WP-Safety

Easy Digital Downloads – Blocks Security & Risk Analysis

wordpress.org/plugins/edd-blocks

EDD Blocks adds a "Downloads" block to the new WordPress editor, also known as Gutenberg.

100 active installs v1.0.1 PHP + WP 5.0+ Updated Feb 20, 2020
blocksdigital-downloadse-downloadseasy-digital-downloadsedd
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Easy Digital Downloads – Blocks Safe to Use in 2026?

Generally Safe

Score 85/100

Easy Digital Downloads – Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The plugin "edd-blocks" v1.0.1 exhibits a generally strong security posture based on the provided static analysis. There are no detected dangerous functions, SQL queries use prepared statements exclusively, and the taint analysis shows no concerning unsanitized flows. The absence of file operations and external HTTP requests further contributes to a reduced attack surface. The high percentage of properly escaped output is also a positive indicator. However, the lack of nonce checks and capability checks on its entry points, which include two shortcodes, presents a notable area of concern. While the attack surface is small and there are no unauthenticated AJAX handlers or REST API routes, these checks are fundamental for preventing various forms of attacks, such as Cross-Site Request Forgery (CSRF) and privilege escalation, especially if the shortcodes handle any user-supplied data or interact with sensitive functionalities. The vulnerability history being clear of any known CVEs is a positive sign, suggesting a well-maintained codebase in the past. Nevertheless, the absence of these critical security checks on shortcodes creates a potential weakness that could be exploited in conjunction with other vulnerabilities or specific user contexts. Therefore, while the plugin has many strengths, the missing authentication and authorization checks on its entry points require attention.

Key Concerns

  • Missing nonce checks on entry points
  • Missing capability checks on entry points
  • Output escaping not fully implemented (25% unescaped)
Vulnerabilities
None known

Easy Digital Downloads – Blocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy Digital Downloads – Blocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
46 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

75% escaped61 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-edd-term-images> (includes\term-images\class-edd-term-images.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Easy Digital Downloads – Blocks Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[download_categories] includes\class-shortcodes.php:6
[download_tags] includes\class-shortcodes.php:7
WordPress Hooks 33
filteredd_download_category_argsedd-blocks.php:225
filteredd_download_tag_argsedd-blocks.php:226
actioninitedd-blocks.php:228
actionplugins_loadededd-blocks.php:281
actioninitincludes\blocks\downloads\index.php:151
actionadmin_noticesincludes\class-activation.php:69
actionwp_enqueue_scriptsincludes\class-assets.php:18
actionenqueue_block_editor_assetsincludes\class-assets.php:21
actiondownload_category_add_form_fieldsincludes\class-taxonomies.php:12
actioncreated_download_categoryincludes\class-taxonomies.php:13
actiondownload_category_edit_form_fieldsincludes\class-taxonomies.php:14
actionedited_download_categoryincludes\class-taxonomies.php:15
actiondownload_tag_add_form_fieldsincludes\class-taxonomies.php:18
actioncreated_download_tagincludes\class-taxonomies.php:19
actiondownload_tag_edit_form_fieldsincludes\class-taxonomies.php:20
actionedited_download_tagincludes\class-taxonomies.php:21
actionadmin_enqueue_scriptsincludes\class-taxonomies.php:24
actionadmin_footerincludes\class-taxonomies.php:25
actionrest_api_initincludes\functions.php:455
filteredd_api_products_productincludes\functions.php:499
filterwp_get_attachment_image_attributesincludes\term-images\class-edd-term-images.php:98
actioncreate_termincludes\term-images\class-edd-term-meta-ui.php:113
actionedit_termincludes\term-images\class-edd-term-meta-ui.php:114
filterterms_clausesincludes\term-images\class-edd-term-meta-ui.php:117
filterget_terms_orderbyincludes\term-images\class-edd-term-meta-ui.php:118
actionload-edit-tags.phpincludes\term-images\class-edd-term-meta-ui.php:145
actionload-term.phpincludes\term-images\class-edd-term-meta-ui.php:146
actionadmin_head-edit-tags.phpincludes\term-images\class-edd-term-meta-ui.php:210
actionadmin_head-edit-tags.phpincludes\term-images\class-edd-term-meta-ui.php:211
actionadmin_print_scripts-edit-tags.phpincludes\term-images\class-edd-term-meta-ui.php:212
actionquick_edit_custom_boxincludes\term-images\class-edd-term-meta-ui.php:213
actionadmin_head-term.phpincludes\term-images\class-edd-term-meta-ui.php:222
actionadmin_print_scripts-term.phpincludes\term-images\class-edd-term-meta-ui.php:223
Maintenance & Trust

Easy Digital Downloads – Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedFeb 20, 2020
PHP min version
Downloads10K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Easy Digital Downloads – Blocks Alternatives

EDD Auto Register

EDD Auto Register

edd-auto-register

A
92

Automatically creates a WP user account at checkout, based on customer's email address.

1K No CVEs
Easy Digital Downloads Featured Downloads

Easy Digital Downloads Featured Downloads

edd-featured-downloads

A
100

Easily feature your downloads

1K No CVEs
EDD Downloads As Services

EDD Downloads As Services

edd-downloads-as-services

A
85

Mark Downloads As Services in Easy Digital Downloads

200 No CVEs
Easy Digital Downloads – Coming Soon

Easy Digital Downloads – Coming Soon

edd-coming-soon

A
85

Allows Coming Soon or Custom Status text instead of normal pricing for downloads in Easy Digital Downloads.

100 No CVEs
EDD Download Images

EDD Download Images

edd-download-images

A
85

Easily add extra download images and display them.

100 No CVEs
Developer Profile

Easy Digital Downloads – Blocks Developer Profile

Andrew Munro / AffiliateWP

17 plugins · 3K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
3200 days
View full developer profile
Detection Fingerprints

How We Detect Easy Digital Downloads – Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/edd-blocks/dist/styles.css/wp-content/plugins/edd-blocks/dist/editor.css/wp-content/plugins/edd-blocks/dist/blocks.style.build.css/wp-content/plugins/edd-blocks/dist/blocks.editor.build.css/wp-content/plugins/edd-blocks/src/frontend.js/wp-content/plugins/edd-blocks/src/editor.js
Script Paths
/wp-content/plugins/edd-blocks/dist/frontend.js/wp-content/plugins/edd-blocks/dist/editor.js/wp-content/plugins/edd-blocks/dist/blocks.editor.build.js
Version Parameters
edd-blocks/dist/styles.css?ver=edd-blocks/dist/editor.css?ver=edd-blocks/dist/blocks.style.build.css?ver=edd-blocks/dist/blocks.editor.build.css?ver=edd-blocks/src/frontend.js?ver=edd-blocks/src/editor.js?ver=edd-blocks/dist/frontend.js?ver=edd-blocks/dist/editor.js?ver=edd-blocks/dist/blocks.editor.build.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-edd-blocks-downloadswp-block-edd-blocks-download-categorieswp-block-edd-blocks-download-tags
Data Attributes
data-block="edd-blocks/downloads"data-block="edd-blocks/download-categories"data-block="edd-blocks/download-tags"
JS Globals
wp.blocks.registerBlockTypeedd_blocks_editor_settingswp.element.createElementwp.components.registerBlockType
REST Endpoints
/wp-json/wp/v2/download_category/wp-json/wp/v2/download_tag
FAQ

Frequently Asked Questions about Easy Digital Downloads – Blocks