WP-Safety

EDD Mobile Security & Risk Analysis

wordpress.org/plugins/edd-mobile

A mobile app for Easy Digital Downloads

10 active installs v1.0.3 PHP + WP 3.5+ Updated Dec 27, 2013
easy-digital-downloadseddmobile
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EDD Mobile Safe to Use in 2026?

Generally Safe

Score 85/100

EDD Mobile has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "edd-mobile" plugin v1.0.3 demonstrates a generally good security posture based on the provided static analysis. It boasts a minimal attack surface with all identified entry points secured, and importantly, no direct SQL queries were found without the use of prepared statements. The absence of known CVEs and a clean vulnerability history further contributes to this positive assessment, suggesting a development team that is either diligent about security or has not yet encountered significant vulnerabilities. However, a significant concern arises from the complete lack of output escaping for all identified outputs. This means that user-supplied data, if it can be injected into these outputs, could potentially be rendered as active code or malicious content in the user's browser, leading to cross-site scripting (XSS) vulnerabilities. While the taint analysis showed no issues, this is likely due to the limited analysis performed or the absence of complex data flow paths. The presence of a nonce check is a positive sign, but its effectiveness is diminished without proper capability checks and output escaping.

Key Concerns

  • 100% of outputs are unescaped
  • No capability checks on entry points
Vulnerabilities
None known

EDD Mobile Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

EDD Mobile Release Timeline

v1.0.3Current
v1.0.2
v1.0.1
v1.0
Code Analysis
Analyzed Mar 17, 2026

EDD Mobile Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
0 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped18 total outputs
Attack Surface

EDD Mobile Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_edd_mobile_login_actionincludes\edd-mobile-functions.php:134
noprivwp_ajax_edd_mobile_login_actionincludes\edd-mobile-functions.php:135
WordPress Hooks 7
actionadmin_menuincludes\edd-mobile-admin.php:10
actionadmin_initincludes\edd-mobile-admin.php:22
actionadmin_enqueue_scriptsincludes\edd-mobile-admin.php:77
filtertemplate_redirectincludes\edd-mobile-functions.php:22
actionedd_mobile_headincludes\edd-mobile-functions.php:47
actionadmin_noticesincludes\edd-mobile-functions.php:91
actioninitloader.php:37
Maintenance & Trust

EDD Mobile Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedDec 27, 2013
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

EDD Mobile Alternatives

Easy Digital Downloads Free Link

Easy Digital Downloads Free Link

easy-digital-downloads-free-link

A
100

replace EDD add-to-cart button with download link when product is free

1K No CVEs
EDD Auto Register

EDD Auto Register

edd-auto-register

A
85

Automatically creates a WP user account at checkout, based on customer's email address.

1K No CVEs
Easy Digital Downloads Featured Downloads

Easy Digital Downloads Featured Downloads

edd-featured-downloads

A
100

Easily feature your downloads

1K No CVEs
Counten- Sale Counter Advanced

Counten- Sale Counter Advanced

counten-sale-counter-advanced

A
92

A Sale Counter Plugin work with the Easy Digital Download Products

300 No CVEs
Sale Price for EDD

Sale Price for EDD

edd-sale-price

A
100

Promote your downloads with a sale price!

300 No CVEs
Developer Profile

EDD Mobile Developer Profile

modemlooper

9 plugins · 190 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EDD Mobile

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/edd-mobile/themes/img/icon.png/wp-content/plugins/edd-mobile/themes/img/startup.png/wp-content/plugins/edd-mobile/themes/img/startup@2x.png/wp-content/plugins/edd-mobile/themes/img/startup@5.png/wp-content/plugins/edd-mobile/themes/css/ios.css/wp-content/plugins/edd-mobile/themes/src/lib/jquery-1.7.min.js/wp-content/plugins/edd-mobile/themes/src/lib/jqtouch.min.js/wp-content/plugins/edd-mobile/themes/src/edd-mobile.js
Script Paths
/wp-content/plugins/edd-mobile/color-pick.js
Version Parameters
edd-mobile/color-pick.js?ver=edd-mobile/themes/css/ios.css?ver=edd-mobile/themes/src/edd-mobile.js?ver=

HTML / DOM Fingerprints

CSS Classes
edd-mobilejqttoolbararrowdatano-cacherounded
HTML Comments
Translators: HTML head titleTranslators: Site headline
Data Attributes
data-endpointdata-storagedata-type
JS Globals
keytokensite_urlendpointapi_urlreferrer+10 more
Shortcode Output
<li class="arrow data"><a href="#products" data-endpoint="products" data-storage="products">Products</a></li><li class="arrow data"><a href="#customers" data-endpoint="customers" data-storage="customers">Customers</a></li><li class="arrow data"><a href="#sales" data-endpoint="sales" data-storage="sales">Sales</a></li><li class="arrow data no-cache"><a href="#detail" data-endpoint="stats" data-type="earnings" data-storage="stats-earnings">Earnings</a></li>
FAQ

Frequently Asked Questions about EDD Mobile