Does EDD Favorites have any unpatched vulnerabilities?

No. All known vulnerabilities in EDD Favorites have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EDD Favorites compatible with WordPress 4.8.28?

According to WordPress.org data, EDD Favorites 1.0.8 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is EDD Favorites updated?

EDD Favorites was last updated on Aug 1, 2017. Frequent updates are generally a positive security signal.

What is EDD Favorites's security score?

EDD Favorites has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EDD Favorites Security & Risk Analysis

wordpress.org/plugins/edd-favorites

Favorite/Unfavorite downloads in Easy Digital Downloads with just 1 click.

100 active installs v1.0.8 PHP + WP 3.3+ Updated Aug 1, 2017

digital-downloadse-downloadseasy-digital-downloadseddsumobi

A · Safe

CVEs total1

Unpatched0

Last CVEApr 20, 2015

Plugin page Download

Safety Verdict

Is EDD Favorites Safe to Use in 2026?

Generally Safe

Score 85/100

EDD Favorites has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 20, 2015Updated 8yr ago

Risk Assessment

The EDD Favorites v1.0.8 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, utilizing prepared statements exclusively and having no known unpatched vulnerabilities. The absence of dangerous functions, file operations, and external HTTP requests is also commendable. However, significant concerns arise from the static analysis. The plugin exposes two AJAX endpoints that lack authentication checks, presenting a substantial risk. Furthermore, only 25% of its output is properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities, especially given its history of XSS CVEs. While the taint analysis shows no current issues, the lack of comprehensive checks on entry points and output sanitization, coupled with past XSS trends, suggests a heightened risk profile that requires attention. The plugin's vulnerability history, though lacking recent critical or high severity issues, shows a past pattern of XSS, implying that the development team may have struggled with proper input validation and output escaping. In conclusion, while the plugin has some strengths in secure database interaction, the unprotected entry points and insufficient output escaping are critical weaknesses that could be exploited.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output
Past XSS vulnerabilities indicate potential ongoing risk
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

EDD Favorites Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2015-9513medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Digital Downloads – Favorites <= 1.0.6 - Cross-Site Scripting

Apr 20, 2015 Patched in 1.0.7 (3200d)

Code Analysis

Analyzed Mar 16, 2026

EDD Favorites Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped8 total outputs

Attack Surface

2 unprotected

EDD Favorites Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_edd_favorites_favoriteincludes\ajax-functions.php:83

noprivwp_ajax_edd_favorites_favoriteincludes\ajax-functions.php:84

Shortcodes 2

[edd_favorites_edit] includes\shortcodes.php:28

[edd_favorites] includes\shortcodes.php:49

WordPress Hooks 30

actioninitedd-favorites.php:66

actionplugins_loadededd-favorites.php:235

actionadmin_noticesincludes\class-activation.php:69

actionadmin_noticesincludes\class-activation.php:144

filteredd_wl_share_via_email_subjectincludes\emails.php:22

filteredd_wl_share_via_email_messageincludes\emails.php:49

filteredd_wl_display_sharingincludes\filters.php:13

filteredd_wl_show_add_all_to_cart_linkincludes\filters.php:18

filteredd_wl_item_title_optionsincludes\filters.php:23

filteredd_wl_item_purchase_default_css_classesincludes\filters.php:39

filteredd_wl_item_priceincludes\filters.php:56

filteredd_wl_delete_list_link_defaultsincludes\filters.php:69

filteredd_wl_messagesincludes\filters.php:113

filteredd_wl_add_to_cart_defaultsincludes\filters.php:137

filteredd_settings_extensionsincludes\filters.php:170

filteredd_wl_is_view_pageincludes\filters.php:181

filteredd_wl_edit_settings_link_uriincludes\filters.php:195

filterpost_type_linkincludes\filters.php:210

filteredd_wl_edit_settings_link_returnincludes\filters.php:238

filteredd_wl_messagesincludes\labels.php:40

actionwp_enqueue_scriptsincludes\scripts.php:22

actionwp_headincludes\scripts.php:40

actionwp_footerincludes\scripts.php:123

filteredd_wl_add_to_list_shortcodeincludes\shortcodes.php:74

actiontemplate_redirectincludes\template-functions.php:24

actiontemplate_redirectincludes\template-functions.php:53

actionuser_registerincludes\template-functions.php:68

actionwpmu_new_userincludes\template-functions.php:69

actionedd_purchase_link_topincludes\template-functions.php:137

actiontemplate_redirectincludes\template-functions.php:139

Maintenance & Trust

EDD Favorites Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedAug 1, 2017

PHP min version

Downloads10K

Community Trust

Rating60/100

Number of ratings4

Active installs100

Alternatives

EDD Favorites Alternatives

EDD Purchase Rewards

edd-purchase-rewards

Increase sales and build customer loyalty by rewarding customers

60 No CVEs

EDD Free Download Text

edd-free-download-text

Change the button text of a free download

30 No CVEs

EDD Purchase Gravatars

edd-purchase-gravatars

Displays Gravatars of customers who have purchased your product

20 No CVEs

EDD Add To Cart Redirect

edd-add-to-cart-redirect

Redirect to any post/page/download when a download has been added the cart.

10 No CVEs

EDD Prevent Checkout

edd-prevent-checkout

Prevents customer from being able to checkout until a minimum cart total is reached

10 No CVEs

Developer Profile

EDD Favorites Developer Profile

Andrew Munro / AffiliateWP

17 plugins · 3K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

3200 days

View full developer profile

Detection Fingerprints

How We Detect EDD Favorites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/edd-favorites/assets/css/edd-favorites.css/wp-content/plugins/edd-favorites/assets/js/edd-favorites.js

Script Paths

/wp-content/plugins/edd-favorites/assets/js/edd-favorites.js

Version Parameters

edd-favorites/assets/css/edd-favorites.css?ver=edd-favorites/assets/js/edd-favorites.js?ver=

HTML / DOM Fingerprints

CSS Classes

edd-wl-favoritefavoritededd-loading

Data Attributes

data-edd-loading

JS Globals

edd_favorites_ajax

FAQ