WP-Safety

Easy Digital Downloads payment plugin – Novalnet AG Security & Risk Analysis

wordpress.org/plugins/easy-digital-downloads-payment-gateway-by-novalnet

Novalnet payment plugin provides all popular online payment methods for your Easy Digital Downloads webshop.

20 active installs v2.4.0 PHP + WP 5.0+ Updated Feb 17, 2026
credit-cardsdirect-debitnovalnetpayment-gateway-integration-for-wordpresstags-novalnet-payment-gateway
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Easy Digital Downloads payment plugin – Novalnet AG Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Digital Downloads payment plugin – Novalnet AG has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "easy-digital-downloads-payment-gateway-by-novalnet" plugin v2.4.0 exhibits a mixed security posture, with some strong points but also significant areas of concern. On the positive side, the plugin demonstrates good practices in SQL query preparation and output escaping, with a very high percentage of queries using prepared statements and almost all outputs being properly escaped. The absence of known vulnerabilities in its history is also a positive indicator of past development focus on security.

However, the static analysis reveals critical weaknesses. The presence of a single unprotected AJAX handler represents a significant attack surface that could be exploited without proper authentication. Furthermore, the taint analysis indicates four high-severity flows with unsanitized paths, suggesting potential vulnerabilities where user-controlled data could be manipulated or lead to unintended code execution. The use of the `unserialize` function, while not explicitly flagged as a vulnerability in the taint analysis, is a known risky function that often requires careful sanitization of its input, especially when dealing with data from external sources. The complete lack of nonce checks on the identified AJAX entry point is a direct contributing factor to its insecurity.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized taint flows
  • Dangerous function: unserialize used
  • Missing nonce checks on AJAX
Vulnerabilities
None known

Easy Digital Downloads payment plugin – Novalnet AG Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Easy Digital Downloads payment plugin – Novalnet AG Release Timeline

v2.3.0
v2.2.0
v2.1.1
v2.1.0
v2.0.1
v2.0.0
v1.2.0
v1.1.3
v1.1.2
v1.1.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Easy Digital Downloads payment plugin – Novalnet AG Code Analysis

Dangerous Functions
3
Raw SQL Queries
4
44 prepared
Unescaped Output
2
170 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$billing_details = isset($customer_details['_edd_user_address']) ? unserialize($customer_details['_eincludes\class-novalnet-subscriptions.php:136
unserialize$billing_details = ( isset( $user_data['_edd_user_address'] ) && !empty( $user_data['_edd_user_addreincludes\gateways\class-novalnet-cc.php:57
unserialize$billing_details = isset($user_data['_edd_user_address']) ? unserialize($user_data['_edd_user_addresincludes\novalnet-functions.php:1870

SQL Query Safety

92% prepared48 total queries

Output Escaping

99% escaped172 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
novalnet_callback_api_process (includes\api\class-novalnet-callback-api.php:34)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Easy Digital Downloads payment plugin – Novalnet AG Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_get_novalnet_apiconfigincludes\admin\class-novalnet-global-config.php:43
WordPress Hooks 106
actionplugins_loadedclass-novalnet.php:56
actionadmin_noticesclass-novalnet.php:58
actioninitclass-novalnet.php:66
actionupdate_option_novalnet_settingsincludes\admin\class-novalnet-global-config.php:35
actionadmin_enqueue_scriptsincludes\admin\class-novalnet-global-config.php:38
filteredd_settings_sections_gatewaysincludes\admin\class-novalnet-global-config.php:40
filteredd_settings_gatewaysincludes\admin\class-novalnet-global-config.php:41
actionedd_subscription_card_topincludes\admin\class-novalnet-global-config.php:42
filterscript_loader_tagincludes\admin\class-novalnet-global-config.php:71
actionedd_recurring_post_create_payment_profilesincludes\class-novalnet-subscriptions.php:48
actionedd_cancel_subscriptionincludes\class-novalnet-subscriptions.php:51
filteredd_subscription_can_cancelincludes\class-novalnet-subscriptions.php:54
filteredd_subscription_can_updateincludes\class-novalnet-subscriptions.php:57
actionedd_recurring_update_payment_formincludes\class-novalnet-subscriptions.php:58
actionedd_recurring_update_subscription_payment_methodincludes\class-novalnet-subscriptions.php:59
filteredd_subscription_cancel_urlincludes\class-novalnet-subscriptions.php:62
actionwp_enqueue_scriptsincludes\class-novalnet-subscriptions.php:65
actionadmin_enqueue_scriptsincludes\class-novalnet-subscriptions.php:66
actionadmin_noticesincludes\class-novalnet-subscriptions.php:69
filteredd_purchase_form_required_fieldsincludes\class-novalnet-subscriptions.php:139
filterscript_loader_tagincludes\class-novalnet-subscriptions.php:277
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-cc.php:35
filteredd_payment_gatewaysincludes\gateways\class-novalnet-cc.php:36
actionedd_novalnet_cc_cc_formincludes\gateways\class-novalnet-cc.php:37
actionedd_gateway_novalnet_ccincludes\gateways\class-novalnet-cc.php:38
actionwp_enqueue_scriptsincludes\gateways\class-novalnet-cc.php:40
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-cc.php:42
filteredd_settings_gatewaysincludes\gateways\class-novalnet-cc.php:43
filterscript_loader_tagincludes\gateways\class-novalnet-cc.php:77
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-eps.php:35
filteredd_payment_gatewaysincludes\gateways\class-novalnet-eps.php:36
actionedd_gateway_novalnet_epsincludes\gateways\class-novalnet-eps.php:37
actionedd_novalnet_eps_cc_formincludes\gateways\class-novalnet-eps.php:38
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-eps.php:40
filteredd_settings_gatewaysincludes\gateways\class-novalnet-eps.php:41
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-ideal.php:35
filteredd_payment_gatewaysincludes\gateways\class-novalnet-ideal.php:36
actionedd_novalnet_ideal_cc_formincludes\gateways\class-novalnet-ideal.php:37
actionedd_gateway_novalnet_idealincludes\gateways\class-novalnet-ideal.php:38
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-ideal.php:40
filteredd_settings_gatewaysincludes\gateways\class-novalnet-ideal.php:41
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-invoice.php:35
filteredd_payment_gatewaysincludes\gateways\class-novalnet-invoice.php:36
actionedd_novalnet_invoice_cc_formincludes\gateways\class-novalnet-invoice.php:37
actionedd_gateway_novalnet_invoiceincludes\gateways\class-novalnet-invoice.php:38
actionwp_enqueue_scriptsincludes\gateways\class-novalnet-invoice.php:40
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-invoice.php:42
filteredd_settings_gatewaysincludes\gateways\class-novalnet-invoice.php:43
filterscript_loader_tagincludes\gateways\class-novalnet-invoice.php:59
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-onlinebanktransfer.php:36
filteredd_payment_gatewaysincludes\gateways\class-novalnet-onlinebanktransfer.php:37
actionedd_novalnet_onlinebanktransfer_cc_formincludes\gateways\class-novalnet-onlinebanktransfer.php:38
actionedd_gateway_novalnet_onlinebanktransferincludes\gateways\class-novalnet-onlinebanktransfer.php:39
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-onlinebanktransfer.php:41
filteredd_settings_gatewaysincludes\gateways\class-novalnet-onlinebanktransfer.php:42
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-paypal.php:35
filteredd_payment_gatewaysincludes\gateways\class-novalnet-paypal.php:36
actionedd_novalnet_paypal_cc_formincludes\gateways\class-novalnet-paypal.php:37
actionedd_gateway_novalnet_paypalincludes\gateways\class-novalnet-paypal.php:38
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-paypal.php:40
filteredd_settings_gatewaysincludes\gateways\class-novalnet-paypal.php:41
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-prepayment.php:34
filteredd_payment_gatewaysincludes\gateways\class-novalnet-prepayment.php:35
actionedd_novalnet_prepayment_cc_formincludes\gateways\class-novalnet-prepayment.php:36
actionedd_gateway_novalnet_prepaymentincludes\gateways\class-novalnet-prepayment.php:37
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-prepayment.php:39
filteredd_settings_gatewaysincludes\gateways\class-novalnet-prepayment.php:40
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-przelewy24.php:35
filteredd_payment_gatewaysincludes\gateways\class-novalnet-przelewy24.php:36
actionedd_novalnet_przelewy24_cc_formincludes\gateways\class-novalnet-przelewy24.php:37
actionedd_gateway_novalnet_przelewy24includes\gateways\class-novalnet-przelewy24.php:38
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-przelewy24.php:40
filteredd_settings_gatewaysincludes\gateways\class-novalnet-przelewy24.php:41
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-sepa.php:35
filteredd_payment_gatewaysincludes\gateways\class-novalnet-sepa.php:36
actionedd_gateway_novalnet_sepaincludes\gateways\class-novalnet-sepa.php:37
actionedd_novalnet_sepa_cc_formincludes\gateways\class-novalnet-sepa.php:38
actionwp_enqueue_scriptsincludes\gateways\class-novalnet-sepa.php:40
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-sepa.php:42
filteredd_settings_gatewaysincludes\gateways\class-novalnet-sepa.php:43
filterscript_loader_tagincludes\gateways\class-novalnet-sepa.php:61
actionupdate_option_novalnet_settingsincludes\gateways\class-novalnet-twint.php:35
filteredd_payment_gatewaysincludes\gateways\class-novalnet-twint.php:36
actionedd_gateway_novalnet_twintincludes\gateways\class-novalnet-twint.php:37
actionedd_novalnet_twint_cc_formincludes\gateways\class-novalnet-twint.php:38
filteredd_settings_sections_gatewaysincludes\gateways\class-novalnet-twint.php:40
filteredd_settings_gatewaysincludes\gateways\class-novalnet-twint.php:41
actionedd_api_valid_query_modesincludes\novalnet-functions.php:23
actionedd_api_public_query_modesincludes\novalnet-functions.php:24
actionedd_api_output_dataincludes\novalnet-functions.php:25
actionedd_api_output_beforeincludes\novalnet-functions.php:26
filteredd_get_success_page_uriincludes\novalnet-functions.php:29
filteredd_recurring_pre_record_signup_argsincludes\novalnet-functions.php:30
actionedd_settings_tab_bottom_gateways_novalnet_global_configincludes\novalnet-functions.php:33
filteredd_enabled_payment_gatewaysincludes\novalnet-functions.php:36
filteredd_sale_notificationincludes\novalnet-functions.php:39
filteredd_sale_notificationincludes\novalnet-functions.php:42
filteredd_purchase_receiptincludes\novalnet-functions.php:43
actionedd_payment_receipt_after_tableincludes\novalnet-functions.php:46
filterthe_commentsincludes\novalnet-functions.php:48
filteredd_default_gatewayincludes\novalnet-functions.php:51
filteredd_subscription_renewal_expirationincludes\novalnet-functions.php:54
actionadmin_initincludes\novalnet-functions.php:57
actionedd_after_submit_refund_tableincludes\novalnet-functions.php:60
filteredd_refund_orderincludes\novalnet-functions.php:61
actionedd_pre_complete_purchaseincludes\novalnet-functions.php:669
Maintenance & Trust

Easy Digital Downloads payment plugin – Novalnet AG Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 17, 2026
PHP min version
Downloads6K

Community Trust

Rating80/100
Number of ratings1
Active installs20
Alternatives

Easy Digital Downloads payment plugin – Novalnet AG Alternatives

Novalnet Payment Gateway for WooCommerce

Novalnet Payment Gateway for WooCommerce

woocommerce-novalnet-gateway

A
100

Novalnet payment plugin provides all popular online payment methods for your WooCommerce webshop.

1K No CVEs
Gravity Forms payment plugin – Novalnet AG

Gravity Forms payment plugin – Novalnet AG

novalnet-payment-add-on-for-gravity-forms

A
100

Novalnet payment addon provides all popular online payment methods for your Gravity Forms webshop.

10 No CVEs
MemberPress payment addon – Novalnet AG

MemberPress payment addon – Novalnet AG

novalnet-payment-addon-memberpress

A
85

Novalnet payment addon provides all popular online payment methods for your MemberPress webshop.

0 No CVEs
Payment Plugins for PayPal WooCommerce

Payment Plugins for PayPal WooCommerce

pymntpl-paypal-woocommerce

A
99

Developed exclusively between Payment Plugins and PayPal, PayPal for WooCommerce integrates with PayPal's newest API's.

90K 1 CVE
Payment Gateway for PayPal on WooCommerce

Payment Gateway for PayPal on WooCommerce

woo-paypal-gateway

A
99

PayPal, Credit/Debit Cards, Google Pay, Apple Pay, Pay Later, Venmo, SEPA, iDEAL, Mercado Pago, Bancontact & more - by an official PayPal Partner

10K 1 CVE
Developer Profile

Easy Digital Downloads payment plugin – Novalnet AG Developer Profile

Novalnet

4 plugins · 1K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Digital Downloads payment plugin – Novalnet AG

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-digital-downloads-payment-gateway-by-novalnet/assets/js/novalnet-admin.min.js/wp-content/plugins/easy-digital-downloads-payment-gateway-by-novalnet/assets/css/novalnet-admin.css
Script Paths
/wp-content/plugins/easy-digital-downloads-payment-gateway-by-novalnet/assets/js/novalnet-admin.min.js
Version Parameters
/wp-content/plugins/easy-digital-downloads-payment-gateway-by-novalnet/assets/js/novalnet-admin.min.js?ver=/wp-content/plugins/easy-digital-downloads-payment-gateway-by-novalnet/assets/css/novalnet-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
novalnet-admin-wrappernovalnet-global-settingsnovalnet-global-gatewaynovalnet-payment-fields
HTML Comments
<!-- Novalnet Global Configurations --><!-- Global configuration settings --><!-- Adding admin script --><!-- Enqueue script -->
Data Attributes
data-novalnet-account-numberdata-novalnet-mandate-referencedata-novalnet-api-keydata-novalnet-payment-method
JS Globals
novalnet_admin_paramsNovalnetAdmin
REST Endpoints
/wp-json/novalnet/v1/get_apiconfig
FAQ

Frequently Asked Questions about Easy Digital Downloads payment plugin – Novalnet AG