WP-Safety

Download After Email – Subscribe & Download Form Plugin Security & Risk Analysis

wordpress.org/plugins/download-after-email

Download After Email is a free Subscribe & Download plugin that allows you to gain subscribers by offering free downloads.

7K active installs v2.1.9 PHP 5.6+ WP 5.6+ Updated Aug 27, 2025
download-formdownloadsmailchimpopt-insubscribe
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJan 24, 2026
Plugin page Download
Safety Verdict

Is Download After Email – Subscribe & Download Form Plugin Safe to Use in 2026?

Mostly Safe

Score 76/100

Download After Email – Subscribe & Download Form Plugin is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jan 24, 2026Updated 7mo ago
Risk Assessment

The 'download-after-email' plugin v2.1.9 presents a mixed security posture with several concerning areas despite some good practices. The plugin demonstrates a strong adherence to secure coding practices concerning SQL queries and output escaping, with 96% and 98% respectively being properly handled. It also incorporates a reasonable number of nonce and capability checks. However, a significant concern arises from the attack surface, where 4 out of 10 AJAX handlers lack authentication checks, leaving them vulnerable to unauthorized access and potential exploitation. The taint analysis, while not revealing critical or high severity issues, did identify 2 high-severity flows with unsanitized paths, indicating a risk of sensitive data handling or execution pathways being compromised if not properly validated.

The vulnerability history reveals a pattern of medium severity issues, specifically related to missing authorization and uncontrolled resource consumption. The presence of an unpatched CVE, even if medium severity, is a direct and ongoing risk that cannot be ignored. The fact that the last vulnerability was recent (2026-01-24) suggests ongoing security challenges with this plugin. Overall, while the plugin has strengths in its core coding practices, the unprotected AJAX endpoints, taint flow concerns, and unpatched vulnerability significantly increase its risk profile.

Key Concerns

  • Unprotected AJAX handlers
  • Unpatched CVE
  • High severity taint flows
Vulnerabilities
2

Download After Email – Subscribe & Download Form Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-24541medium · 5.3Missing Authorization

Download After Email <= 2.1.9 - Missing Authorization

Jan 24, 2026Unpatched
CVE-2025-54743medium · 5.3Uncontrolled Resource Consumption

Download After Email 2.1.5 - 2.1.6 - Unauthorized Repeated Form Submissions

Sep 25, 2025 Patched in 2.1.7 (6d)
Code Analysis
Analyzed Mar 16, 2026

Download After Email – Subscribe & Download Form Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
48 prepared
Unescaped Output
10
461 escaped
Nonce Checks
9
Capability Checks
12
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

96% prepared50 total queries

Output Escaping

98% escaped471 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths
dae_search_subscribers (includes\admin-menu.php:430)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Download After Email – Subscribe & Download Form Plugin Attack Surface

Entry Points11
Unprotected4

AJAX Handlers 10

authwp_ajax_dae_search_subscribersincludes\admin-menu.php:429
authwp_ajax_dae_change_page_subscribersincludes\admin-menu.php:451
authwp_ajax_dae_remove_subscriberincludes\admin-menu.php:472
authwp_ajax_dae_change_background_typeincludes\post-types.php:435
authwp_ajax_dae_open_previewincludes\post-types.php:645
authwp_ajax_dae_create_ajax_nonceincludes\shortcodes.php:396
noprivwp_ajax_dae_create_ajax_nonceincludes\shortcodes.php:397
authwp_ajax_dae_send_downloadlinkincludes\shortcodes.php:417
noprivwp_ajax_dae_send_downloadlinkincludes\shortcodes.php:418
authwp_ajax_dae_update_databaseincludes\update.php:112

Shortcodes 1

[download_after_email] includes\shortcodes.php:354
WordPress Hooks 26
actionadmin_noticesdae.php:44
actioninitdae.php:67
actionwp_enqueue_scriptsdae.php:321
actionadmin_enqueue_scriptsdae.php:343
actionadmin_noticesdae.php:389
actionadmin_noticesdae.php:406
actionadmin_initincludes\admin-menu.php:69
actionadmin_menuincludes\admin-menu.php:77
actiondae_subscribers_bottomincludes\admin-menu.php:492
filteradmin_footer_textincludes\admin-menu.php:626
actioninitincludes\cron.php:7
actiondae_cleanup_expired_transientsincludes\cron.php:15
actioninitincludes\download.php:7
actioninitincludes\post-types.php:7
filterpost_updated_messagesincludes\post-types.php:56
actionsave_postincludes\post-types.php:498
filtermanage_dae_download_posts_columnsincludes\post-types.php:688
actionmanage_dae_download_posts_custom_columnincludes\post-types.php:701
actioninitincludes\preview.php:7
actioninitincludes\shortcodes.php:351
actionphpmailer_initincludes\shortcodes.php:596
filterwp_mail_content_typeincludes\shortcodes.php:605
filterwp_mail_fromincludes\shortcodes.php:616
filterwp_mail_from_nameincludes\shortcodes.php:627
actionphpmailer_initincludes\shortcodes.php:689
actionadmin_noticesincludes\update.php:35

Scheduled Events 1

dae_cleanup_expired_transients
Maintenance & Trust

Download After Email – Subscribe & Download Form Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 27, 2025
PHP min version5.6
Downloads128K

Community Trust

Rating88/100
Number of ratings30
Active installs7K
Alternatives

Download After Email – Subscribe & Download Form Plugin Alternatives

MC4WP: Mailchimp for WordPress

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

A
92

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs
MailChimp Forms by MailMunch

MailChimp Forms by MailMunch

mailchimp-forms-by-mailmunch

A
97

MailChimp Forms to get more email subscribers. Subscribe your WordPress visitors to your MailChimp lists easily.

10K 5 CVEs
MC4WP: Mailchimp Top Bar

MC4WP: Mailchimp Top Bar

mailchimp-top-bar

A
99

Adds a Mailchimp opt-in form to the top or bottom of your WordPress site.

7K 1 CVE
Another Mailchimp Widget

Another Mailchimp Widget

another-mailchimp-widget

A
92

Simple Mailchimp subscription form to your lists and groups.

5K No CVEs
Convertful – Your Ultimate On-Site Conversion Tool

Convertful – Your Ultimate On-Site Conversion Tool

convertful

A
100

All the modern on-site conversion solutions, natively integrates with all modern Email Marketing Platforms.

4K 1 CVE
Developer Profile

Download After Email – Subscribe & Download Form Plugin Developer Profile

mkscripts

1 plugin · 7K total installs

83
trust score
Avg Security Score
76/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Download After Email – Subscribe & Download Form Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/download-after-email/css/dae-style.css/wp-content/plugins/download-after-email/js/dae-script.js
Version Parameters
download-after-email/css/dae-style.css?ver=download-after-email/js/dae-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
dae-form-containerdae-download-linkdae-subscriber-formdae-success-message
HTML Comments
<!-- DAE deny access download files --><!-- DAEP
Data Attributes
data-dae-iddata-dae-file
JS Globals
dae_ajax_object
Shortcode Output
[download_after_email][download-after-email]
FAQ

Frequently Asked Questions about Download After Email – Subscribe & Download Form Plugin