Does Email Gated Downloads have any unpatched vulnerabilities?

No. All known vulnerabilities in Email Gated Downloads have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Email Gated Downloads compatible with WordPress 6.9.4?

According to WordPress.org data, Email Gated Downloads 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Email Gated Downloads compatible with PHP 7.4+?

Email Gated Downloads requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Email Gated Downloads updated?

Email Gated Downloads was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Email Gated Downloads's security score?

Email Gated Downloads has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Email Gated Downloads Security & Risk Analysis

wordpress.org/plugins/coreessentials-email-gated-downloads

Email gated downloads for WordPress: collect emails with a GDPR friendly download form before visitors can download your PDF or ZIP lead magnet.

30 active installs v1.0.1 PHP 7.4+ WP 5.0+ Updated Unknown

email-capturegated-contentgdprlead-magnetpdf-download

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Email Gated Downloads Safe to Use in 2026?

Generally Safe

Score 100/100

Email Gated Downloads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "coreessentials-email-gated-downloads" plugin v1.0.1 exhibits a generally good security posture due to its adherence to several best practices. The plugin successfully implements nonce checks and capability checks for its entry points, indicating an effort to prevent common unauthorized access vulnerabilities. Furthermore, the high percentage of prepared SQL statements and properly escaped output suggests a developer mindful of preventing SQL injection and cross-site scripting (XSS) flaws. The absence of external HTTP requests and file operations outside of basic handling also reduces the attack surface.

However, the taint analysis reveals two flows with unsanitized paths, flagged as high severity. This is a significant concern as it suggests potential vulnerabilities where user-supplied input might not be adequately validated or cleaned before being used in operations involving file paths, which could lead to directory traversal or other file system manipulation attacks. While the vulnerability history is clean, this specific taint flow warrants immediate attention and remediation.

In conclusion, the plugin demonstrates a strong foundation in secure coding practices, particularly regarding authentication and output sanitization. The clean vulnerability history is a positive indicator. Nevertheless, the identified high-severity taint flows with unsanitized paths represent a critical weakness that must be addressed to ensure the plugin's overall security. The limited attack surface and the developer's attention to other security best practices are commendable, but the identified path handling issue is a notable exception.

Key Concerns

High severity taint flow with unsanitized path
High severity taint flow with unsanitized path

Vulnerabilities

None known

Email Gated Downloads Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Email Gated Downloads Code Analysis

Dangerous Functions

Raw SQL Queries

34 prepared

Unescaped Output

122 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

74% prepared46 total queries

Output Escaping

95% escaped129 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

spdfed_handle_free_file_upload (includes\admin-ui.php:978)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Email Gated Downloads Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_spdfed_dismiss_noticeincludes\admin-ui.php:1264

authwp_ajax_spdfed_repair_file_metadataincludes\admin-ui.php:1303

Shortcodes 1

[spdfed_download_form] includes\shortcode.php:6

WordPress Hooks 17

actionadmin_initincludes\admin-ui.php:11

actionadmin_menuincludes\admin-ui.php:105

actionadmin_enqueue_scriptsincludes\admin-ui.php:108

actionadmin_post_spdfed_handle_free_file_uploadincludes\admin-ui.php:974

actionadmin_post_spdfed_migrate_free_to_cptincludes\admin-ui.php:1140

actionadmin_post_spdfed_remove_free_fileincludes\admin-ui.php:1141

actionadmin_headincludes\admin-ui.php:1337

actionadmin_initincludes\export.php:10

filterupload_dirincludes\file-manager.php:83

filterwp_handle_upload_prefilterincludes\file-manager.php:84

filterupload_dirincludes\file-manager.php:154

filterwp_handle_upload_prefilterincludes\file-manager.php:155

actionadmin_post_nopriv_spdfed_downloadincludes\form-handler.php:10

actionadmin_post_spdfed_downloadincludes\form-handler.php:11

actionadmin_initincludes\setup.php:533

actionadmin_noticesincludes\setup.php:535

actionwp_enqueue_scriptsincludes\shortcode.php:7

Maintenance & Trust

Email Gated Downloads Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads323

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Email Gated Downloads Alternatives

Download Magnet

download-magnet

100

This plugin provides an easy-to-use way of capturing email addresses when the end user wishes to download a file.

90 No CVEs

Lead Magnet Locker

lead-magnet-locker

100

Securely lock downloads behind email capture. Simple setup, scheduling, analytics, and protected links.

0 No CVEs

Complianz – GDPR/CCPA Cookie Consent

complianz-gdpr

Configure your Cookie Banner, Cookie Consent and Cookie Policy with our Wizard and Cookies Scan.

1.0M 9 CVEs

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

cookie-law-info

100

Easily set up cookie banner or notice in WordPress, and policy pages for compliance with global cookie laws (GDPR, DSGVO, RGPD, CCPA/CPRA, etc).

1.0M 1 CVE

Cookie Notice & Compliance for GDPR / CCPA

cookie-notice

Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.

900K 6 CVEs

Developer Profile

Email Gated Downloads Developer Profile

Core Essentials

4 plugins · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Email Gated Downloads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/coreessentials-email-gated-downloads/assets/css/admin.css

Version Parameters

coreessentials-email-gated-downloads/assets/css/admin.css?ver=1.0.0

HTML / DOM Fingerprints

HTML Comments

DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THE
     * `function_exists` CALL ABOVE TO PROPERLY WORK.

Data Attributes

data-plugin-id="20795"data-premium-slug="email-gated-downloads-premium"

JS Globals

spdfed_fs

FAQ