WP-Safety

Simple Download with password Security & Risk Analysis

wordpress.org/plugins/celtis-simple-download

Simple, easy, lightweight download manager with password protection

20 active installs v0.8.1 PHP 8.1+ WP 6.2+ Updated Jun 9, 2025
download-managerloggingpasswordprotect-downloadsecure
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Download with password Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Download with password has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The celtis-simple-download plugin v0.8.1 demonstrates a generally good security posture with a strong reliance on prepared statements for all SQL queries and excellent output escaping. The plugin also implements a healthy number of nonce and capability checks. However, the presence of an unprotected AJAX handler represents a significant security concern, as it introduces an easily exploitable entry point for attackers.

The taint analysis reveals two flows with unsanitized paths, flagged as high severity. While these do not appear to be associated with any known CVEs, they indicate potential vulnerabilities that could lead to arbitrary file access or manipulation if exploited. The lack of any recorded vulnerability history might suggest a low attack profile or that vulnerabilities have been diligently patched, but it's crucial to address the identified taint flows.

Overall, the plugin has strengths in its secure handling of database interactions and output, but the single unprotected AJAX endpoint and the high-severity taint flows are weaknesses that warrant immediate attention. The absence of past vulnerabilities is positive, but the current static analysis findings necessitate caution and remediation.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized path taint flow (x2)
Vulnerabilities
None known

Simple Download with password Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Simple Download with password Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
21 prepared
Unescaped Output
4
202 escaped
Nonce Checks
10
Capability Checks
12
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared21 total queries

Output Escaping

98% escaped206 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
log_table (celtisdl-logview.php:178)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Simple Download with password Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 4

authwp_ajax_celtisdl_op_updateceltisdl-setting.php:20
authwp_ajax_celtisdl_add_newceltisdl-setting.php:21
authwp_ajax_celtisdl_regist_fileceltisdl-setting.php:22
authwp_ajax_celtisdl_log_navceltisdl-setting.php:23

Shortcodes 1

[celtisdl_download] celtis-simple-download.php:123
WordPress Hooks 13
filterwoocommerce_file_download_methodceltis-simple-download.php:100
filterplugin_localeceltis-simple-download.php:115
actionparse_requestceltis-simple-download.php:118
filterpost_password_expiresceltis-simple-download.php:120
actioninitceltis-simple-download.php:226
filterceltisdl_password_statceltisdl-download.php:116
filterpost_password_requiredceltisdl-download.php:169
actionadmin_initceltisdl-setting.php:25
actionadmin_menuceltisdl-setting.php:27
filterupload_dirceltisdl-setting.php:45
filtermap_meta_capceltisdl-setting.php:64
filtersanitize_file_nameceltisdl-setting.php:85
filterbig_image_size_thresholdceltisdl-setting.php:102
Maintenance & Trust

Simple Download with password Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 9, 2025
PHP min version8.1
Downloads818

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Simple Download with password Alternatives

Temporary Login Without Password

Temporary Login Without Password

temporary-login-without-password

A
100

Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username/password) with your developers or editors.

100K 1 CVE
Download Monitor

Download Monitor

download-monitor

B
82

Powerful Download Manager Plugin for WordPress

90K 26 CVEs
Password Policy Manager | Password Manager

Password Policy Manager | Password Manager

password-policy-manager

A
96

Enforce strong passwords with expiry, reset, score checks, inactive user lock, and user password management using Password Policy Manager.

6K 2 CVEs
Secure Passkeys

Secure Passkeys

secure-passkeys

A
99

Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.

1K 1 CVE
Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress

Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress

login-me-now

A
98

Login Me Now combines Passwordless Login, Email Magic Links, Phone OTP Verification, Temporary Logins, Social Logins (Google & Facebook), User Swi …

400 1 CVE
Developer Profile

Simple Download with password Developer Profile

enomoto celtislab

12 plugins · 9K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Simple Download with password

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/celtis-simple-download/style.css

HTML / DOM Fingerprints

Shortcode Output
celtisdl_download
FAQ

Frequently Asked Questions about Simple Download with password