Does WP Referral Code have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Referral Code compatible with WordPress 6.7.5?

According to WordPress.org data, WP Referral Code 1.4.12 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is WP Referral Code compatible with PHP 5.6+?

WP Referral Code requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Referral Code updated?

WP Referral Code was last updated on Dec 25, 2024. Frequent updates are generally a positive security signal.

What is WP Referral Code's security score?

WP Referral Code has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Referral Code Security & Risk Analysis

wordpress.org/plugins/wp-referral-code

This plugin brings referral marketing to your WordPress website. It's dead simple, fast, customizable, and it's all free!

700 active installs v1.4.12 PHP 5.6+ WP 4.8+ Updated Dec 25, 2024

affiliateaffiliate-marketingreferreferralreferral-marketing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Referral Code Safe to Use in 2026?

Generally Safe

Score 92/100

WP Referral Code has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'wp-referral-code' plugin v1.4.12 demonstrates a generally good security posture with a strong adherence to secure coding practices. The plugin utilizes prepared statements for all its SQL queries and exhibits a high rate of proper output escaping, minimizing risks of SQL injection and cross-site scripting vulnerabilities. Furthermore, the absence of known CVEs and common vulnerability types in its history suggests a mature and well-maintained codebase. The plugin also correctly implements nonce and capability checks for most of its entry points.

However, there are specific areas of concern that warrant attention. The static analysis reveals a notable attack surface with two AJAX handlers that lack authentication checks. This is a significant risk as it could allow unauthenticated users to trigger actions within the plugin. While the taint analysis found no critical or high severity issues, the presence of unprotected AJAX endpoints is a direct path for potential exploitation if an attacker can manipulate inputs to these handlers.

In conclusion, the plugin has a solid foundation regarding SQL and output security, and a clean vulnerability history. The primary weakness lies in the unprotected AJAX endpoints, which represent a direct and exploitable attack vector. Addressing these unprotected entry points should be the immediate priority to significantly improve the plugin's overall security.

Key Concerns

AJAX handlers without authentication checks

Vulnerabilities

None known

WP Referral Code Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Referral Code Release Timeline

v1.4.12Current

v1.4.11

v1.4.10

v1.4.9

v1.4.8

v1.4.7

Code Analysis

Analyzed Mar 16, 2026

WP Referral Code Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

85 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared3 total queries

Output Escaping

99% escaped86 total outputs

Attack Surface

2 unprotected

WP Referral Code Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 3

authwp_ajax_wp_referral_code_search_user_select2admin\class-wp-referral-code-search-user.php:26

authwp_ajax_wp_referral_code_delete_user_relationadmin\class-wp-referral-code-user-edit.php:33

authwp_ajax_wp_referral_code_add_user_relationadmin\class-wp-referral-code-user-edit.php:34

Shortcodes 1

[wp-referral-code] public\shortcode-wp-referral-code.php:73

WordPress Hooks 18

filterplugin_action_linksadmin\class-wp-referral-code-admin.php:66

actionadmin_initadmin\class-wp-referral-code-options.php:52

actionadmin_menuadmin\class-wp-referral-code-options.php:53

actionload-user-edit.phpadmin\class-wp-referral-code-search-user.php:25

actionload-user-edit.phpadmin\class-wp-referral-code-user-edit.php:32

actionshow_user_profileadmin\class-wp-referral-code-user-edit.php:45

actionedit_user_profileadmin\class-wp-referral-code-user-edit.php:46

actionprofile_updateadmin\class-wp-referral-code-user-edit.php:48

actionuser_profile_update_errorsadmin\class-wp-referral-code-user-edit.php:49

actionload-users.phpadmin\class-wp-referral-code-users-columns.php:21

filtermanage_users_columnsadmin\class-wp-referral-code-users-columns.php:33

filtermanage_users_columnsadmin\class-wp-referral-code-users-columns.php:34

filtermanage_users_custom_columnadmin\class-wp-referral-code-users-columns.php:36

filtermanage_users_sortable_columnsadmin\class-wp-referral-code-users-columns.php:37

actionpre_get_usersadmin\class-wp-referral-code-users-columns.php:38

actioninitincludes\class-wp-referral-code.php:69

actionuser_registerincludes\wp-referral-code-registration.php:2

actioninitpublic\shortcode-wp-referral-code.php:76

Maintenance & Trust

WP Referral Code Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 25, 2024

PHP min version5.6

Downloads17K

Community Trust

Rating86/100

Number of ratings11

Active installs700

Alternatives

WP Referral Code Alternatives

YBAI Affiliate

modoro-ybai-interaction

100

This plugin is made by Affiliate Marketing System, We provide this plugin to help our customer connect to YBAI system.

30 No CVEs

Affiliates

affiliates

100

The Affiliates system provides the most powerful growth-oriented tools to run a successful Affiliate Marketing Program.

2K No CVEs

Affiliates WooCommerce Light

affiliates-woocommerce-light

100

Grow your Business with your own Affiliate Network and let your partners earn commissions on referred sales. Integrates Affiliates and WooCommerce.

1K No CVEs

Affiliatly

affiliatly

Affiliatly Integration for WooCommerce.

300 No CVEs

Affiliates Contact Form 7 Integration

affiliates-contact-form-7

100

Affiliates plugin integration for Contact Form 7. Collect form data & track submissions. Lead tracking, sales, support ...

200 No CVEs

Developer Profile

WP Referral Code Developer Profile

shalior

1 plugin · 700 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Referral Code

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-referral-code/admin/js/select2.full.min.js/wp-content/plugins/wp-referral-code/admin/css/select2.min.css/wp-content/plugins/wp-referral-code/admin/js/main.min.js

Version Parameters

wp-referral-code/admin/js/select2.full.min.js?ver=wp-referral-code/admin/css/select2.min.css?ver=wp-referral-code/admin/js/main.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-referral-code-user-search

HTML Comments

Data Attributes

data-noncedata-nonce-add

JS Globals

WPReferralCode

REST Endpoints

/wp-json/wp-referral-code/v1/get-users

Shortcode Output

[wp_referral_code]

FAQ