.com\u002F\" title=\"AffiliateWP\" rel=\"nofollow ugc\">AffiliateWP\u003C\u002Fa> 2.6+. \u003Cstrong>It will NOT function without it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This add-on adds a new area to the affiliate’s dashboard that allows a logged-in affiliate to see specific information about the order that their referral generated. Currently it works with both Easy Digital Downloads and WooCommerce.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Affiliates can see order details for each referral they generated from their affiliate dashboard\u003C\u002Fli>\n\u003Cli>Globally enable access to the order details for all affiliates\u003C\u002Fli>\n\u003Cli>Enable access on a per-affiliate level to the order details\u003C\u002Fli>\n\u003Cli>Send an email to the affiliate with the order details included\u003C\u002Fli>\n\u003Cli>Disable specific information from showing to the affiliate\u003C\u002Fli>\n\u003Cli>A [affiliate_order_details] shortcode for showing the order details on any WordPress page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The following details can be shown an affiliate who has access:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Order Number\u003C\u002Fli>\n\u003Cli>Order Date\u003C\u002Fli>\n\u003Cli>Order Total\u003C\u002Fli>\n\u003Cli>Referral Amount\u003C\u002Fli>\n\u003Cli>Coupon Code Used\u003C\u002Fli>\n\u003Cli>Customer Name\u003C\u002Fli>\n\u003Cli>Customer Email\u003C\u002Fli>\n\u003Cli>Customer Phone (only available in WooCommerce)\u003C\u002Fli>\n\u003Cli>Customer Shipping Address (only available in WooCommerce)\u003C\u002Fli>\n\u003Cli>Customer Billing Address (only available in WooCommerce)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>These can also be easily turned off via a simple filter (see FAQ tab). In addition to disabling the information that is shown, you can customize the layout by editing the \u003Ccode>dashboard-tab-order-details.php\u003C\u002Fcode> template file from your child theme.\u003C\u002Fp>\n\u003Cp>The affiliate will also be emailed these details at the time the referral was created.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is AffiliateWP?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Faffiliatewp.com\u002F\" title=\"AffiliateWP\" rel=\"nofollow ugc\">AffiliateWP\u003C\u002Fa> provides a complete affiliate management system for your WordPress website that seamlessly integrates with all major WordPress e-commerce and membership platforms. It aims to provide everything you need in a simple, clean, easy to use system that you will love to use.\u003C\u002Fp>\n","Allow affiliates to see order details on referrals they generated",29004,"2025-05-08T20:14:00.000Z",[20,71,84,85,86],"customer-information","order-details","referral-details","https:\u002F\u002Faffiliatewp.com\u002Faddons\u002Forder-details-affiliates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliatewp-order-details-for-affiliates.1.3.0.zip",{"attackSurface":90,"codeSignals":134,"taintFlows":224,"riskAssessment":284,"analyzedAt":297},{"hooks":91,"ajaxHandlers":121,"restRoutes":131,"shortcodes":132,"cronEvents":133,"entryPointCount":49,"unprotectedCount":49},[92,98,103,107,111,117],{"type":93,"name":94,"callback":95,"file":96,"line":97},"action","template_redirect","wecantrack_handle_deprecated_go_redirect","wecantrack.php",42,{"type":93,"name":99,"callback":100,"priority":101,"file":96,"line":102},"upgrader_process_complete","wecantrack_plugin_upgraded",10,56,{"type":93,"name":104,"callback":104,"file":105,"line":106},"admin_menu","WecantrackAdmin.php",60,{"type":93,"name":108,"callback":109,"file":105,"line":110},"admin_enqueue_scripts","enqueue_scripts",67,{"type":112,"name":113,"callback":114,"priority":26,"file":115,"line":116},"filter","wp_redirect","redirect_default","WecantrackApp.php",170,{"type":93,"name":118,"callback":119,"file":115,"line":120},"wp_head","insert_snippet",173,[122,127],{"action":123,"nopriv":124,"callback":125,"hasNonce":124,"hasCapCheck":124,"file":105,"line":126},"wecantrack_form_response",false,"the_form_response",63,{"action":128,"nopriv":124,"callback":129,"hasNonce":124,"hasCapCheck":124,"file":105,"line":130},"wecantrack_advanced_settings_response","advanced_settings_response",64,[],[],[],{"dangerousFunctions":135,"sqlUsage":136,"outputEscaping":138,"fileOperations":28,"externalRequests":222,"nonceChecks":27,"capabilityChecks":49,"bundledLibraries":223},[],{"prepared":28,"raw":28,"locations":137},[],{"escaped":139,"rawEcho":140,"locations":141},39,45,[142,146,147,149,150,151,152,153,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182,183,185,188,190,192,193,195,197,198,200,201,203,204,206,208,209,211,213,215,217,219,221],{"file":143,"line":144,"context":145},"views\\advanced_settings.php",32,"raw output",{"file":143,"line":139,"context":145},{"file":143,"line":148,"context":145},40,{"file":143,"line":47,"context":145},{"file":143,"line":140,"context":145},{"file":143,"line":102,"context":145},{"file":143,"line":126,"context":145},{"file":143,"line":130,"context":145},{"file":143,"line":155,"context":145},68,{"file":143,"line":157,"context":145},69,{"file":143,"line":159,"context":145},80,{"file":143,"line":161,"context":145},87,{"file":143,"line":163,"context":145},88,{"file":143,"line":165,"context":145},92,{"file":143,"line":167,"context":145},93,{"file":143,"line":169,"context":145},104,{"file":143,"line":171,"context":145},111,{"file":143,"line":173,"context":145},112,{"file":143,"line":175,"context":145},128,{"file":177,"line":140,"context":145},"views\\redirect_page.php",{"file":177,"line":179,"context":145},49,{"file":177,"line":181,"context":145},55,{"file":177,"line":130,"context":145},{"file":177,"line":184,"context":145},74,{"file":186,"line":187,"context":145},"views\\settings.php",19,{"file":186,"line":189,"context":145},35,{"file":186,"line":191,"context":145},38,{"file":186,"line":139,"context":145},{"file":186,"line":194,"context":145},43,{"file":186,"line":196,"context":145},47,{"file":186,"line":181,"context":145},{"file":186,"line":199,"context":145},61,{"file":186,"line":110,"context":145},{"file":186,"line":202,"context":145},73,{"file":186,"line":53,"context":145},{"file":186,"line":205,"context":145},82,{"file":186,"line":207,"context":145},90,{"file":186,"line":167,"context":145},{"file":186,"line":210,"context":145},95,{"file":186,"line":212,"context":145},97,{"file":186,"line":214,"context":145},106,{"file":186,"line":216,"context":145},117,{"file":96,"line":218,"context":145},304,{"file":115,"line":220,"context":145},102,{"file":115,"line":52,"context":145},5,[],[225,240,249,263,274],{"entryPoint":226,"graph":227,"unsanitizedCount":27,"severity":40},"wecantrack_handle_deprecated_go_redirect (wecantrack.php:287)",{"nodes":228,"edges":238},[229,233],{"id":230,"type":231,"label":232,"file":96,"line":218},"n0","source","$_GET['afflink']",{"id":234,"type":235,"label":236,"file":96,"line":218,"wp_function":237},"n1","sink","echo() [XSS]","echo",[239],{"from":230,"to":234,"sanitized":124},{"entryPoint":241,"graph":242,"unsanitizedCount":27,"severity":248},"\u003Cwecantrack> (wecantrack.php:0)",{"nodes":243,"edges":246},[244,245],{"id":230,"type":231,"label":232,"file":96,"line":218},{"id":234,"type":235,"label":236,"file":96,"line":218,"wp_function":237},[247],{"from":230,"to":234,"sanitized":124},"low",{"entryPoint":250,"graph":251,"unsanitizedCount":262,"severity":248},"the_form_response (WecantrackAdmin.php:105)",{"nodes":252,"edges":260},[253,256],{"id":230,"type":231,"label":254,"file":105,"line":255},"$_POST (x3)",110,{"id":234,"type":235,"label":257,"file":105,"line":258,"wp_function":259},"update_option() [Settings Manipulation]",131,"update_option",[261],{"from":230,"to":234,"sanitized":124},3,{"entryPoint":264,"graph":265,"unsanitizedCount":27,"severity":248},"advanced_settings_response (WecantrackAdmin.php:152)",{"nodes":266,"edges":272},[267,270],{"id":230,"type":231,"label":268,"file":105,"line":269},"$_POST",156,{"id":234,"type":235,"label":257,"file":105,"line":271,"wp_function":259},172,[273],{"from":230,"to":234,"sanitized":124},{"entryPoint":275,"graph":276,"unsanitizedCount":28,"severity":248},"\u003CWecantrackAdmin> (WecantrackAdmin.php:0)",{"nodes":277,"edges":281},[278,280],{"id":230,"type":231,"label":279,"file":105,"line":255},"$_POST (x4)",{"id":234,"type":235,"label":257,"file":105,"line":258,"wp_function":259},[282],{"from":230,"to":234,"sanitized":283},true,{"summary":285,"deductions":286},"The \"wecantrack\" plugin v4.0.2 exhibits a mixed security posture. While it shows positive signs like using prepared statements for all SQL queries and performing file operations, significant concerns arise from its attack surface and output sanitization. The presence of two AJAX handlers without authentication checks presents a direct and exploitable entry point for attackers.\n\nThe taint analysis reveals a concerning four flows with unsanitized paths, indicating a potential for various vulnerabilities if these paths involve user-controlled input. Although the static analysis did not identify critical or high severity taint flows in this specific scan, the sheer number of unsanitized paths is a strong indicator of potential risk.\n\nHistorically, the plugin has had a medium-severity vulnerability classified as 'Open Redirect'. While there are currently no unpatched CVEs, the past occurrence of an Open Redirect, coupled with the current findings of unprotected AJAX endpoints and unsanitized paths, suggests a pattern of potential security weaknesses that require ongoing vigilance. The plugin's output escaping is also a weak point, with less than half of the outputs being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities.",[287,289,292,295],{"reason":288,"points":101},"AJAX handlers without auth checks",{"reason":290,"points":291},"Flows with unsanitized paths",8,{"reason":293,"points":294},"Low percentage of properly escaped output",6,{"reason":296,"points":222},"Past medium severity vulnerability (Open Redirect)","2026-03-16T18:40:09.278Z",{"wat":299,"direct":308},{"assetPaths":300,"generatorPatterns":303,"scriptPaths":304,"versionParams":305},[301,302],"\u002Fwp-content\u002Fplugins\u002Fwecantrack\u002Fbuild\u002Fstatic\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fwecantrack\u002Fbuild\u002Fstatic\u002Fcss\u002Fmain.css",[],[301],[306,307],"wecantrack\u002Fbuild\u002Fstatic\u002Fcss\u002Fmain.css?ver=","wecantrack\u002Fbuild\u002Fstatic\u002Fjs\u002Fmain.js?ver=",{"cssClasses":309,"htmlComments":311,"htmlAttributes":314,"restEndpoints":317,"jsGlobals":320,"shortcodeOutput":323},[310],"wecantrack-admin-page",[312,313],"\u003C!-- WeCanTrack - START CODE FOR THE WEBSITES -->","\u003C!-- WeCanTrack - END CODE FOR THE WEBSITES -->",[315,316],"data-wecantrack-id","data-wct-id",[318,319],"\u002Fwp-json\u002Fwecantrack\u002Fv1\u002Ftrack","\u002Fwp-json\u002Fwecantrack\u002Fv1\u002Fredirect",[321,322],"window.wecantrack","var wecantrack",[]]