Does WP Affiliate Disclosure have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Affiliate Disclosure have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Affiliate Disclosure compatible with WordPress 6.7.5?

According to WordPress.org data, WP Affiliate Disclosure 1.2.10 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is WP Affiliate Disclosure compatible with PHP 5.6+?

WP Affiliate Disclosure requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Affiliate Disclosure updated?

WP Affiliate Disclosure was last updated on Jan 28, 2025. Frequent updates are generally a positive security signal.

What is WP Affiliate Disclosure's security score?

WP Affiliate Disclosure has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Affiliate Disclosure Security & Risk Analysis

wordpress.org/plugins/wp-affiliate-disclosure

Automatically add a customizable, FTC-compliant disclosure statement across your WordPress website based on the rule(s) you define.

1K active installs v1.2.10 PHP 5.6+ WP 4.9.8+ Updated Jan 28, 2025

affiliateaffiliate-disclosureaffiliate-disclosure-statementdisclosuredisclosure-statement

A · Safe

CVEs total3

Unpatched0

Last CVEDec 29, 2023

Plugin page Download

Safety Verdict

Is WP Affiliate Disclosure Safe to Use in 2026?

Generally Safe

Score 90/100

WP Affiliate Disclosure has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 29, 2023Updated 1yr ago

Risk Assessment

The "wp-affiliate-disclosure" v1.2.10 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query handling and the absence of dangerous functions, significant concerns arise from its attack surface and output sanitization. A large number of AJAX handlers (7 out of 9) lack authentication checks, presenting a substantial entry point for unauthorized actions. Furthermore, only 18% of its output is properly escaped, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's vulnerability history which includes XSS and missing authorization.

The plugin's past CVEs, specifically the presence of high and medium severity vulnerabilities related to XSS and authorization issues, are concerning. Although there are currently no unpatched CVEs, the historical pattern suggests a recurring weakness in handling user input and access control. The presence of a bundled Freemius library also warrants attention, as outdated versions of such components can introduce vulnerabilities. Overall, the plugin has strengths in its database interaction but is significantly weakened by its broad, unprotected attack surface and insufficient output sanitization, making it a moderate risk.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output
Bundled outdated library (Freemius v1.0)
Past high severity CVEs (1 high, 2 medium)

Vulnerabilities

WP Affiliate Disclosure Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2023-52178medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Affiliate Disclosure <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via $id

Dec 29, 2023 Patched in 1.2.8 (25d)

CVE-2023-47232medium · 4.3Missing Authorization

WP Affiliate Disclosure <= 1.2.6 - Cross-Site Request Forgery via check_capability

Nov 3, 2023 Patched in 1.2.7 (81d)

WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-wp-affiliate-disclosurehigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 1.1.4 (1793d)

Code Analysis

Analyzed Mar 16, 2026

WP Affiliate Disclosure Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

167

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

18% escaped203 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

create_new (builder\settings-page\controller.php:232)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

WP Affiliate Disclosure Attack Surface

Entry Points10

Unprotected7

AJAX Handlers 9

authwp_ajax_wpadcb-add-newbuilder\settings-page\controller.php:74

authwp_ajax_wpadcb-create-newbuilder\settings-page\controller.php:75

authwp_ajax_wpadcb-delete-itembuilder\settings-page\controller.php:78

authwp_ajax_wpadcb-update-overviewbuilder\settings-page\controller.php:81

authwp_ajax_wpadcb-update-settingsbuilder\settings-page\controller.php:84

authwp_ajax_wpadcb-startw-submitbuilder\settings-page\controller.php:87

authwp_ajax_wpadcb-startw-backbuilder\settings-page\controller.php:88

authwp_ajax_wpadcb-startw-closebuilder\settings-page\controller.php:89

authwp_ajax_wpadcb-startw-resetbuilder\settings-page\controller.php:90

Shortcodes 1

[wpadc] builder\builder\controller.php:76

WordPress Hooks 9

actioninitbuilder\builder\controller.php:73

filterthe_contentbuilder\builder\controller.php:79

filterthe_contentbuilder\builder\controller.php:80

actionadmin_menubuilder\settings-page\controller.php:71

actionplugins_loadedfunctions.php:89

actioninitincludes\class-wp-affiliate-disclosure.php:160

actionwp_enqueue_scriptsincludes\class-wp-affiliate-disclosure.php:162

actionadmin_enqueue_scriptsincludes\class-wp-affiliate-disclosure.php:163

actionadmin_menuincludes\help.php:32

Maintenance & Trust

WP Affiliate Disclosure Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 28, 2025

PHP min version5.6

Downloads34K

Community Trust

Rating100/100

Number of ratings1

Active installs1K

Alternatives

WP Affiliate Disclosure Alternatives

Disclaimify – Affiliate Disclosure / Disclaimer for WordPress

disclaimify

100

Disclaimify is the ultimate solution to add affiliate disclosure statements & inform your readers about affiliate links while ensuring transparency.

400 No CVEs

FMTC Affiliate Disclosure

fmtc-affiliate-disclosure

Add FTC-Compliant Disclosure statement to the beginning of your blog posts

1K No CVEs

Affiliate Notice Manager

affiliate-notice-manager

This plugin helps to display affiliate disclosure on WordPress Single Posts. It's easy to setup and customize with any latest WordPress Version.

500 No CVEs

MWW Disclaimer Buttons

mww-disclaimer-buttons

The FTC requires that you put disclosures at the top of your post if you were compensated in any way (affiliate links, free products, or payment).

500 2 CVEs

Disclosure for Amazon Affiliate

disclosure-for-amazon-affiliate

The fastest way to help your site be compliant with Amazon Associates / FTC affiliate and Amazon trademark disclosures

300 No CVEs

Developer Profile

WP Affiliate Disclosure Developer Profile

mojofywp

2 plugins · 1K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

479 days

View full developer profile

Detection Fingerprints

How We Detect WP Affiliate Disclosure

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-affiliate-disclosure/assets/css/core.css/wp-content/plugins/wp-affiliate-disclosure/assets/css/font-awesome.min.css

Version Parameters

wp-affiliate-disclosure/assets/css/core.css?ver=wp-affiliate-disclosure/assets/css/font-awesome.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpadc-togglewpadc-affiliate-disclaimer

Data Attributes

data-wpadc-color

JS Globals

WPAffiliateDisclosure

FAQ