Does Download Directory have any unpatched vulnerabilities?

No. All known vulnerabilities in Download Directory have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Download Directory compatible with WordPress 4.5.33?

According to WordPress.org data, Download Directory 1.0.1 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is Download Directory updated?

Download Directory was last updated on Aug 6, 2016. Frequent updates are generally a positive security signal.

What is Download Directory's security score?

Download Directory has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Download Directory Security & Risk Analysis

wordpress.org/plugins/download-directory

Create a download directory website in a minute. Allow user to receive update alert for new software's version.

20 active installs v1.0.1 PHP + WP 4+ Updated Aug 6, 2016

ajaxdirectorydownloaddownload-managerdownloads

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Download Directory Safe to Use in 2026?

Generally Safe

Score 85/100

Download Directory has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The download-directory v1.0.1 plugin exhibits a concerning security posture primarily due to its extensive use of AJAX handlers without any authentication or authorization checks. This presents a significant attack surface, as any unauthenticated user could potentially interact with these eight entry points, leading to unintended actions or information disclosure. While the static analysis did not reveal dangerous functions, external requests, or file operations, the complete lack of input sanitization checks in the AJAX handlers, coupled with the absence of taint analysis results (which might indicate a lack of thorough testing for such issues), raises a red flag. The plugin's SQL queries are also a point of concern, as 100% of them are not using prepared statements, increasing the risk of SQL injection vulnerabilities. Despite the absence of any recorded historical vulnerabilities, this does not guarantee current safety. The plugin's strengths lie in its proper output escaping for a majority of outputs and the presence of nonce and capability checks in other areas of the code, suggesting some security awareness. However, the critical omission of authentication on the AJAX endpoints and the unmitigated SQL query risks significantly outweigh these positives, making the overall security posture weak and requiring immediate attention.

Key Concerns

Unprotected AJAX handlers
SQL queries without prepared statements
High number of AJAX handlers

Vulnerabilities

None known

Download Directory Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Download Directory Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

180 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared8 total queries

Output Escaping

77% escaped234 total outputs

Attack Surface

8 unprotected

Download Directory Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_add_alert_downincludes\class-dwn-repo-pro.php:213

noprivwp_ajax_add_alert_downincludes\class-dwn-repo-pro.php:214

authwp_ajax_remove_alert_downincludes\class-dwn-repo-pro.php:216

noprivwp_ajax_remove_alert_downincludes\class-dwn-repo-pro.php:217

authwp_ajax_add_alert_downtrunk\includes\class-dwn-repo-pro.php:213

noprivwp_ajax_add_alert_downtrunk\includes\class-dwn-repo-pro.php:214

authwp_ajax_remove_alert_downtrunk\includes\class-dwn-repo-pro.php:216

noprivwp_ajax_remove_alert_downtrunk\includes\class-dwn-repo-pro.php:217

WordPress Hooks 108

filterthe_titleadmin\class-dwn-repo-pro-admin.php:213

actionadd_meta_boxesadmin\metabox.php:83

actionsave_postadmin\metabox.php:84

actionplugins_loadedincludes\class-dwn-repo-pro.php:160

actioninitincludes\class-dwn-repo-pro.php:175

actioninitincludes\class-dwn-repo-pro.php:176

actiontgmpa_registerincludes\class-dwn-repo-pro.php:178

actionadmin_enqueue_scriptsincludes\class-dwn-repo-pro.php:180

actionadmin_enqueue_scriptsincludes\class-dwn-repo-pro.php:181

actionwidgets_initincludes\class-dwn-repo-pro.php:182

filtermanage_posts_columnsincludes\class-dwn-repo-pro.php:183

actionupdate_post_metaincludes\class-dwn-repo-pro.php:186

actionadmin_noticesincludes\class-dwn-repo-pro.php:187

actionwp_enqueue_scriptsincludes\class-dwn-repo-pro.php:205

actionwp_enqueue_scriptsincludes\class-dwn-repo-pro.php:206

actionwp_headincludes\class-dwn-repo-pro.php:209

actiontemplate_redirectincludes\class-dwn-repo-pro.php:229

filterpost_type_linkincludes\class-dwn-repo-pro.php:235

actioninitincludes\class-dwn-repo-pro.php:237

filterrequestincludes\class-dwn-repo-pro.php:238

filterpost_thumbnail_htmlincludes\class-dwn-repo-pro.php:241

actionmanage_posts_custom_columnincludes\class-dwn-repo-pro.php:242

filterthe_titleincludes\class-dwn-repo-pro.php:245

filterget_the_excerptincludes\class-dwn-repo-pro.php:246

filterthe_contentincludes\class-dwn-repo-pro.php:247

filterthe_contentincludes\class-dwn-repo-pro.php:248

filterthe_postsincludes\class-dwn-repo-pro.php:251

actioninitincludes\class-tgm-plugin-activation.php:268

filterload_textdomain_mofileincludes\class-tgm-plugin-activation.php:269

actioninitincludes\class-tgm-plugin-activation.php:272

actionadmin_menuincludes\class-tgm-plugin-activation.php:421

actionadmin_headincludes\class-tgm-plugin-activation.php:422

filterinstall_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:425

filterupdate_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:426

actionadmin_noticesincludes\class-tgm-plugin-activation.php:429

actionadmin_initincludes\class-tgm-plugin-activation.php:430

actionadmin_enqueue_scriptsincludes\class-tgm-plugin-activation.php:431

actionload-plugins.phpincludes\class-tgm-plugin-activation.php:436

actionswitch_themeincludes\class-tgm-plugin-activation.php:439

actionswitch_themeincludes\class-tgm-plugin-activation.php:442

actionadmin_initincludes\class-tgm-plugin-activation.php:447

actionswitch_themeincludes\class-tgm-plugin-activation.php:452

actionload_textdomain_mofileincludes\class-tgm-plugin-activation.php:475

filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:889

actionplugins_loadedincludes\class-tgm-plugin-activation.php:2112

filtertgmpa_table_data_itemsincludes\class-tgm-plugin-activation.php:2236

filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:2977

actionadmin_initincludes\class-tgm-plugin-activation.php:3147

actionupgrader_process_completeincludes\class-tgm-plugin-activation.php:3242

filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3301

filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3446

filterpost_thumbnail_htmlpublic\class-dwn-repo-template-functions.php:313

filterthe_contentpublic\class-dwn-repo-template-functions.php:331

filterthe_titlepublic\class-dwn-repo-template-functions.php:410

filterthe_titletrunk\admin\class-dwn-repo-pro-admin.php:213

actionadd_meta_boxestrunk\admin\metabox.php:83

actionsave_posttrunk\admin\metabox.php:84

actionplugins_loadedtrunk\includes\class-dwn-repo-pro.php:160

actioninittrunk\includes\class-dwn-repo-pro.php:175

actioninittrunk\includes\class-dwn-repo-pro.php:176

actiontgmpa_registertrunk\includes\class-dwn-repo-pro.php:178

actionadmin_enqueue_scriptstrunk\includes\class-dwn-repo-pro.php:180

actionadmin_enqueue_scriptstrunk\includes\class-dwn-repo-pro.php:181

actionwidgets_inittrunk\includes\class-dwn-repo-pro.php:182

filtermanage_posts_columnstrunk\includes\class-dwn-repo-pro.php:183

actionupdate_post_metatrunk\includes\class-dwn-repo-pro.php:186

actionadmin_noticestrunk\includes\class-dwn-repo-pro.php:187

actionwp_enqueue_scriptstrunk\includes\class-dwn-repo-pro.php:205

actionwp_enqueue_scriptstrunk\includes\class-dwn-repo-pro.php:206

actionwp_headtrunk\includes\class-dwn-repo-pro.php:209

actiontemplate_redirecttrunk\includes\class-dwn-repo-pro.php:229

filterpost_type_linktrunk\includes\class-dwn-repo-pro.php:235

actioninittrunk\includes\class-dwn-repo-pro.php:237

filterrequesttrunk\includes\class-dwn-repo-pro.php:238

filterpost_thumbnail_htmltrunk\includes\class-dwn-repo-pro.php:241

actionmanage_posts_custom_columntrunk\includes\class-dwn-repo-pro.php:242

filterthe_titletrunk\includes\class-dwn-repo-pro.php:245

filterget_the_excerpttrunk\includes\class-dwn-repo-pro.php:246

filterthe_contenttrunk\includes\class-dwn-repo-pro.php:247

filterthe_contenttrunk\includes\class-dwn-repo-pro.php:248

filterthe_poststrunk\includes\class-dwn-repo-pro.php:251

actioninittrunk\includes\class-tgm-plugin-activation.php:268

filterload_textdomain_mofiletrunk\includes\class-tgm-plugin-activation.php:269

actioninittrunk\includes\class-tgm-plugin-activation.php:272

actionadmin_menutrunk\includes\class-tgm-plugin-activation.php:421

actionadmin_headtrunk\includes\class-tgm-plugin-activation.php:422

filterinstall_plugin_complete_actionstrunk\includes\class-tgm-plugin-activation.php:425

filterupdate_plugin_complete_actionstrunk\includes\class-tgm-plugin-activation.php:426

actionadmin_noticestrunk\includes\class-tgm-plugin-activation.php:429

actionadmin_inittrunk\includes\class-tgm-plugin-activation.php:430

actionadmin_enqueue_scriptstrunk\includes\class-tgm-plugin-activation.php:431

actionload-plugins.phptrunk\includes\class-tgm-plugin-activation.php:436

actionswitch_themetrunk\includes\class-tgm-plugin-activation.php:439

actionswitch_themetrunk\includes\class-tgm-plugin-activation.php:442

actionadmin_inittrunk\includes\class-tgm-plugin-activation.php:447

actionswitch_themetrunk\includes\class-tgm-plugin-activation.php:452

actionload_textdomain_mofiletrunk\includes\class-tgm-plugin-activation.php:475

filterupgrader_source_selectiontrunk\includes\class-tgm-plugin-activation.php:889

actionplugins_loadedtrunk\includes\class-tgm-plugin-activation.php:2112

filtertgmpa_table_data_itemstrunk\includes\class-tgm-plugin-activation.php:2236

filterupgrader_source_selectiontrunk\includes\class-tgm-plugin-activation.php:2977

actionadmin_inittrunk\includes\class-tgm-plugin-activation.php:3147

actionupgrader_process_completetrunk\includes\class-tgm-plugin-activation.php:3242

filterupgrader_post_installtrunk\includes\class-tgm-plugin-activation.php:3301

filterupgrader_post_installtrunk\includes\class-tgm-plugin-activation.php:3446

filterpost_thumbnail_htmltrunk\public\class-dwn-repo-template-functions.php:313

filterthe_contenttrunk\public\class-dwn-repo-template-functions.php:331

filterthe_titletrunk\public\class-dwn-repo-template-functions.php:410

Maintenance & Trust

Download Directory Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedAug 6, 2016

PHP min version

Downloads5K

Community Trust

Rating60/100

Number of ratings1

Active installs20

Alternatives

Download Directory Alternatives

Simple Download Counter

simple-download-counter

Simply counts the number of times your files are downloaded. Display download links and counts using shortcodes.

2K 5 CVEs

CM Download Manager – Organize, Protect & Share Files in WordPress

cm-download-manager

Manage and protect your downloads in WordPress with secure access, categories, and powerful file sharing.

100 10 CVEs

Download Manager MS

download-manager-ms

Download manager with multisite support. Stats charts, shortcodes for download buttons and forms, easy file uploads, and much more.

10 No CVEs

Advanced Ajax Search For Easy Digital Downloads (EDD)

edd-search

100

Ajax Search for Easy Digital Downloads

10 No CVEs

Simple Download Manager – Hizzle Downloads

hizzle-downloads

100

Easily add, restrict, and track digital downloads in WordPress — protect files with passwords, user roles, IPs, or subscriber access.

10 No CVEs

Developer Profile

Download Directory Developer Profile

Hasan Shahriar

6 plugins · 1K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

144 days

View full developer profile

Detection Fingerprints

How We Detect Download Directory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/download-directory/admin/css/dwn-repo-pro-admin.css/wp-content/plugins/download-directory/admin/js/dwn-repo-pro-admin.js

Script Paths

/wp-content/plugins/download-directory/admin/js/dwn-repo-pro-admin.js

Version Parameters

dwn-repo-pro-admin.css?ver=dwn-repo-pro-admin.js?ver=

HTML / DOM Fingerprints

FAQ

Download Directory Security & Risk Analysis

Is Download Directory Safe to Use in 2026?

Generally Safe

Key Concerns

Download Directory Security Vulnerabilities

Download Directory Code Analysis

SQL Query Safety

Output Escaping

Download Directory Attack Surface

AJAX Handlers 8

Download Directory Maintenance & Trust

Maintenance Signals

Community Trust

Download Directory Alternatives

Simple Download Counter

CM Download Manager – Organize, Protect & Share Files in WordPress

Download Manager MS

Advanced Ajax Search For Easy Digital Downloads (EDD)

Simple Download Manager – Hizzle Downloads

Download Directory Developer Profile

How We Detect Download Directory

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Download Directory