Does Drive Downloads Lite have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Drive Downloads Lite compatible with WordPress 6.9.4?

According to WordPress.org data, Drive Downloads Lite 2.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Drive Downloads Lite compatible with PHP 7.4+?

Drive Downloads Lite requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Drive Downloads Lite updated?

Drive Downloads Lite was last updated on Dec 15, 2025. Frequent updates are generally a positive security signal.

What is Drive Downloads Lite's security score?

Drive Downloads Lite has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Drive Downloads Lite Security & Risk Analysis

wordpress.org/plugins/drive-downloads-lite

Connect WooCommerce downloads to Google Drive and insert shared folders or files as download URLs directly from the product editor.

0 active installs v2.0.1 PHP 7.4+ WP 5.8+ Updated Dec 15, 2025

cloud-download-linksexternal-file-downloadsgoogle-drive-downloadsgoogle-drive-woocommercewoocommerce-digital-products

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Drive Downloads Lite Safe to Use in 2026?

Generally Safe

Score 100/100

Drive Downloads Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The drive-downloads-lite plugin, version 2.0.1, exhibits a mixed security posture. On the positive side, the plugin demonstrates excellent practices regarding database interactions, exclusively using prepared statements for SQL queries and ensuring all output is properly escaped. It also shows a clean vulnerability history with no known CVEs, suggesting a generally well-maintained codebase.

However, significant security concerns arise from its attack surface. The presence of three AJAX handlers, all lacking authentication checks, presents a direct and serious risk. While no dangerous functions or raw SQL queries were detected, and file operations are absent, the taint analysis revealed two flows with unsanitized paths. This, combined with the unprotected AJAX endpoints, could potentially lead to path traversal or other file-related vulnerabilities if an attacker can manipulate the unsanitized paths through these AJAX calls.

In conclusion, while the plugin's adherence to secure coding practices for SQL and output is commendable and its lack of historical vulnerabilities is a strong positive, the unprotected AJAX endpoints and unsanitized path flows are critical weaknesses that demand immediate attention. These unauthenticated entry points could be exploited to compromise the system.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths

Vulnerabilities

None known

Drive Downloads Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Drive Downloads Lite Release Timeline

v2.0.1Current

Code Analysis

Analyzed Apr 16, 2026

Drive Downloads Lite Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

136 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped136 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

save_settings (drive-downloads-lite.php:509)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Drive Downloads Lite Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_drivdoli_get_connection_statusdrive-downloads-lite.php:123

authwp_ajax_drivdoli_disconnectdrive-downloads-lite.php:124

authwp_ajax_drivdoli_get_picker_configdrive-downloads-lite.php:125

WordPress Hooks 9

actionadmin_menudrive-downloads-lite.php:117

actionadmin_initdrive-downloads-lite.php:118

actionadmin_enqueue_scriptsdrive-downloads-lite.php:119

actionadmin_post_drivdoli_oauth_callbackdrive-downloads-lite.php:121

filterwoocommerce_product_data_tabsdrive-downloads-lite.php:128

actionwoocommerce_product_data_panelsdrive-downloads-lite.php:129

actionwoocommerce_admin_process_product_objectdrive-downloads-lite.php:130

actionadmin_noticesdrive-downloads-lite.php:132

actionplugins_loadeddrive-downloads-lite.php:554

Maintenance & Trust

Drive Downloads Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 15, 2025

PHP min version7.4

Downloads179

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Drive Downloads Lite Alternatives

No alternatives data available yet.

Developer Profile

Drive Downloads Lite Developer Profile

Drive Downloads Pro

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Drive Downloads Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/drive-downloads-lite/assets/css/ddp-lite-admin.css/wp-content/plugins/drive-downloads-lite/assets/js/ddp-lite-admin.js

Script Paths

/wp-content/plugins/drive-downloads-lite/assets/js/ddp-lite-admin.js

Version Parameters

drive-downloads-lite/assets/css/ddp-lite-admin.css?ver=drive-downloads-lite/assets/js/ddp-lite-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

drivdoli-product-picker-wrapper

Data Attributes

data-product-id

JS Globals

ddll_admin

REST Endpoints

/wp-json/drive-downloads-lite/v1/connection-status/wp-json/drive-downloads-lite/v1/disconnect/wp-json/drive-downloads-lite/v1/picker-config

FAQ