Does Download Monitor have any unpatched vulnerabilities?

No. All known vulnerabilities in Download Monitor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Download Monitor compatible with WordPress 6.9.4?

According to WordPress.org data, Download Monitor 5.1.10 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Download Monitor compatible with PHP 7.4+?

Download Monitor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Download Monitor updated?

Download Monitor was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Download Monitor's security score?

Download Monitor has a WP-Safety security score of 86/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Download Monitor Security & Risk Analysis

wordpress.org/plugins/download-monitor

Powerful Download Manager Plugin for WordPress

90K active installs v5.1.10 PHP 7.4+ WP 6.4+ Updated Mar 5, 2026

digital-storedownload-managerecommercefile-managerpassword-protection

A · Safe

CVEs total25

Unpatched0

Last CVEMay 7, 2025

Plugin page Download

Safety Verdict

Is Download Monitor Safe to Use in 2026?

Generally Safe

Score 86/100

Download Monitor has a strong security track record. Known vulnerabilities have been patched promptly.

25 known CVEsLast CVE: May 7, 2025Updated 29d ago

Risk Assessment

The "download-monitor" plugin version 5.1.10 exhibits a mixed security posture. While it demonstrates good practices in areas like utilizing prepared statements for SQL queries and implementing nonce and capability checks, significant concerns arise from its attack surface and historical vulnerability profile.

The static analysis reveals a considerable attack surface with 59 entry points, one of which lacks proper authentication checks. This unprotected entry point is a critical weakness, potentially allowing unauthorized access or manipulation. Furthermore, the presence of "unserialize" calls, coupled with three high-severity taint flows with unsanitized paths, suggests a risk of code injection or arbitrary code execution if these flows are triggered by malicious input.

The plugin's history of 25 CVEs, including a recent critical vulnerability, is a major red flag. The diversity of past vulnerability types, ranging from remote file inclusion and SQL injection to SSRF and XSS, indicates a recurring struggle with secure coding practices across various attack vectors. The fact that there are currently no unpatched CVEs is positive, but the sheer volume and severity of past issues warrant extreme caution. In conclusion, while the plugin shows some good security habits, the unprotected entry point, critical taint flows, and extensive history of severe vulnerabilities present a significant risk that requires careful consideration and ongoing vigilance.

Key Concerns

Unprotected AJAX handler
High severity taint flows with unsanitized paths (3)
Dangerous function: unserialize
Large attack surface (59 entry points)
Total known CVEs: 25
Past critical CVEs (1)
Past high severity CVEs (6)
File operations present
External HTTP requests present
Bundled library: Select2

Vulnerabilities

Download Monitor Security Vulnerabilities

CVEs by Year

1 CVE in 2008

2008

1 CVE in 2012

2012

2 CVEs in 2013

2013

3 CVEs in 2015

2015

1 CVE in 2017

2017

4 CVEs in 2021

2021

4 CVEs in 2022

2022

3 CVEs in 2023

2023

5 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

25 total CVEs

CVE-2025-47439high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Download Monitor <= 5.0.22 - Authenticated (Contributor+) Local File Inclusion

May 7, 2025 Patched in 5.0.23 (7d)

CVE-2024-10399medium · 4.3Missing Authorization

Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure

Oct 29, 2024 Patched in 5.0.14 (1d)

CVE-2024-10092medium · 4.3Missing Authorization

Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation

Oct 25, 2024 Patched in 5.0.13 (1d)

CVE-2024-8552medium · 4.3Missing Authorization

Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable

Sep 25, 2024 Patched in 5.0.10 (1d)

CVE-2024-3269medium · 5.4Improper Authorization

Download Monitor <= 4.9.13 - Missing Authorization

May 29, 2024 Patched in 4.9.14 (1d)

CVE-2024-30501high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Download Monitor <= 4.9.4 - Authenticated (Admin+) SQL Injection

Jan 8, 2024 Patched in 4.9.5 (87d)

CVE-2023-34007high · 8.8Unrestricted Upload of File with Dangerous Type

Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file

Jun 7, 2023 Patched in 4.8.4 (230d)

CVE-2023-31219medium · 5.5Server-Side Request Forgery (SSRF)

Download Monitor <= 4.8.1 - Authenticated (Admin+) Server-Side Request Forgery

May 30, 2023 Patched in 4.8.2 (238d)

CVE-2022-45354medium · 5.4Missing Authorization

Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API

May 10, 2023 Patched in 4.7.70 (525d)

CVE-2022-4972high · 7.5Missing Authorization

Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export

Nov 26, 2022 Patched in 4.7.52 (690d)

WF-4f7fa5a4-07d7-4815-b393-871568777b0f-download-monitormedium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure

Nov 1, 2022 Patched in 4.7.3 (448d)

CVE-2022-2981medium · 6.8Files or Directories Accessible to External Parties

Download Monitor <= 4.5.97 - Authenticated (Administrator+) Arbitrary File Download

Sep 19, 2022 Patched in 4.5.98 (491d)

CVE-2022-2222medium · 4.9Files or Directories Accessible to External Parties

Download Monitor <= 4.5.9 - Authenticated Arbitrary File Download

Jun 27, 2022 Patched in 4.5.91 (575d)

CVE-2021-36920medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Monitor <= 4.4.6 - Reflected Cross-Site Scripting

Oct 29, 2021 Patched in 4.4.7 (816d)

CVE-2021-31567medium · 6.8Files or Directories Accessible to External Parties

Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download

Oct 29, 2021 Patched in 4.4.7 (816d)

CVE-2021-23174medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Monitor <= 4.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 29, 2021 Patched in 4.4.7 (816d)

CVE-2021-24786high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Download Monitor <= 4.4.4 - Admin+ SQL Injection via orderby parameter

Oct 20, 2021 Patched in 4.4.5 (825d)

WF-c320e437-c1b4-4ccf-9dfd-55ba9c810534-download-monitormedium · 6.5Missing Authorization

Download Monitor <= 1.9.6 - Missing Authorization

May 5, 2017 Patched in 1.9.7 (2454d)

CVE-2015-9296medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Monitor < 1.7.1 - Reflected Cross-Site Scripting

Apr 20, 2015 Patched in 1.7.1 (3200d)

WF-93cb6d59-6654-4ce1-b65f-0e162ae58bac-download-monitormedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Monitor <= 1.6.4 - Reflected Cross-Site Scripting

Apr 20, 2015 Patched in 1.6.5 (3200d)

WF-f71ab7bb-886a-4661-92b5-d9ac52901494-download-monitormedium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Download Monitor <= 1.6.3 - Directory Listing to Information Disclosure

Mar 8, 2015 Patched in 1.6.4 (3243d)

CVE-2013-5098high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Monitor < 3.3.6.2 - Cross-Site Scripting via sort Parameter

Jul 23, 2013 Patched in 3.3.6.2 (3836d)

CVE-2013-3262medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter

Jul 22, 2013 Patched in 3.3.6.2 (3837d)

CVE-2012-4768medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Monitor <= 3.3.5.8 - Reflected Cross-Site Scripting

Sep 6, 2012 Patched in 3.3.5.9 (4156d)

CVE-2008-2034critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Download Monitor <= 2.0.6 - Unauthenticated SQL Injection

Apr 28, 2008 Patched in 2.0.9 (5748d)

Code Analysis

Analyzed Mar 16, 2026

Download Monitor Code Analysis

Dangerous Functions

Raw SQL Queries

175 prepared

Unescaped Output

216

1183 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = unserialize( $extension['option_value'] );src\Admin\Extensions.php:523

unserialize$user_roles = array_keys( unserialize( $user->roles ) );src\Admin\Reports\class-dlm-reports.php:525

Bundled Libraries

Select2

SQL Query Safety

83% prepared212 total queries

Output Escaping

85% escaped1399 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

25 flows11 with unsanitized paths

add_dlm_uploads_filter (src\Admin\class-dlm-media-library.php:212)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Download Monitor Attack Surface

Entry Points59

Unprotected1

AJAX Handlers 43

authwp_ajax_download-monitor_beta_test_notice_dismissincludes\admin\class-dlm-beta-testers.php:47

authwp_ajax_download-monitor_reviewincludes\admin\class-dlm-review.php:35

authwp_ajax_dlm_uninstall_pluginincludes\admin\uninstall\class-dlm-uninstall.php:28

authwp_ajax_wpml_actionincludes\bootstrap.php:43

authwp_ajax_dlm_db_log_entriessrc\Admin\class-dlm-db-upgrader.php:107

authwp_ajax_dlm_upgrade_dbsrc\Admin\class-dlm-db-upgrader.php:108

authwp_ajax_dlm_alter_download_logsrc\Admin\class-dlm-db-upgrader.php:109

authwp_ajax_dlm_upgrade_db_clear_offsetsrc\Admin\class-dlm-db-upgrader.php:110

authwp_ajax_dlm_protect_filesrc\Admin\class-dlm-media-library.php:56

authwp_ajax_dlm_unprotect_filesrc\Admin\class-dlm-media-library.php:57

authwp_ajax_dlm_download_duplicator_duplicatesrc\Admin\CustomActions.php:20

authwp_ajax_dlm_update_downloads_pathsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:45

authwp_ajax_dlm_enable_download_pathsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:46

authwp_ajax_dlm_extensionsrc\Admin\Extensions.php:104

authwp_ajax_dlm_master_licensesrc\Admin\Extensions.php:105

authwp_ajax_dlm_upload_filesrc\Admin\WritePanels.php:30

authwp_ajax_download_monitor_remove_filesrc\AjaxHandler.php:18

authwp_ajax_download_monitor_add_filesrc\AjaxHandler.php:19

authwp_ajax_download_monitor_list_filessrc\AjaxHandler.php:20

authwp_ajax_download_monitor_insert_panel_uploadsrc\AjaxHandler.php:21

authwp_ajax_dlm_settings_lazy_selectsrc\AjaxHandler.php:22

authwp_ajax_dlm_dismiss_noticesrc\AjaxHandler.php:23

authwp_ajax_dlm_update_file_metasrc\AjaxHandler.php:24

authwp_ajax_dlm_update_download_categorysrc\AjaxHandler.php:26

authwp_ajax_dlm_enable_shopsrc\AjaxHandler.php:28

authwp_ajax_dlm_upsell_modalsrc\AjaxHandler.php:30

noprivwp_ajax_no_access_dlm_xhr_downloadsrc\class-dlm-modal.php:47

authwp_ajax_no_access_dlm_xhr_downloadsrc\class-dlm-modal.php:48

authwp_ajax_dlm_action_api_keysrc\KeyGeneration\class-dlm-key-generation.php:55

authwp_ajax_dlm_keygen_search_userssrc\KeyGeneration\class-dlm-key-generation.php:56

authwp_ajax_dlm_lu_get_download_queuesrc\LegacyUpgrader\Ajax.php:9

authwp_ajax_dlm_lu_get_content_queuesrc\LegacyUpgrader\Ajax.php:10

authwp_ajax_dlm_lu_upgrade_downloadsrc\LegacyUpgrader\Ajax.php:11

authwp_ajax_dlm_lu_upgrade_contentsrc\LegacyUpgrader\Ajax.php:12

authwp_ajax_dlm_lu_mark_upgrade_donesrc\LegacyUpgrader\Ajax.php:13

authwp_ajax_log_dlm_xhr_downloadsrc\Logs\Logging.php:27

noprivwp_ajax_log_dlm_xhr_downloadsrc\Logs\Logging.php:28

noprivwp_ajax_dlm_members_conditions_modalsrc\MembersLock\classes\class-dlm-members-modal.php:28

authwp_ajax_dlm_members_conditions_modalsrc\MembersLock\classes\class-dlm-members-modal.php:29

authwp_ajax_dlm_login_membersrc\MembersLock\classes\class-dlm-members-modal.php:31

noprivwp_ajax_dlm_login_membersrc\MembersLock\classes\class-dlm-members-modal.php:32

noprivwp_ajax_dlm_terms_conditions_modalsrc\TermsAndConditions\classes\class-dlm-tc-modal.php:29

authwp_ajax_dlm_terms_conditions_modalsrc\TermsAndConditions\classes\class-dlm-tc-modal.php:30

REST API Routes 6

GET/wp-json/download-monitor/v1/reports/graph_datasrc\Admin\Reports\class-dlm-reports-rest-api.php:30

GET/wp-json/download-monitor/v1/reports/table_datasrc\Admin\Reports\class-dlm-reports-rest-api.php:40

GET/wp-json/download-monitor/v1/reports/overview_card_datasrc\Admin\Reports\class-dlm-reports-rest-api.php:50

GET/wp-json/download-monitor/v1/reports/detailed_card_datasrc\Admin\Reports\class-dlm-reports-rest-api.php:60

GET/wp-json/download-monitor/v1/reports/users_download_datasrc\Admin\Reports\class-dlm-reports-rest-api.php:70

GET/wp-json/download-monitor/v1/reports/users_datasrc\Admin\Reports\class-dlm-reports-rest-api.php:80

Shortcodes 10

[dlm_buy] src\Shop\Shortcode\Buy.php:13

[dlm_cart] src\Shop\Shortcode\Cart.php:13

[dlm_checkout] src\Shop\Shortcode\Checkout.php:13

[total_downloads] src\Shortcodes.php:17

[total_files] src\Shortcodes.php:21

[download] src\Shortcodes.php:22

[download_data] src\Shortcodes.php:23

[downloads] src\Shortcodes.php:27

[dlm_no_access] src\Shortcodes.php:30

[dlm_tc_form] src\TermsAndConditions\classes\class-dlm-tc-shortcodes.php:9

WordPress Hooks 242

actionwp_headdownload-monitor.php:48

actioninitincludes\admin\class-dlm-beta-testers.php:32

actionadmin_noticesincludes\admin\class-dlm-beta-testers.php:48

actionadmin_enqueue_scriptsincludes\admin\class-dlm-beta-testers.php:49

actionadmin_print_footer_scriptsincludes\admin\class-dlm-beta-testers.php:50

filterdlm_uninstall_db_optionsincludes\admin\class-dlm-beta-testers.php:51

actioninitincludes\admin\class-dlm-review.php:11

actionadmin_noticesincludes\admin\class-dlm-review.php:34

actionadmin_enqueue_scriptsincludes\admin\class-dlm-review.php:36

actionadmin_print_footer_scriptsincludes\admin\class-dlm-review.php:37

filterdlm_uninstall_db_optionsincludes\admin\class-dlm-review.php:40

actionadmin_menuincludes\admin\class-dlm-upsells.php:50

filterdlm_admin_menu_linksincludes\admin\class-dlm-upsells.php:53

actionadmin_print_footer_scriptsincludes\admin\class-dlm-upsells.php:54

actioninitincludes\admin\class-dlm-upsells.php:60

actionadmin_enqueue_scriptsincludes\admin\class-dlm-upsells.php:65

actiondlm_tab_upsell_content_generalincludes\admin\class-dlm-upsells.php:133

actiondlm_tab_upsell_content_accessincludes\admin\class-dlm-upsells.php:135

actiondlm_tab_upsell_content_loggingincludes\admin\class-dlm-upsells.php:137

actiondlm_tab_upsell_content_email_notificationincludes\admin\class-dlm-upsells.php:139

actiondlm_tab_upsell_content_pagesincludes\admin\class-dlm-upsells.php:141

actiondlm_tab_upsell_content_miscincludes\admin\class-dlm-upsells.php:143

actiondlm_tab_upsell_content_endpointsincludes\admin\class-dlm-upsells.php:145

filterdlm_download_metaboxesincludes\admin\class-dlm-upsells.php:147

filterdlm_settingsincludes\admin\class-dlm-upsells.php:149

actiondlm_reports_page_endincludes\admin\class-dlm-upsells.php:151

actiondlm_tab_upsell_content_pagesincludes\admin\class-dlm-upsells.php:153

filterdlm_remove_upsellsincludes\admin\class-dlm-upsells.php:1001

filterdlm_remove_upsellsincludes\admin\class-dlm-upsells.php:1031

actionadmin_footer-plugins.phpincludes\admin\uninstall\class-dlm-uninstall.php:27

actionadmin_enqueue_scriptsincludes\admin\uninstall\class-dlm-uninstall.php:29

actionadmin_enqueue_scriptsincludes\admin\wpchill\class-wpchill-about-us.php:13

filteradmin_menuincludes\admin\wpchill\class-wpchill-about-us.php:15

actionin_admin_headerincludes\admin\wpchill\class-wpchill-about-us.php:18

actionadmin_enqueue_scriptsincludes\admin\wpchill\class-wpchill-notifications.php:29

actionrest_api_initincludes\admin\wpchill\class-wpchill-rest-api.php:12

filterdlm_shortcode_total_downloadsincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:48

actiondlm_query_argsincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:50

actiondlm_reset_postdataincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:52

filterdlm_add_version_meta_download_countincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:54

filterdlm_add_meta_download_countincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:56

filterdlm_x_sendfileincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:62

filterdlm_allow_x_forwarded_forincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:64

filterdlm_hotlink_protectionincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:66

filterdlm_admin_sort_columnsincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:142

filterdlm_query_args_filterincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:143

filterposts_fieldsincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:148

filterposts_joinincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:149

filterposts_groupbyincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:181

filterposts_orderbyincludes\backwards-compatibility\class-dlm-backwards-compatibility.php:182

actionplugins_loadedincludes\bootstrap.php:40

actionwpmu_new_blogincludes\bootstrap.php:66

actionadmin_initincludes\bootstrap.php:67

filterwpmu_drop_tablesincludes\bootstrap.php:70

actionwp_loadedincludes\bootstrap.php:72

actionadmin_noticesincludes\php-too-low.php:43

actionadmin_footerincludes\submodules\banner\class-wpchill-welcome.php:22

filtermod_rewrite_rulessrc\Admin\Admin.php:26

filterupload_dirsrc\Admin\Admin.php:27

actionadmin_enqueue_scriptssrc\Admin\Admin.php:29

actioninitsrc\Admin\Admin.php:31

actionadmin_noticessrc\Admin\Admin.php:33

actionadmin_menusrc\Admin\Admin.php:36

actionadmin_initsrc\Admin\Admin.php:40

filteradmin_footer_textsrc\Admin\Admin.php:52

actionshutdownsrc\Admin\Admin.php:54

filterpre_update_option_dlm_download_endpointsrc\Admin\Admin.php:63

actionadmin_initsrc\Admin\Admin.php:65

actionadmin_enqueue_scriptssrc\Admin\AdminScripts.php:13

actionelementor/editor/before_enqueue_scriptssrc\Admin\AdminScripts.php:14

actionadmin_footersrc\Admin\AdminScripts.php:15

actionadmin_initsrc\Admin\class-dlm-admin-debug.php:20

actionload-post.phpsrc\Admin\class-dlm-admin-debug.php:23

actionload-post-new.phpsrc\Admin\class-dlm-admin-debug.php:24

filterhidden_meta_boxessrc\Admin\class-dlm-admin-debug.php:27

actionadd_meta_boxessrc\Admin\class-dlm-admin-debug.php:352

filterthe_titlesrc\Admin\class-dlm-admin-list-table.php:744

actionadmin_initsrc\Admin\class-dlm-db-upgrader.php:32

actionadmin_noticessrc\Admin\class-dlm-db-upgrader.php:94

actionadmin_noticessrc\Admin\class-dlm-db-upgrader.php:103

actionadmin_enqueue_scriptssrc\Admin\class-dlm-db-upgrader.php:105

filterwp_prepare_attachment_for_jssrc\Admin\class-dlm-media-library.php:41

filterwp_get_attachment_image_srcsrc\Admin\class-dlm-media-library.php:42

filterfile_is_displayable_imagesrc\Admin\class-dlm-media-library.php:44

filterfallback_intermediate_image_sizessrc\Admin\class-dlm-media-library.php:45

filterajax_query_attachments_argssrc\Admin\class-dlm-media-library.php:47

actionrestrict_manage_postssrc\Admin\class-dlm-media-library.php:49

actionpre_get_postssrc\Admin\class-dlm-media-library.php:51

filterpost_mime_typessrc\Admin\class-dlm-media-library.php:53

filterattachment_fields_to_editsrc\Admin\class-dlm-media-library.php:55

filterwp_prepare_attachment_for_jssrc\Admin\class-dlm-media-library.php:58

filtermanage_upload_columnssrc\Admin\class-dlm-media-library.php:59

actionmanage_media_custom_columnsrc\Admin\class-dlm-media-library.php:60

filterbulk_actions-uploadsrc\Admin\class-dlm-media-library.php:61

filterhandle_bulk_actions-uploadsrc\Admin\class-dlm-media-library.php:62

filteradmin_initsrc\Admin\class-dlm-media-library.php:63

actionnetwork_admin_menusrc\Admin\class-dlm-network-settings.php:45

actionupdate_wpmu_optionssrc\Admin\class-dlm-network-settings.php:46

filterdlm_downloadable_file_version_buttonssrc\Admin\class-dlm-network-settings.php:47

filterdlm_settingssrc\Admin\class-dlm-plugin-status.php:48

actiondlm_tab_section_content_templatessrc\Admin\class-dlm-plugin-status.php:50

filtersite_status_testssrc\Admin\class-dlm-plugin-status.php:52

filtersite_status_test_php_modulessrc\Admin\class-dlm-plugin-status.php:54

filterdlm_show_save_settings_buttonsrc\Admin\class-dlm-plugin-status.php:56

filterrequestsrc\Admin\CustomActions.php:10

actionrestrict_manage_postssrc\Admin\CustomActions.php:12

actiondelete_postsrc\Admin\CustomActions.php:13

actionbulk_edit_custom_boxsrc\Admin\CustomActions.php:16

actionquick_edit_custom_boxsrc\Admin\CustomActions.php:17

actionsave_postsrc\Admin\CustomActions.php:18

actionadmin_noticessrc\Admin\CustomActions.php:24

filterenter_title_heresrc\Admin\CustomLabels.php:9

filterpost_updated_messagessrc\Admin\CustomLabels.php:10

filterdlm_settingssrc\Admin\DownloadPaths\class-dlm-downloads-path.php:76

actiondlm_tab_section_content_download_pathsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:78

actionadmin_initsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:79

filterpre_update_optionsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:80

actionadmin_initsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:81

actionadmin_initsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:82

filterdlm_show_save_settings_buttonsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:84

actioninitsrc\Admin\DownloadPaths\class-dlm-downloads-path.php:97

actiondlm_download_duplicator_download_duplicatedsrc\Admin\Duplicate\DownloadDuplicatorAAM.php:14

filterdlm_admin_menu_linkssrc\Admin\Extensions.php:96

filtersubmenu_filesrc\Admin\Extensions.php:99

actionadmin_initsrc\Admin\Extensions.php:102

filterdlm_add_edit_tabssrc\Admin\Extensions.php:106

actionmedia_upload_downloadable_file_browsersrc\Admin\MediaBrowser.php:18

actionadmin_print_stylessrc\Admin\MediaBrowser.php:43

actionmedia_buttonssrc\Admin\MediaInsert.php:17

actionmedia_upload_add_downloadsrc\Admin\MediaInsert.php:18

actiondlm_options_endsrc\Admin\OptionsUpsells.php:30

actionrest_api_initsrc\Admin\Reports\class-dlm-reports-rest-api.php:20

filterdlm_admin_menu_linkssrc\Admin\Reports\class-dlm-reports.php:22

actionadmin_enqueue_scriptssrc\Admin\Reports\class-dlm-reports.php:23

actionadmin_enqueue_scriptssrc\Admin\Reports\class-dlm-reports.php:24

filterdlm_header_logo_textsrc\Admin\Reports\class-dlm-reports.php:25

actionwp_dashboard_setupsrc\Admin\Reports\class-dlm-reports.php:27

filterdlm_admin_menu_linkssrc\Admin\Settings\Page.php:27

actioncurrent_screensrc\Admin\Settings\Page.php:29

actionin_admin_headersrc\Admin\Settings\Page.php:386

filterdlm_page_headersrc\Admin\Settings\Page.php:388

filterdlm_settingssrc\Admin\Settings\Page.php:390

filterdlm_settingssrc\Admin\Settings\Page.php:392

filterdlm_settings_lazy_select_dlm_page_cartsrc\Admin\Settings\Settings.php:478

filterdlm_settings_lazy_select_dlm_page_checkoutsrc\Admin\Settings\Settings.php:479

filterdlm_settings_lazy_select_dlm_no_access_pagesrc\Admin\Settings\Settings.php:480

actionadd_meta_boxes_dlm_downloadsrc\Admin\WritePanels.php:27

actionsave_postsrc\Admin\WritePanels.php:28

actiondlm_save_meta_boxessrc\Admin\WritePanels.php:29

actioninitsrc\Ajax\Manager.php:10

actiontemplate_redirectsrc\Ajax\Manager.php:11

filtercron_schedulessrc\class-dlm-cron-jobs.php:21

actionadmin_initsrc\class-dlm-cron-jobs.php:22

actionadmin_initsrc\class-dlm-cron-jobs.php:23

actiondlm_weekly_licensesrc\class-dlm-cron-jobs.php:24

filterdlm_template_attributessrc\class-dlm-frontend-templates.php:42

actionwp_print_stylessrc\class-dlm-modal.php:231

actiondlm_monthly_eventsrc\CookieManager.php:37

actionadmin_noticessrc\DLM.php:132

filterpll_home_url_white_listsrc\DLM.php:264

filterwp_get_attachment_urlsrc\DLM.php:267

actioninitsrc\DLM.php:311

actionafter_setup_themesrc\DLM.php:312

actionthe_postsrc\DLM.php:313

actionwp_enqueue_scriptssrc\DLM.php:314

filterpost_type_linksrc\DLM.php:317

actionwpsrc\DLM.php:323

filterwpml_get_home_urlsrc\DLM.php:469

filterquery_varssrc\DownloadHandler.php:48

actioninitsrc\DownloadHandler.php:49

actionparse_requestsrc\DownloadHandler.php:50

filterdlm_can_downloadsrc\DownloadHandler.php:51

filterquery_varssrc\DownloadNoAccessPageEndpoint.php:26

actioninitsrc\DownloadNoAccessPageEndpoint.php:27

actiontemplate_redirectsrc\DownloadPreview\Preview.php:13

actioninitsrc\Gutenberg.php:13

filterdlm_admin_dashboard_popular_downloads_filterssrc\Integrations\PostTypesOrder.php:9

filterwpseo_sitemap_exclude_taxonomysrc\Integrations\YoastSEO.php:9

actionadmin_initsrc\KeyGeneration\admin\class-dlm-api-keys-table.php:39

filterdlm_settingssrc\KeyGeneration\class-dlm-key-generation.php:53

actionadmin_noticessrc\LegacyUpgrader\Message.php:37

actionadmin_menusrc\LegacyUpgrader\Page.php:9

filterdlm_log_itemsrc\Logs\LogFilters.php:9

filterdlm_log_itemsrc\Logs\LogFilters.php:10

filterdlm_log_entriessrc\Logs\Logging.php:29

filterdlm_log_valuessrc\Logs\Logging.php:30

filterdlm_can_downloadsrc\MembersLock\classes\class-dlm-members-access-manager.php:20

actionwp_enqueue_scriptssrc\MembersLock\classes\class-dlm-members-modal.php:27

actionrest_api_initsrc\PostTypeManager.php:18

actioninitsrc\PostTypeManager.php:20

actioncurrent_screensrc\PostTypeManager.php:22

actionbefore_delete_postsrc\PostTypeManager.php:24

filterwp_list_table_class_namesrc\PostTypeManager.php:27

filteruse_block_editor_for_post_typesrc\PostTypeManager.php:214

actionadmin_noticessrc\Product\ProductErrorHandler.php:45

actionshutdownsrc\Product\ProductErrorHandler.php:46

actionafter_plugin_row_download-monitor/download-monitor.phpsrc\Product\ProductManager.php:33

actionadmin_initsrc\Product\ProductManager.php:118

filterblock_local_requestssrc\Product\ProductManager.php:134

actionrest_api_initsrc\RestAPI\class-dlm-rest-api.php:64

filterposts_orderbysrc\RestAPI\class-dlm-rest-api.php:65

filterpost_type_linksrc\Search.php:20

filterdlm_can_downloadsrc\Shop\Access\Manager.php:14

actiondlm_options_endsrc\Shop\Admin\DownloadOption.php:15

filterdlm_shop_admin_menu_linkssrc\Shop\Admin\Pages\Orders.php:14

filterthe_titlesrc\Shop\Admin\ProductTableColumns.php:17

filterlist_table_primary_columnsrc\Shop\Admin\ProductTableColumns.php:18

actionadmin_menusrc\Shop\Admin\ShopAdminHelper.php:18

actionadd_meta_boxessrc\Shop\Admin\WritePanels.php:15

actionsave_postsrc\Shop\Admin\WritePanels.php:16

actiondlm_product_savesrc\Shop\Admin\WritePanels.php:17

actioninitsrc\Shop\Ajax\Manager.php:13

actiontemplate_redirectsrc\Shop\Ajax\Manager.php:14

actioninitsrc\Shop\bootstrap.php:113

actioninitsrc\Shop\Cart\Hooks.php:13

actioninitsrc\Shop\Cart\Hooks.php:14

actiontemplate_redirectsrc\Shop\Cart\Hooks.php:16

filterwp_mail_content_typesrc\Shop\Email\Message.php:55

actionphpmailer_initsrc\Shop\Email\Message.php:58

actiondlm_frontend_scripts_aftersrc\Shop\Util\Assets.php:14

actiondlm_admin_scripts_aftersrc\Shop\Util\Assets.php:15

actiondlm_after_post_type_registersrc\Shop\Util\PostType.php:12

actionadmin_menusrc\Shop\Util\PostType.php:75

filterthe_contentsrc\Shop\Util\TemplateInjector.php:13

filterthe_contentsrc\Shop\Util\TemplateInjector.php:69

actioninitsrc\TaxonomyManager.php:13

filterdlm_can_downloadsrc\TermsAndConditions\classes\class-dlm-tc-access-manager.php:13

filterdlm_download_is_lockedsrc\TermsAndConditions\classes\class-dlm-tc-access-manager.php:14

filterdlm_admin_sort_columnssrc\TermsAndConditions\classes\class-dlm-tc-access-manager.php:15

filterdlm_tc_cookie_accesssrc\TermsAndConditions\classes\class-dlm-tc-backwards-compatibility.php:20

actiondlm_options_endsrc\TermsAndConditions\classes\class-dlm-tc-download-option.php:15

actiondlm_save_metaboxsrc\TermsAndConditions\classes\class-dlm-tc-download-option.php:18

filterdlm_log_itemsrc\TermsAndConditions\classes\class-dlm-tc-log-manager.php:21

filterdlm_xhr_download_headerssrc\TermsAndConditions\classes\class-dlm-tc-log-manager.php:22

actionwp_enqueue_scriptssrc\TermsAndConditions\classes\class-dlm-tc-modal.php:28

filterdlm_settingssrc\TermsAndConditions\classes\class-dlm-tc-options.php:14

filterdlm_settings_lazy_select_dlm_tc_content_pagesrc\TermsAndConditions\classes\class-dlm-tc-options.php:15

filterdlm_page_addon_download_buttonsrc\TermsAndConditions\classes\class-dlm-tc-page-addon.php:13

actiondlm_no_access_after_messagesrc\TermsAndConditions\dlm-integrated-terms-and-conditions.php:39

actiondlm_no_access_after_messagesrc\TermsAndConditions\dlm-integrated-terms-and-conditions.php:41

actionwp_loadedsrc\UpgradeManager.php:13

actionwidgets_initsrc\Widgets\Manager.php:13

Scheduled Events 2

dlm_weekly_license

dlm_monthly_event

Maintenance & Trust

Download Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.4

Downloads6.6M

Community Trust

Rating90/100

Number of ratings516

Active installs90K

Alternatives

Download Monitor Alternatives

Download Manager

download-manager

This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.

100K 74 CVEs

Download Monitor – Migrate download counts

download-monitor-migrate-download-counts

100

Migrate DLM download counts.

70 No CVEs

Comdev Downloads

comdev-downloads

Comdev Downloads is a powerful plugin for uploading, managing, and tracking download packages, as well as displaying download links.

0 No CVEs

Download Manager Addons for Elementor

wpdm-elementor

Download Manager Addons for Elementor

7K 1 CVE

Download Monitor – CORS

download-monitor-cors

100

Download Monitor is a plugin for selling, uploading and managing downloads, tracking downloads and displaying links.

100 No CVEs

Developer Profile

Download Monitor Developer Profile

WP Chill

29 plugins · 440K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

608 days

View full developer profile

Detection Fingerprints

How We Detect Download Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/download-monitor/assets/css/frontend.css/wp-content/plugins/download-monitor/assets/js/frontend.js

Script Paths

/wp-content/plugins/download-monitor/assets/js/frontend.js

Version Parameters

download-monitor/assets/css/frontend.css?ver=download-monitor/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

dlm-downloaddlm-downloadsdlm-download-linkdlm-file-linkdlm-file-namedlm-download-count

HTML Comments

Data Attributes

data-dlm-iddata-dlm-noncedata-dlm-target

JS Globals

dlm_frontend

REST Endpoints

/wp-json/download-monitor/v1/downloads/

Shortcode Output

[downloads][download-details][download id="[download_link]

FAQ

Download Monitor Security & Risk Analysis

Is Download Monitor Safe to Use in 2026?

Generally Safe

Key Concerns

Download Monitor Security Vulnerabilities

CVEs by Year

Severity Breakdown

Download Monitor Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Download Monitor Attack Surface

AJAX Handlers 43

REST API Routes 6

Shortcodes 10

Scheduled Events 2

Download Monitor Maintenance & Trust

Maintenance Signals

Community Trust

Download Monitor Alternatives

Download Manager

Download Monitor – Migrate download counts

Comdev Downloads

Download Manager Addons for Elementor

Download Monitor – CORS

Download Monitor Developer Profile

How We Detect Download Monitor

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Download Monitor