[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsE8-Csz_Vm8SM5T0egvDo_jv15UVB4FtkfXNfkyaZ6A":3,"$fRYOeja-2GXBVMQNae3HYX1JsDNuFwLTwFZYelpY5BT0":206,"$f0m0u-2zgeVr-QCyffuzrhn9OSgMLzVWY2sZ_ah_v2Cc":210},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":183},"drive-downloads-lite","Drive Downloads Lite","2.0.1","Drive Downloads Pro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrivedownloads\u002F","\u003Cp>Drive Downloads Lite connects WooCommerce with Google Drive so you can turn your Drive files and folders into product downloads in just a few clicks.\u003C\u002Fp>\n\u003Cp>Instead of copying and pasting long sharing URLs, you get a clear \u003Cstrong>“Choose from Google Drive”\u003C\u002Fstrong> button inside the WooCommerce product editor. You pick a folder or file with the official Google picker and the plugin automatically fills the WooCommerce \u003Cstrong>“File URL”\u003C\u002Fstrong> field for you.\u003C\u002Fp>\n\u003Cp>The Lite version is designed to be \u003Cstrong>simple, safe and fast\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses your \u003Cstrong>own\u003C\u002Fstrong> Google Cloud project and OAuth credentials.\u003C\u002Fli>\n\u003Cli>Works with folders\u002Ffiles that you already share (for example “Anyone with the link can view”).\u003C\u002Fli>\n\u003Cli>Does \u003Cstrong>not\u003C\u002Fstrong> change sharing permissions or file contents in Google Drive.\u003C\u002Fli>\n\u003Cli>Does \u003Cstrong>not\u003C\u002Fstrong> grant or revoke access per order – it only helps you link existing Drive content to products.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You stay in full control of your Drive. The plugin simply saves time and reduces mistakes when turning those Drive links into WooCommerce downloads.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main benefits\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Faster product setup\u003C\u002Fstrong> – visually pick Drive items instead of copying and pasting URLs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fewer broken links\u003C\u002Fstrong> – URLs come directly from the Google Drive picker.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean admin UI\u003C\u002Fstrong> that matches the Pro edition, so upgrading later is seamless.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – no extra database tables, no front-end scripts; everything runs in the WooCommerce admin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Typical use cases\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple digital products (PDFs, ZIPs, templates, audio, video, etc.).\u003C\u002Fli>\n\u003Cli>Shared resource libraries where all customers access the same Drive folder.\u003C\u002Fli>\n\u003Cli>Stores that already manage visibility in Google Drive and only need a better way to connect files to WooCommerce products.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Lite vs Pro\u003C\u002Fh4>\n\u003Cp>Drive Downloads Lite focuses on quick, public (or already-shared) download links.\u003Cbr \u002F>\nDrive Downloads Pro adds full \u003Cstrong>access control\u003C\u002Fstrong> on top of the same integration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What you get in Lite (this plugin)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Connect WooCommerce to Google Drive using OAuth.\u003C\u002Fli>\n\u003Cli>Google Drive picker inside the product editor.\u003C\u002Fli>\n\u003Cli>“Choose from Google Drive” button next to the WooCommerce download fields.\u003C\u002Fli>\n\u003Cli>Automatic insertion of the selected folder\u002Ffile URL into “File URL”.\u003C\u002Fli>\n\u003Cli>Optional default download name per product or globally.\u003C\u002Fli>\n\u003Cli>No changes to Google Drive permissions – you manage those directly in Drive.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What you get in Drive Downloads Pro (paid upgrade)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic access per order: grant access in Google Drive when the order is completed.\u003C\u002Fli>\n\u003Cli>Automatic revoke: remove access when an order is cancelled, refunded or trashed.\u003C\u002Fli>\n\u003Cli>Private, email-based access (buyer-only folders\u002Ffiles – no public links).\u003C\u002Fli>\n\u003Cli>Multiple access types (customer only, public link, Gmail-only, etc.).\u003C\u002Fli>\n\u003Cli>Permission levels (view, comment, edit) and extra security options\u003Cbr \u002F>\n(block download\u002Fcopy for viewers, prevent editors from re-sharing, and more).\u003C\u002Fli>\n\u003Cli>Activity logs and WooCommerce order notes for access changes.\u003C\u002Fli>\n\u003Cli>Priority support, ongoing updates and new features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Start with the free Lite version to validate your workflow and upgrade to Pro at any time to add automated, private access control:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdrivedownloadspro.com\u002Fplugins\u002Fdrive-downloads-pro\u002F\" rel=\"nofollow ugc\">Drive Downloads Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects your WooCommerce store with \u003Cstrong>Google Drive\u003C\u002Fstrong> using your own app in \u003Cstrong>Google Cloud Console\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You will need to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create a Google Cloud project.\u003C\u002Fli>\n\u003Cli>Create OAuth 2.0 credentials (Client ID and Client Secret).\u003C\u002Fli>\n\u003Cli>Create an API key for the Google Picker.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These are configured on the plugin settings page, following the documentation provided here:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdrivedownloadspro.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Through your own Google app, the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lets you sign in with your Google account (OAuth) to link your Drive.\u003C\u002Fli>\n\u003Cli>Shows the Google Drive picker so you can choose folders or files.\u003C\u002Fli>\n\u003Cli>Reads basic information about your Drive user (name, email address and profile photo link).\u003C\u002Fli>\n\u003Cli>Reads metadata for the selected Drive items (IDs, names, URLs, mime types, etc.) so it can insert the correct URL into the WooCommerce download field and show the connection status in the admin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin does \u003Cstrong>not\u003C\u002Fstrong> upload your files to other servers and does \u003Cstrong>not\u003C\u002Fstrong> send data to any third party other than Google’s APIs used for this purpose.\u003Cbr \u002F>\nThe Lite version does \u003Cstrong>not\u003C\u002Fstrong> change your Google Drive sharing settings or file contents; it only reads the information needed to build download URLs and display the connection in your dashboard.\u003C\u002Fp>\n\u003Cp>Please review Google’s own terms and privacy information here:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\" rel=\"nofollow ugc\">Google APIs Terms of Service\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Google Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Connect WooCommerce downloads to Google Drive and insert shared folders or files as download URLs directly from the product editor.",0,179,"2025-12-15T01:45:00.000Z","6.9.4","5.8","7.4",[18,19,20,21,22],"cloud-download-links","external-file-downloads","google-drive-downloads","google-drive-woocommerce","woocommerce-digital-products","https:\u002F\u002Fdrivedownloadspro.com\u002Fplugins\u002Fdrive-downloads-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdrive-downloads-lite.2.0.1.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"drivedownloads",1,30,94,"2026-05-19T21:19:31.167Z",[],{"attackSurface":38,"codeSignals":99,"taintFlows":110,"riskAssessment":173,"analyzedAt":182},{"hooks":39,"ajaxHandlers":81,"restRoutes":95,"shortcodes":96,"cronEvents":97,"entryPointCount":98,"unprotectedCount":98},[40,46,50,54,58,64,68,72,76],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_menu","add_admin_menu","drive-downloads-lite.php",117,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_init","register_settings",118,{"type":41,"name":51,"callback":52,"file":44,"line":53},"admin_enqueue_scripts","enqueue_admin_assets",119,{"type":41,"name":55,"callback":56,"file":44,"line":57},"admin_post_drivdoli_oauth_callback","handle_oauth_callback",121,{"type":59,"name":60,"callback":61,"priority":62,"file":44,"line":63},"filter","woocommerce_product_data_tabs","add_product_data_tab",20,128,{"type":41,"name":65,"callback":66,"file":44,"line":67},"woocommerce_product_data_panels","render_product_picker_panel",129,{"type":41,"name":69,"callback":70,"file":44,"line":71},"woocommerce_admin_process_product_object","save_product_picker_options",130,{"type":41,"name":73,"callback":74,"file":44,"line":75},"admin_notices","woocommerce_missing_notice",132,{"type":41,"name":77,"callback":78,"priority":79,"file":44,"line":80},"plugins_loaded","closure",11,554,[82,87,91],{"action":83,"nopriv":84,"callback":85,"hasNonce":84,"hasCapCheck":84,"file":44,"line":86},"drivdoli_get_connection_status",false,"ajax_get_connection_status",123,{"action":88,"nopriv":84,"callback":89,"hasNonce":84,"hasCapCheck":84,"file":44,"line":90},"drivdoli_disconnect","ajax_disconnect",124,{"action":92,"nopriv":84,"callback":93,"hasNonce":84,"hasCapCheck":84,"file":44,"line":94},"drivdoli_get_picker_config","ajax_get_picker_config",125,[],[],[],3,{"dangerousFunctions":100,"sqlUsage":101,"outputEscaping":103,"fileOperations":11,"externalRequests":106,"nonceChecks":107,"capabilityChecks":108,"bundledLibraries":109},[],{"prepared":11,"raw":11,"locations":102},[],{"escaped":104,"rawEcho":11,"locations":105},136,[],4,6,7,[],[111,130,138,155],{"entryPoint":112,"graph":113,"unsanitizedCount":11,"severity":129},"save_settings (drive-downloads-lite.php:509)",{"nodes":114,"edges":126},[115,120],{"id":116,"type":117,"label":118,"file":44,"line":119},"n0","source","$_POST (x4)",521,{"id":121,"type":122,"label":123,"file":44,"line":124,"wp_function":125},"n1","sink","update_option() [Settings Manipulation]",522,"update_option",[127],{"from":116,"to":121,"sanitized":128},true,"low",{"entryPoint":131,"graph":132,"unsanitizedCount":11,"severity":129},"\u003Cdrive-downloads-lite> (drive-downloads-lite.php:0)",{"nodes":133,"edges":136},[134,135],{"id":116,"type":117,"label":118,"file":44,"line":119},{"id":121,"type":122,"label":123,"file":44,"line":124,"wp_function":125},[137],{"from":116,"to":121,"sanitized":128},{"entryPoint":139,"graph":140,"unsanitizedCount":32,"severity":129},"handle_oauth_callback (includes\u002Ftrait-ddl-lite-apis.php:219)",{"nodes":141,"edges":152},[142,146,149],{"id":116,"type":117,"label":143,"file":144,"line":145},"$_GET","includes\u002Ftrait-ddl-lite-apis.php",269,{"id":121,"type":147,"label":148,"file":144,"line":145},"transform","→ save_tokens()",{"id":150,"type":122,"label":123,"file":144,"line":151,"wp_function":125},"n2",369,[153,154],{"from":116,"to":121,"sanitized":84},{"from":121,"to":150,"sanitized":84},{"entryPoint":156,"graph":157,"unsanitizedCount":32,"severity":129},"\u003Ctrait-ddl-lite-apis> (includes\u002Ftrait-ddl-lite-apis.php:0)",{"nodes":158,"edges":169},[159,162,164,165,167],{"id":116,"type":117,"label":160,"file":144,"line":161},"$_GET (x2)",241,{"id":121,"type":122,"label":123,"file":144,"line":163,"wp_function":125},361,{"id":150,"type":117,"label":143,"file":144,"line":145},{"id":166,"type":147,"label":148,"file":144,"line":145},"n3",{"id":168,"type":122,"label":123,"file":144,"line":151,"wp_function":125},"n4",[170,171,172],{"from":116,"to":121,"sanitized":128},{"from":150,"to":166,"sanitized":84},{"from":166,"to":168,"sanitized":84},{"summary":174,"deductions":175},"The drive-downloads-lite plugin, version 2.0.1, exhibits a mixed security posture. On the positive side, the plugin demonstrates excellent practices regarding database interactions, exclusively using prepared statements for SQL queries and ensuring all output is properly escaped. It also shows a clean vulnerability history with no known CVEs, suggesting a generally well-maintained codebase.\n\nHowever, significant security concerns arise from its attack surface. The presence of three AJAX handlers, all lacking authentication checks, presents a direct and serious risk. While no dangerous functions or raw SQL queries were detected, and file operations are absent, the taint analysis revealed two flows with unsanitized paths. This, combined with the unprotected AJAX endpoints, could potentially lead to path traversal or other file-related vulnerabilities if an attacker can manipulate the unsanitized paths through these AJAX calls.\n\nIn conclusion, while the plugin's adherence to secure coding practices for SQL and output is commendable and its lack of historical vulnerabilities is a strong positive, the unprotected AJAX endpoints and unsanitized path flows are critical weaknesses that demand immediate attention. These unauthenticated entry points could be exploited to compromise the system.",[176,179],{"reason":177,"points":178},"Unprotected AJAX handlers",15,{"reason":180,"points":181},"Flows with unsanitized paths",10,"2026-04-16T13:35:02.500Z",{"wat":184,"direct":193},{"assetPaths":185,"generatorPatterns":188,"scriptPaths":189,"versionParams":190},[186,187],"\u002Fwp-content\u002Fplugins\u002Fdrive-downloads-lite\u002Fassets\u002Fcss\u002Fddp-lite-admin.css","\u002Fwp-content\u002Fplugins\u002Fdrive-downloads-lite\u002Fassets\u002Fjs\u002Fddp-lite-admin.js",[],[187],[191,192],"drive-downloads-lite\u002Fassets\u002Fcss\u002Fddp-lite-admin.css?ver=","drive-downloads-lite\u002Fassets\u002Fjs\u002Fddp-lite-admin.js?ver=",{"cssClasses":194,"htmlComments":196,"htmlAttributes":197,"restEndpoints":199,"jsGlobals":203,"shortcodeOutput":205},[195],"drivdoli-product-picker-wrapper",[],[198],"data-product-id",[200,201,202],"\u002Fwp-json\u002Fdrive-downloads-lite\u002Fv1\u002Fconnection-status","\u002Fwp-json\u002Fdrive-downloads-lite\u002Fv1\u002Fdisconnect","\u002Fwp-json\u002Fdrive-downloads-lite\u002Fv1\u002Fpicker-config",[204],"ddll_admin",[],{"error":128,"url":207,"statusCode":208,"statusMessage":209,"message":209},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdrive-downloads-lite\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":32,"versions":211},[212],{"version":6,"download_url":24,"svn_tag_url":213,"released_at":26,"has_diff":84,"diff_files_changed":214,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":215,"is_current":128},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdrive-downloads-lite\u002Ftags\u002F2.0.1\u002F",[],[]]