[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqYDSNkgxZXlzwaeltNorfHpDDbTOFCmhQuzghZHLdkg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":51,"analysis":152,"fingerprints":208},"avenirsoft-directdownload","Avenir-soft Direct Download","1.0","Sahil-Ahlawat","https:\u002F\u002Fprofiles.wordpress.org\u002Fsahil-ahlawat\u002F","\u003Cp>Avenir-soft Direct Download give a download button for products which are virtual, free and downloadable.\u003C\u002Fp>\n","Download Button for WooCommerce Free, virtual and downloadable products.",10,2915,74,3,"2015-01-08T15:07:00.000Z","4.0.38","3.8","",[20,21,22,23,24],"direct-download","download","downloadable","woocommerce-download-button","wordpress-woocommerce","http:\u002F\u002Fwww.avenirsoft.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Favenirsoft-directdownload.zip",64,1,"2015-08-06 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2015-9442","avenir-soft-direct-download-cross-site-scripting","Avenir-soft Direct Download \u003C= 1.0 - Cross-Site Scripting","The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin\u002Fadmin.php?page=avenir_plugin.",null,"\u003C=1.0","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:H\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F78823184-e90a-4f5c-9f08-5ffc22787f16?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"sahil-ahlawat",30,69,"2026-04-04T04:31:17.970Z",[52,78,97,115,136],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":73,"download_link":74,"security_score":75,"vuln_count":28,"unpatched_count":76,"last_vuln_date":77,"fetched_at":30},"download-now-for-woocommerce","Free Downloads WooCommerce","3.6.4","Wp Enhanced","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpenhanced\u002F","\u003Cp>\u003Cstrong>Free Downloads WooCommerce\u003C\u002Fstrong> is the definitive plugin for offering free downloads on your WooCommerce store. It allows users to bypass the checkout to download your free products, supports single and multiple files, works with WooCommerce Memberships, and is highly customisable.\u003C\u002Fp>\n\u003Cp>This plugin has been designed for content creators and distributors to fully take advantage of their digital store. Whether you sell audio files, course documentation, themes and plugins, or just want to offer digital catalogues for your tangible products, \u003Cstrong>Free Downloads WooCommerce\u003C\u002Fstrong> allows your visitors to get to your free downloads with ease.\u003C\u002Fp>\n\u003Cp>This plugin is safe and rock-solid secure, and everything is handled by your server including authentication, so you don’t have to worry.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free Downloads WooCommerce\u003C\u002Fstrong> is also fully integrated with the official \u003Cstrong>Memberships\u003C\u002Fstrong> and \u003Cstrong>Subscriptions\u003C\u002Fstrong> plugins for WooCommerce.\u003C\u002Fp>\n\u003Ch3>Basic Edition\u003C\u002Fh3>\n\u003Ch4>What you can expect in the basic free version.\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Free digital products can be downloaded by your users without going through the checkout.\u003C\u002Fli>\n\u003Cli>Supports downloading products straight from the shop listings pages.\u003C\u002Fli>\n\u003Cli>Allow free downloading of customer owned digital products from product pages\u003C\u002Fli>\n\u003Cli>Custom WooCommerce Quick View feature\u003C\u002Fli>\n\u003Cli>Built-in support for PDF files.\u003C\u002Fli>\n\u003Cli>Built-in support for WooCommerce Memberships and Subscriptions, allowing you to tailor the plugin to your needs.\u003C\u002Fli>\n\u003Cli>Fully supports products with multiple files, with several layout options to choose from.\u003C\u002Fli>\n\u003Cli>Download buttons and links will automatically style to match your theme.\u003C\u002Fli>\n\u003Cli>Add custom CSS and HTML classes to the download buttons and links for extra visual customisation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Edition\u003C\u002Fh3>\n\u003Ch4>Buy Free Downloads WooCommerce Pro today and get access to these amazing features!\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Product Restrictions:\u003C\u002Fstrong> Restrict free downloads by products, categories and tags.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Variable and Grouped Products:\u003C\u002Fstrong> Full support for grouped and variable products.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Download Delivery Methods:\u003C\u002Fstrong> Option to serve your downloads after redirecting to a page or emailing a link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce PDF Watermark:\u003C\u002Fstrong> Compatibility with the official WooCommerce PDF Watermark plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Download limitations:\u003C\u002Fstrong> Restrict your users to a set number of free downloads per day\u002Fweek\u002Fmonth\u002Fyear. Users with WooCommerce Membership plans can have custom download limits, as well as specific user roles and user accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Download tracking with reporting:\u003C\u002Fstrong> Keep a record of every free download showing the product, variation (if applicable), date, user, email address and IP address.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Account download history:\u003C\u002Fstrong> Show a list of the user’s free download history on their WooCommerce account page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email capture:\u003C\u002Fstrong> Ask your guest users for their email address before downloading, including subscribing them to your MailChimp newsletter!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Paid Member Subscriptions:\u003C\u002Fstrong> Compatibility with Paid Member Subscriptions plugin by Cozmoslabs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce Products List:\u003C\u002Fstrong> Compatibility with Woocommerce Products List plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium support:\u003C\u002Fstrong> You never have to worry about plugin support. We’re here when you need it.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click updates:\u003C\u002Fstrong> Enjoy the simple, one-click updates that you’re used to with WordPress plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpenhanced.com\u002Fproducts\u002Ffree-downloads-woocommerce\u002F\" rel=\"nofollow ugc\">Get it here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>By default any downloadable products that are free will be affected by this plugin. There is an option in the plugin settings if you would like to include paid items that are on sale for free, by default they aren’t.\u003C\u002Fp>\n\u003Cp>However, the plugin works right out of the box as it should, and only requires customising if you want to.\u003C\u002Fp>\n\u003Cp>Rather than the \u003Cem>Add to Cart\u003C\u002Fem> button showing on product pages, site visitors will be presented with a download button, or for multiple files on a single product a set of links to each individual file will show. You can customise the experience for your visitors with several display options from links, to buttons, and even checkboxes. Once clicked the file will be securely downloaded automatically. For multiple files, the plugin dynamically creates a zip file that includes all the files for that product, and downloads that instead.\u003C\u002Fp>\n\u003Ch3>Customisation\u003C\u002Fh3>\n\u003Cp>The plugin can be customised in several ways including how the download buttons or links are presented, their appearance, should users be logged in, and more. Check out the plugin settings page for everything.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Full supporting documentation is included with the plugin, available on the plugin settings page. There’s a user guide, explanation of every setting, and FAQ with support forum links.\u003C\u002Fp>\n","Allow users to instantly download your free digital products without going through the checkout.",4000,232696,94,84,"2026-02-27T20:51:00.000Z","6.8.5","4.4","7.4.0",[22,69,70,71,72],"downloads","free-downloads","no-checkout","woocommerce","https:\u002F\u002Fwpenhanced.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-now-for-woocommerce.3.6.4.zip",100,0,"2024-03-13 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":80,"active_installs":85,"downloaded":86,"rating":75,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":76,"unpatched_count":76,"last_vuln_date":37,"fetched_at":30},"wp-anything-downloader","WP Anything Downloader","3.0.2","vinit sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinit-sharma\u002F","\u003Cp>This plugin allows you to Direct download Any theme and plugin from wp admin panel. best plugin for download theme or plugin from wp-admin\u003C\u002Fp>\n\u003Cp>Perfect plugin  for direct download theme and plugin  with admin panel.\u003C\u002Fp>\n\u003Ch3>3.0.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>upgrade plugin for aws\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>3.0.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed a bug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>3.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed a bug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>2.0.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Security Updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>2.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed a bug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Display WP Anything Downloader\u003C\u002Fli>\n\u003C\u002Ful>\n",3000,42978,2,"2022-03-22T08:13:00.000Z","5.9.13","3.5",[20,92,93],"theme-downloader-plugin-downloader","wordpress-theme-and-plugin-download","https:\u002F\u002Fd3logics.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-anything-downloader.3.0.4.zip",85,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":75,"downloaded":105,"rating":75,"num_ratings":28,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":18,"tags":109,"homepage":18,"download_link":113,"security_score":114,"vuln_count":76,"unpatched_count":76,"last_vuln_date":37,"fetched_at":30},"downloadify-wp","Downloadify WP","1.0.1","Md Khorshed Alam","https:\u002F\u002Fprofiles.wordpress.org\u002Fkhorshedalamwp\u002F","\u003Cp>Downloadify WP is one of the most popular plugins for downloading plugins and themes in WordPress.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Download the plugin and theme with one click.\u003C\u002Fli>\n\u003C\u002Ful>\n","Downloadify WP for WordPress Plugin And Theme Downloader.",1836,"2025-01-06T05:18:00.000Z","6.7.5","6.2.2",[20,110,111,112],"downloader-wp","plugin-downloader","theme-downloader","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownloadify-wp.1.0.1.zip",92,{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":75,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":16,"requires_at_least":90,"requires_php":18,"tags":127,"homepage":132,"download_link":133,"security_score":134,"vuln_count":28,"unpatched_count":28,"last_vuln_date":135,"fetched_at":30},"hide-real-download-path","Hide Real Download Path","1.6","Deepak S","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeepaks\u002F","\u003Cp>Plugin helps you to hide real\u002Fdirect path of files hosted on your server for download and make your files secure from unauthorized download. It also maintains a log of all downloads done using it and provide capability to disallow direct linking (hot linking) to your files from other website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You can:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allow or restrict hotlink (direct download) of your files from other website\u002Fexternal links.\u003C\u002Fli>\n\u003Cli>Restrict ‘download only’ from link on your website\u003C\u002Fli>\n\u003Cli>View log of individual download\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It support multiple files extensions including:\u003Cbr \u002F>\nzip \u002F pdf \u002F doc \u002F xls \u002F ppt \u002F exe \u002F gif \u002F png \u002F jpg \u002F jpeg \u002F mp3 \u002F wav \u002F mpeg \u002F mpg \u002F mpe \u002F mov \u002F avi \u002F xlsx\u003C\u002Fp>\n\u003Cp>*\u003Cstrong>Step by step configuration guideline\u003C\u002Fstrong> in Settings sections of plugin after activation\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Version 1.5 changes:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Corrupt file bug fixed\u003Cbr \u002F>\n– Easy step by step guide added in admin to configure plugin\u003Cbr \u002F>\n– Generate Root path dynamically\u003Cbr \u002F>\n– Support for xlsx added\u003C\u002Fp>\n","This plugin help to hide real download path of your files on server and allow file downloading using a common URL. Also maintain log of your downloads …",10370,76,14,"2014-10-20T09:55:00.000Z",[128,129,116,130,131],"disable-direct-download","hide-download-path","hot-linking","secure-file","http:\u002F\u002Fxlab.biz\u002Fhide-download-path-of-file-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-real-download-path.zip",63,"2025-09-05 00:00:00",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":75,"downloaded":144,"rating":75,"num_ratings":11,"last_updated":145,"tested_up_to":146,"requires_at_least":66,"requires_php":18,"tags":147,"homepage":150,"download_link":151,"security_score":75,"vuln_count":76,"unpatched_count":76,"last_vuln_date":37,"fetched_at":30},"lemonink","LemonInk Ebook Watermarking for WooCommerce","0.8.3","Piotrek Bator","https:\u002F\u002Fprofiles.wordpress.org\u002Flemonink\u002F","\u003Cp>Watermark EPUB, MOBI and PDF files in your WooCommerce store using the LemonInk service.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.lemonink.co\u002Fhow-to-use\u002Fwoocommerce\" rel=\"nofollow ugc\">LemonInk\u003C\u002Fa> is a cloud service used to secure digital books from piracy. It applies a digital watermark to each purchased ebook making it unique and traceable.\u003C\u002Fp>\n\u003Cp>Using this plugin, you can easily integrate LemonInk into your WooCommerce store just by marking products as downloadable and assigning a master file (the original ebook) to them.\u003C\u002Fp>\n\u003Cp>After each purchase LemonInk will create watermarked versions of your ebooks and attach them to user’s order allowing them to easily download their individual copies.\u003C\u002Fp>\n\u003Cp>Note that you need to have an account at \u003Ca href=\"https:\u002F\u002Fwww.lemonink.co\" rel=\"nofollow ugc\">LemonInk\u003C\u002Fa>, but you can easily set it up just by \u003Ca href=\"https:\u002F\u002Fwww.lemonink.co\u002Fregister\" rel=\"nofollow ugc\">registering\u003C\u002Fa>. In order to watermark files you’ll also need to purchase some credits, but if you just wish to give it a try, there’s a test mode available.\u003C\u002Fp>\n\u003Cp>For more information go to \u003Ca href=\"https:\u002F\u002Fwww.lemonink.co\" rel=\"nofollow ugc\">LemonInk\u003C\u002Fa> or drop us a line at \u003Ca href=\"mailto:hello@lemonink.co\" rel=\"nofollow ugc\">hello@lemonink.co\u003C\u002Fa>.\u003C\u002Fp>\n","Watermark EPUB, MOBI and PDF files in your WooCommerce store using the LemonInk service.",6418,"2025-12-10T11:34:00.000Z","6.9.4",[22,69,148,149,137],"e-commerce","ecommerce","https:\u002F\u002Fwww.lemonink.co\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flemonink.0.8.3.zip",{"attackSurface":153,"codeSignals":180,"taintFlows":194,"riskAssessment":195,"analyzedAt":207},{"hooks":154,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":76,"unprotectedCount":76},[155,161,165,170,173],{"type":156,"name":157,"callback":158,"file":159,"line":160},"action","init","avenir_woocommerce_hooks","index.php",15,{"type":156,"name":162,"callback":163,"file":159,"line":164},"admin_menu","avenir_backend_page",16,{"type":156,"name":166,"callback":167,"priority":168,"file":159,"line":169},"woocommerce_single_product_summary","avenir_downlink",5,18,{"type":156,"name":171,"callback":167,"priority":125,"file":159,"line":172},"woocommerce_after_shop_loop_item",19,{"type":156,"name":157,"callback":174,"file":159,"line":175},"theme_name_scripts",26,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":14,"externalRequests":76,"nonceChecks":76,"capabilityChecks":76,"bundledLibraries":193},[],{"prepared":76,"raw":76,"locations":183},[],{"escaped":76,"rawEcho":14,"locations":185},[186,189,191],{"file":159,"line":187,"context":188},45,"raw output",{"file":159,"line":190,"context":188},62,{"file":159,"line":192,"context":188},79,[],[],{"summary":196,"deductions":197},"The 'avenirsoft-directdownload' plugin version 1.0 exhibits a mixed security posture. On the positive side, the static analysis indicates a remarkably small attack surface with no detectable AJAX handlers, REST API routes, shortcodes, or cron events that are exposed. Furthermore, all SQL queries are confirmed to use prepared statements, which is a strong security practice. However, several significant concerns are raised by the analysis. The plugin fails to implement any nonce checks or capability checks, leaving potential entry points (if they existed) vulnerable to unauthorized actions or privilege escalation.  Most concerning is the complete lack of output escaping across all identified output points, which presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history further amplifies these concerns, with one unpatched medium severity CVE related to XSS, dating back to 2015. This historical pattern of XSS, combined with the current lack of output escaping and authorization checks, suggests a recurrent weakness in how user-supplied data is handled and validated. While the plugin has minimal direct entry points, the identified weaknesses are critical and could be exploited if any functionality were to be added or discovered.",[198,200,203,205],{"reason":199,"points":160},"Unpatched CVEs present",{"reason":201,"points":202},"No output escaping",8,{"reason":204,"points":168},"No nonce checks",{"reason":206,"points":168},"No capability checks","2026-03-17T01:43:14.655Z",{"wat":209,"direct":215},{"assetPaths":210,"generatorPatterns":212,"scriptPaths":213,"versionParams":214},[211],"\u002Fwp-content\u002Fplugins\u002Favenirsoft-directdownload\u002Fadmin\u002Fcss\u002Fstyle.css",[],[],[],{"cssClasses":216,"htmlComments":219,"htmlAttributes":220,"restEndpoints":221,"jsGlobals":222,"shortcodeOutput":224},[217,218],"plugin_wrapper","downloadbutton",[],[],[],[223],"window.location",[]]