WP-Safety

EDD List File Names Security & Risk Analysis

wordpress.org/plugins/edd-list-file-names

Shows a simple list of the download's files with a shortcode

50 active installs v1.0.1 PHP + WP 3.3+ Updated Feb 22, 2014
digital-downloadse-commercee-downloadseasy-digital-downloadsedd
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EDD List File Names Safe to Use in 2026?

Generally Safe

Score 85/100

EDD List File Names has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The EDD List File Names v1.0.1 plugin presents a mixed security profile. On the positive side, the plugin exhibits excellent practices regarding database interactions, utilizing prepared statements for all its SQL queries and having no recorded vulnerabilities or CVEs. It also has a minimal attack surface with no AJAX handlers, REST API routes, cron events, or file operations, which significantly reduces potential avenues for attack. However, a critical concern arises from the lack of output escaping for all identified output points. This means that any data displayed to users could potentially be manipulated by an attacker to inject malicious scripts, leading to cross-site scripting (XSS) vulnerabilities. The absence of nonce and capability checks on the identified shortcode entry point, while seemingly minor given the limited attack surface, is also a weakness that could be exploited in conjunction with other vulnerabilities.

Key Concerns

  • Output is not properly escaped
  • No nonce checks on shortcode
  • No capability checks on shortcode
Vulnerabilities
None known

EDD List File Names Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

EDD List File Names Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped2 total outputs
Attack Surface

EDD List File Names Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[edd_file_names] edd-list-file-names.php:70
WordPress Hooks 1
actionplugins_loadededd-list-file-names.php:148
Maintenance & Trust

EDD List File Names Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedFeb 22, 2014
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs50
Alternatives

EDD List File Names Alternatives

EDD Invoice Data

EDD Invoice Data

edd-invoice-data

A
85

This plugin allows you to gather invoice data for any EDD payment gateway.

10 No CVEs
EDD Auto Register

EDD Auto Register

edd-auto-register

A
92

Automatically creates a WP user account at checkout, based on customer's email address.

1K No CVEs
Easy Digital Downloads Featured Downloads

Easy Digital Downloads Featured Downloads

edd-featured-downloads

A
100

Easily feature your downloads

1K No CVEs
EDD Downloads As Services

EDD Downloads As Services

edd-downloads-as-services

A
85

Mark Downloads As Services in Easy Digital Downloads

200 No CVEs
Easy Digital Downloads – Blocks

Easy Digital Downloads – Blocks

edd-blocks

A
85

EDD Blocks adds a "Downloads" block to the new WordPress editor, also known as Gutenberg.

100 No CVEs
Developer Profile

EDD List File Names Developer Profile

Andrew Munro / AffiliateWP

17 plugins · 3K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
3200 days
View full developer profile
Detection Fingerprints

How We Detect EDD List File Names

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
edd-file-names
Shortcode Output
<ol class="edd-file-names"><li></li></ol>
FAQ

Frequently Asked Questions about EDD List File Names