WP-Safety

EDD Service Extended Security & Risk Analysis

wordpress.org/plugins/edd-service-extended

Easy Digital Download Service Extended adds message section in the user dashboard for conversation.

10 active installs v1.0.1 PHP + WP 3.0.1+ Updated Aug 24, 2015
digital-downloadse-downloadseasy-digital-downloadseddservices
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EDD Service Extended Safe to Use in 2026?

Generally Safe

Score 85/100

EDD Service Extended has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'edd-service-extended' v1.0.1 plugin presents a mixed security posture. On the positive side, it has a small attack surface with only one entry point (a shortcode) and no direct file operations or external HTTP requests. The plugin also demonstrates good practices by implementing nonce checks and performing a high percentage of output escaping.

However, significant concerns arise from the presence of a dangerous function, `unserialize`, which, if used with user-controlled input, could lead to deserialization vulnerabilities. Furthermore, the plugin executes a SQL query without using prepared statements, a common vector for SQL injection if the data is not properly sanitized before being used in the query. The absence of capability checks on any potential entry points is also a notable weakness. The lack of any recorded vulnerability history is a positive indicator, suggesting a history of secure development, but this does not mitigate the risks identified in the current code analysis.

In conclusion, while the plugin has some strengths like a limited attack surface and good output escaping, the identified risks related to `unserialize`, raw SQL queries, and missing capability checks warrant careful consideration and remediation to ensure a robust security posture.

Key Concerns

  • Dangerous function `unserialize` found
  • Raw SQL query without prepared statements
  • No capability checks on entry points
Vulnerabilities
None known

EDD Service Extended Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

EDD Service Extended Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
0 prepared
Unescaped Output
3
11 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$attach = unserialize( $each->attachment );edd-message.php:368

SQL Query Safety

0% prepared1 total queries

Output Escaping

79% escaped14 total outputs
Attack Surface

EDD Service Extended Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[add_user_comment_edd] edd-message.php:186
WordPress Hooks 13
actionadmin_noticesedd-message.php:48
actionadmin_initedd-message.php:55
actionwp_enqueue_scriptsedd-message.php:139
filterteeny_mce_buttonsedd-message.php:173
actionshow_insert_messageedd-message.php:280
actionshow_insert_messageedd-message.php:284
filterteeny_mce_buttonsedd-message.php:424
actioninitedd-message.php:441
actionfes_submission_form_save_custom_fieldsincludes\add-custom-info-field-front.php:94
actionfes_submission_form_new_bottomincludes\add-custom-info-field-front.php:95
actionfes_submission_form_existing_bottomincludes\add-custom-info-field-front.php:96
actionadd_meta_boxesincludes\admin\add-custom-info-field.php:18
actionsave_postincludes\admin\add-custom-info-field.php:86
Maintenance & Trust

EDD Service Extended Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedAug 24, 2015
PHP min version
Downloads13K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

EDD Service Extended Alternatives

EDD Downloads As Services

EDD Downloads As Services

edd-downloads-as-services

A
85

Mark Downloads As Services in Easy Digital Downloads

200 No CVEs
EDD Auto Register

EDD Auto Register

edd-auto-register

A
92

Automatically creates a WP user account at checkout, based on customer's email address.

1K No CVEs
Easy Digital Downloads Featured Downloads

Easy Digital Downloads Featured Downloads

edd-featured-downloads

A
100

Easily feature your downloads

1K No CVEs
Easy Digital Downloads – Blocks

Easy Digital Downloads – Blocks

edd-blocks

A
85

EDD Blocks adds a "Downloads" block to the new WordPress editor, also known as Gutenberg.

100 No CVEs
Easy Digital Downloads – Coming Soon

Easy Digital Downloads – Coming Soon

edd-coming-soon

A
85

Allows Coming Soon or Custom Status text instead of normal pricing for downloads in Easy Digital Downloads.

100 No CVEs
Developer Profile

EDD Service Extended Developer Profile

Varun Dubey

5 plugins · 420 total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
532 days
View full developer profile
Detection Fingerprints

How We Detect EDD Service Extended

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/edd-service-extended/css/style.css/wp-content/plugins/edd-service-extended/js/jRate.min.js/wp-content/plugins/edd-service-extended/js/script.js
Script Paths
/wp-content/plugins/edd-service-extended/js/script.js/wp-content/plugins/edd-service-extended/js/jRate.min.js
Version Parameters
edd-service-extended/css/style.css?ver=edd-service-extended/js/script.js?ver=edd-service-extended/js/jRate.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
add_user_commentedd_message_attachmentsubmit-msgedd_files_names
Data Attributes
id="add_user_comment"id="edd_message_attachment"name="attach[]"id="edd_message_attachment"name="add_comment"value="Add"+5 more
Shortcode Output
[add_user_comment_edd]
FAQ

Frequently Asked Questions about EDD Service Extended