WP-Safety

Easy Digital Downloads – Variable Defaults Security & Risk Analysis

wordpress.org/plugins/easy-digital-downloads-variable-defaults

Allows site owners to define default variable pricing options on EDD.

10 active installs v1.1.1 PHP + WP 3.0+ Updated Feb 4, 2026
defaultseasy-digital-downloadseddpricingvariable-pricing
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Easy Digital Downloads – Variable Defaults Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Digital Downloads – Variable Defaults has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The static analysis of easy-digital-downloads-variable-defaults v1.1.1 reveals a generally strong security posture. The plugin demonstrates good practices by not exposing any AJAX handlers, REST API routes, shortcodes, or cron events without authentication or proper permission checks. Furthermore, the code adheres to secure coding standards by exclusively using prepared statements for SQL queries and includes nonce checks and capability checks, indicating an awareness of common WordPress security vulnerabilities. There are no recorded vulnerabilities (CVEs) for this plugin, which is a very positive indicator of its security maturity.

However, a notable concern arises from the output escaping. With 33 total outputs analyzed, only 67% are properly escaped. This means that one-third of the plugin's output might be vulnerable to Cross-Site Scripting (XSS) attacks if the data originates from an untrusted source. While the attack surface is zero and taint analysis found no critical or high-severity issues, this unescaped output represents a potential weakness that attackers could exploit.

In conclusion, the plugin is well-architected with no obvious direct attack vectors like unprotected entry points or raw SQL queries. The absence of vulnerability history is a significant strength. The primary weakness is the incomplete output escaping, which should be addressed to mitigate potential XSS risks.

Key Concerns

  • Incomplete output escaping
Vulnerabilities
None known

Easy Digital Downloads – Variable Defaults Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy Digital Downloads – Variable Defaults Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
22 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

67% escaped33 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
edd_variable_defaults_render_edit (includes\admin\settings.php:122)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Easy Digital Downloads – Variable Defaults Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_initedd-variable-defaults.php:109
actionplugins_loadededd-variable-defaults.php:202
filteredd_get_variable_pricesincludes\actions.php:74
actionedd_edit_default_variable_priceincludes\admin\actions.php:58
actionedd_delete_default_variable_priceincludes\admin\actions.php:86
actionadmin_menuincludes\admin\pages.php:25
filteredd_settings_extensionsincludes\admin\settings.php:41
actionedd_variable_defaults_tableincludes\admin\settings.php:113
actioninitincludes\post-types.php:50
Maintenance & Trust

Easy Digital Downloads – Variable Defaults Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Easy Digital Downloads – Variable Defaults Alternatives

Easy Digital Downloads – Pricing Select

Easy Digital Downloads – Pricing Select

easy-digital-downloads-pricing-select

A
100

A simple extension for Easy Digital Downloads which converts the display of variable priced products from radio/checkboxes to a dropdown.

10 No CVEs
Easy Digital Downloads Free Link

Easy Digital Downloads Free Link

easy-digital-downloads-free-link

A
100

replace EDD add-to-cart button with download link when product is free

1K No CVEs
EDD Auto Register

EDD Auto Register

edd-auto-register

A
92

Automatically creates a WP user account at checkout, based on customer's email address.

1K No CVEs
Easy Digital Downloads Featured Downloads

Easy Digital Downloads Featured Downloads

edd-featured-downloads

A
100

Easily feature your downloads

1K No CVEs
Counten- Sale Counter Advanced

Counten- Sale Counter Advanced

counten-sale-counter-advanced

A
92

A Sale Counter Plugin work with the Easy Digital Download Products

300 No CVEs
Developer Profile

Easy Digital Downloads – Variable Defaults Developer Profile

DigitalME

20 plugins · 140K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
3200 days
View full developer profile
Detection Fingerprints

How We Detect Easy Digital Downloads – Variable Defaults

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-digital-downloads-variable-defaults/assets/css/variable-defaults.css/wp-content/plugins/easy-digital-downloads-variable-defaults/assets/js/variable-defaults.js
Script Paths
/wp-content/plugins/easy-digital-downloads-variable-defaults/assets/js/variable-defaults.js
Version Parameters
easy-digital-downloads-variable-defaults/assets/css/variable-defaults.css?ver=easy-digital-downloads-variable-defaults/assets/js/variable-defaults.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Easy Digital Downloads – Variable Defaults