Does Download Manager MS have any unpatched vulnerabilities?

No. All known vulnerabilities in Download Manager MS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Download Manager MS compatible with WordPress 3.5.0?

According to WordPress.org data, Download Manager MS 1.1.0 has been tested up to WordPress 3.5.0. Check the plugin's changelog for the latest compatibility information.

How often is Download Manager MS updated?

Download Manager MS was last updated on Dec 9, 2012. Frequent updates are generally a positive security signal.

What is Download Manager MS's security score?

Download Manager MS has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Download Manager MS Security & Risk Analysis

wordpress.org/plugins/download-manager-ms

Download manager with multisite support. Stats charts, shortcodes for download buttons and forms, easy file uploads, and much more.

10 active installs v1.1.0 PHP + WP 3.1.0+ Updated Dec 9, 2012

downloaddownload-managerdownloadsfile-managerfiles

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Download Manager MS Safe to Use in 2026?

Generally Safe

Score 85/100

Download Manager MS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The download-manager-ms plugin v1.1.0 presents a mixed security posture. While it boasts no recorded CVEs, indicating a potentially stable history, the static analysis reveals significant concerns regarding its attack surface and output handling. The presence of two AJAX handlers without authentication checks represents a direct pathway for unauthenticated attackers to potentially interact with sensitive plugin functionalities. Furthermore, the alarming statistic of 0% properly escaped output across 192 outputs suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into user sessions. The plugin also utilizes a considerable number of SQL queries (42), and while 76% use prepared statements, the remaining 24% could still pose a risk if not handled carefully. The lack of taint analysis data is a weakness, as it prevents a deeper understanding of how user-supplied data flows through the application and is processed.

Key Concerns

AJAX handlers without auth checks
Output escaping: 0% properly escaped
SQL queries without prepared statements (24% of 42)
Limited taint analysis data

Vulnerabilities

None known

Download Manager MS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Download Manager MS Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

192

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

76% prepared42 total queries

Output Escaping

0% escaped192 total outputs

Attack Surface

2 unprotected

Download Manager MS Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_bq_download_admininit.php:38

authwp_ajax_bq_download_email_fileinit.php:44

Shortcodes 1

[bqdownload] init.php:46

WordPress Hooks 8

actionplugins_loadedinit.php:32

actioninitinit.php:33

actionadmin_headinit.php:36

actionadmin_enqueue_scriptsinit.php:37

actionadmin_menuinit.php:39

actionwp_headinit.php:42

actionwp_enqueue_scriptsinit.php:43

filterthe_contentinit.php:56

Maintenance & Trust

Download Manager MS Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.0

Last updatedDec 9, 2012

PHP min version

Downloads5K

Community Trust

Rating20/100

Number of ratings3

Active installs10

Alternatives

Download Manager MS Alternatives

Simple Download Counter

simple-download-counter

Simply counts the number of times your files are downloaded. Display download links and counts using shortcodes.

2K 4 CVEs

Simple Download Manager – Hizzle Downloads

hizzle-downloads

100

Easily add, restrict, and track digital downloads in WordPress — protect files with passwords, user roles, IPs, or subscriber access.

10 No CVEs

Download Manager

download-manager

This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.

100K 74 CVEs

File Manager Pro – Filester

filester

Advanced File Manager and Code Editor. Best WordPress file manager without FTP access. No need to upgrade because this is PRO version.

100K 9 CVEs

Download Monitor

download-monitor

Powerful Download Manager Plugin for WordPress

90K 25 CVEs

Developer Profile

Download Manager MS Developer Profile

bquade

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Download Manager MS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/download-manager-ms/css/bq-download-admin.css/wp-content/plugins/download-manager-ms/css/bq-download.css/wp-content/plugins/download-manager-ms/css/bq-pager.css/wp-content/plugins/download-manager-ms/css/bq-sorter.css/wp-content/plugins/download-manager-ms/css/font-awesome.min.css/wp-content/plugins/download-manager-ms/js/bq-download-admin.js/wp-content/plugins/download-manager-ms/js/bq-download.js/wp-content/plugins/download-manager-ms/js/bq-pager.js+1 more

Script Paths

/wp-content/plugins/download-manager-ms/js/bq-download-admin.js/wp-content/plugins/download-manager-ms/js/bq-download.js/wp-content/plugins/download-manager-ms/js/bq-pager.js/wp-content/plugins/download-manager-ms/js/bq-sorter.js

Version Parameters

download-manager-ms/css/bq-download-admin.css?ver=download-manager-ms/css/bq-download.css?ver=download-manager-ms/css/bq-pager.css?ver=download-manager-ms/css/bq-sorter.css?ver=download-manager-ms/css/font-awesome.min.css?ver=download-manager-ms/js/bq-download-admin.js?ver=download-manager-ms/js/bq-download.js?ver=download-manager-ms/js/bq-pager.js?ver=download-manager-ms/js/bq-sorter.js?ver=

HTML / DOM Fingerprints

CSS Classes

bq_download_admin_settings_pagebq_download_files_pagebq_download_email_pagebq_download_help_pagebq_download_about_pagebq_download_formbq_download_buttonbq_download_list_wrap+29 more

HTML Comments

+12 more

Data Attributes

data-bq-download-iddata-bq-download-namedata-bq-download-emaildata-bq-download-keydata-bq-download-noncedata-bq-download-file-id+1 more

JS Globals

BQDownloadAdminBQDownloadBQDownloadModelBQDownloadUtilBQPagerBQSorter+2 more

Shortcode Output

[bqdownload]

FAQ