WP-Safety

WP Amazon Ads Security & Risk Analysis

wordpress.org/plugins/wp-amazon-ads

WP Amazon Ads - allows you to easily insert Amazon product listings into your WP posts, and earn commission from sales.

30 active installs v1.4 PHP + WP 2.5+ Updated Mar 3, 2016
affiliateamazonlistingmulti-authorproduct
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Amazon Ads Safe to Use in 2026?

Generally Safe

Score 85/100

WP Amazon Ads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "wp-amazon-ads" v1.4 plugin exhibits a seemingly robust security posture based on the provided static analysis. The complete absence of identified dangerous functions, raw SQL queries, and taint flows with unsanitized paths is a strong positive indicator. Furthermore, the plugin does not appear to expose a significant attack surface via AJAX, REST API, or shortcodes, and it has no recorded vulnerability history. This suggests a development team that is either highly security-conscious or has been fortunate enough to avoid past exploitable flaws.

However, there are notable areas of concern. The extremely low percentage of properly escaped output (6%) is a significant weakness. This suggests that data, potentially user-supplied or retrieved from external sources, may be outputted without sufficient sanitization, opening the door to Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks on any identified entry points (though the attack surface is reported as zero) could become an issue if new entry points are added in the future without proper security considerations. The single external HTTP request also warrants scrutiny to ensure it is handled securely and doesn't introduce vulnerabilities.

While the plugin's historical lack of vulnerabilities is positive, it should not be interpreted as an absolute guarantee of current security. The primary risk lies in the poor output escaping, which is a common vector for XSS attacks. Coupled with the potential risks associated with unverified external HTTP requests and the absence of comprehensive nonce checks, the plugin, despite its clean slate and low attack surface, has some critical areas that require attention to ensure a truly secure implementation.

Key Concerns

  • Low output escaping percentage
  • No nonce checks on entry points
  • External HTTP request requires review
Vulnerabilities
None known

WP Amazon Ads Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Amazon Ads Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
29
2 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

6% escaped31 total outputs
Attack Surface

WP Amazon Ads Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actionshow_user_profilewp-amazon-ads.php:535
actionedit_user_profilewp-amazon-ads.php:536
actionpersonal_options_updatewp-amazon-ads.php:558
actionedit_user_profile_updatewp-amazon-ads.php:559
Maintenance & Trust

WP Amazon Ads Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedMar 3, 2016
PHP min version
Downloads19K

Community Trust

Rating100/100
Number of ratings3
Active installs30
Alternatives

WP Amazon Ads Alternatives

Amazon Product in a Post Plugin

Amazon Product in a Post Plugin

amazon-product-in-a-post-plugin

C
55

Add formatted Amazon Products to any page or post using the Amazon Product Advertising API.

900 1 unpatched
AmaSync – Amazon Product Importer & Affiliate for WooCommerce

AmaSync – Amazon Product Importer & Affiliate for WooCommerce

affiliate-products-importer-for-woocommerce

A
100

Easily import Amazon affiliate products into your WooCommerce store.

300 No CVEs
Zonify – Amazon Product Importer for WooCommerce

Zonify – Amazon Product Importer for WooCommerce

zonify

A
100

Import Amazon products into WooCommerce and optionally redirect customers to Amazon using affiliate links.

100 No CVEs
i2 AZON

i2 AZON

i2-azon

A
85

This plugin allow you to add affiliate links, amazon product box and images from amazon using advertising api or with out api using chrome extention.

50 No CVEs
CodeShop Amazon Affiliate

CodeShop Amazon Affiliate

codeshop-amazon-affiliate

A
85

CodeShop Amazon Affiliate plugin to setup a complete amazon shop solution. Simple & fast, also monetize your Wordpress posts.

10 No CVEs
Developer Profile

WP Amazon Ads Developer Profile

jgwhite33

11 plugins · 48K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
201 days
View full developer profile
Detection Fingerprints

How We Detect WP Amazon Ads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-amazon-ads/AmazonLogo.png/wp-content/plugins/wp-amazon-ads/bar1.gif/wp-content/plugins/wp-amazon-ads/bar2.gif/wp-content/plugins/wp-amazon-ads/store.php?

HTML / DOM Fingerprints

HTML Comments
<!-- function myFunction() { window.open('http://www.amazon.com/gp/redirect.html?ie=UTF8&location=http%3A%2F%2Fwww.amazon.com%2Fs%3Fie%3DUTF8%26x%3D0%26ref_%3Dnb%5Fsb%5Fnoss%26y%3D0%26field-keywords%3D'+ document.wpamazonform.Query.value +'%26url%3Dsearch-alias%253Daps&tag=<?php echo $campid ?>&linkCode=ur2&camp=1789&creative=390957'); return false; } -->/* <div style="display: block; width: 100px; height: 10px; background-image: url(<?php echo $b2; ?>);"> <div style="width: <?php echo $w1; ?>%; background-image: url(<?php echo $b1; ?>); display: block; height: 10px;">&nbsp;</div> </div> */
Data Attributes
name="wpamazonform"onSubmit="return myFunction()"
JS Globals
window.open
FAQ

Frequently Asked Questions about WP Amazon Ads