WP-Safety

Hubaga – Sell Digital Downloads Security & Risk Analysis

wordpress.org/plugins/hubaga

Use this light-weight eCommerce plugin to sell your software and other digital products.

0 active installs v1.0.3 PHP 5.2.4+ WP 4.1+ Updated Nov 18, 2017
e-commerceecommercesellsell-downloadsstore
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Hubaga – Sell Digital Downloads Safe to Use in 2026?

Generally Safe

Score 85/100

Hubaga – Sell Digital Downloads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The hubaga plugin version 1.0.3 presents a mixed security posture. On the positive side, it boasts a clean vulnerability history with no known CVEs and a high percentage of SQL queries using prepared statements, indicating good practices in database interaction. The presence of numerous capability checks and nonce checks further suggests an effort to secure its functionality. However, a significant concern arises from the static analysis, which reveals one AJAX handler without any authentication checks. This creates a direct entry point for potential unauthenticated attacks.

The taint analysis is particularly alarming, with all 8 analyzed flows showing unsanitized paths and 6 of these being of high severity. This strongly suggests a high risk of injection vulnerabilities (e.g., Cross-Site Scripting, SQL Injection, or path traversal) if the plugin's inputs are not meticulously validated and sanitized. While the plugin doesn't appear to use dangerous functions directly, the unsanitized flows indicate that even standard WordPress functions could be leveraged maliciously through improperly handled data.

Given the complete lack of historical vulnerabilities, one might infer a history of careful development or perhaps limited exposure. However, the current static and taint analysis paints a picture of potential risks that need immediate attention. The presence of a single, unprotected AJAX endpoint combined with widespread high-severity unsanitized flows makes this plugin a moderate to high risk in its current state. Addressing these specific issues is crucial for improving its security.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized flows (x6)
  • Low output escaping rate (41%)
  • Unsanitized paths in all flows
Vulnerabilities
None known

Hubaga – Sell Digital Downloads Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Hubaga – Sell Digital Downloads Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
27 prepared
Unescaped Output
138
95 escaped
Nonce Checks
6
Capability Checks
8
File Operations
3
External Requests
4
Bundled Libraries
0

SQL Query Safety

93% prepared29 total queries

Output Escaping

41% escaped233 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
save (includes\elementa\elementa.php:852)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Hubaga – Sell Digital Downloads Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 8

authwp_ajax_hubaga_get_checkoutincludes\ajax.php:8
noprivwp_ajax_hubaga_get_checkoutincludes\ajax.php:9
authwp_ajax_hubaga_handle_checkoutincludes\ajax.php:10
noprivwp_ajax_hubaga_handle_checkoutincludes\ajax.php:11
authwp_ajax_hubaga_apply_couponincludes\ajax.php:29
noprivwp_ajax_hubaga_apply_couponincludes\ajax.php:30
authwp_ajax_hubaga_handle_report_dataincludes\ajax.php:109
noprivwp_ajax_hubaga_validate_paypal_ipnincludes\checkout\gateways\paypal\paypal-gateway.php:40
WordPress Hooks 75
actioninithubaga.php:118
actionhubaga_admin_inithubaga.php:185
actionwp_enqueue_scriptshubaga.php:191
actionwidgets_inithubaga.php:194
actionhubaga_initincludes\admin\admin.php:51
actionadmin_menuincludes\admin\admin.php:191
actionadmin_enqueue_scriptsincludes\admin\admin.php:192
actionadmin_enqueue_scriptsincludes\admin\admin.php:193
actionwp_dashboard_setupincludes\admin\admin.php:194
filterplugin_action_linksincludes\admin\admin.php:195
filterplugin_row_metaincludes\admin\admin.php:196
actionhubaga_initincludes\checkout\abstract-payments-class.php:47
actionadmin_noticesincludes\checkout\abstract-payments-class.php:61
actionhubaga_initincludes\checkout\functions.php:107
actionhubaga_before_checkout_processincludes\checkout\functions.php:145
actionhubaga_before_checkout_page_htmlincludes\checkout\gateways\paypal\paypal-gateway.php:41
filterhubaga_coupon_codeincludes\coupons\functions.php:14
filterhubaga_coupon_codeincludes\coupons\functions.php:15
filterhubaga_coupon_codeincludes\coupons\functions.php:16
filterhubaga_coupon_codeincludes\coupons\functions.php:17
filterhubaga_customer_nameincludes\customers\functions.php:34
filterhubaga_customer_emailincludes\customers\functions.php:45
filterhubaga_customer_descriptionincludes\customers\functions.php:56
filterhubaga_customer_idincludes\customers\functions.php:77
filterhubaga_get_account_urlincludes\customers\functions.php:183
filtershow_admin_barincludes\customers\functions.php:212
actiontemplate_redirectincludes\download.php:73
actionadmin_enqueue_scriptsincludes\elementa\elementa.php:181
filterbody_classincludes\functions.php:596
actionhubaga_initincludes\notifications.php:48
actionhubaga_order_createdincludes\notifications.php:82
actionhubaga_order_refundedincludes\notifications.php:85
actionhubaga_order_cancelledincludes\notifications.php:88
actionhubaga_order_failedincludes\notifications.php:91
actionhubaga_order_completedincludes\notifications.php:94
actionhubaga_customer_createdincludes\notifications.php:97
filterwp_mail_content_typeincludes\notifications.php:135
filterwp_mail_fromincludes\notifications.php:136
filterwp_mail_from_nameincludes\notifications.php:137
actionhubaga_order_idincludes\orders\functions.php:153
filterhubaga_product_IDincludes\products\functions.php:43
filterhubaga_product_titleincludes\products\functions.php:56
filterhubaga_product_short_descriptionincludes\products\functions.php:69
filterhubaga_product_short_descriptionincludes\products\functions.php:70
filterhubaga_product_short_descriptionincludes\products\functions.php:71
filterhubaga_product_short_descriptionincludes\products\functions.php:72
filterhubaga_product_short_descriptionincludes\products\functions.php:73
filterhubaga_product_short_descriptionincludes\products\functions.php:74
filterhubaga_product_short_descriptionincludes\products\functions.php:75
filterhubaga_product_sell_countincludes\products\functions.php:87
filterhubaga_product_typeincludes\products\functions.php:100
actionhubaga_order_completeincludes\products\functions.php:290
actioninitincludes\rest.php:53
filterrest_authentication_errorsincludes\rest.php:70
filterdetermine_current_userincludes\rest.php:71
actioninitincludes\rest.php:74
actionhubaga_initincludes\template.php:36
actionhubaga_view_orderincludes\template.php:69
actionhubaga_view_orderincludes\template.php:70
actionhubaga_view_orderincludes\template.php:71
actionhubaga_checkout_formincludes\template.php:74
actionhubaga_checkout_formincludes\template.php:75
actionhubaga_checkout_formincludes\template.php:76
actionhubaga_checkout_formincludes\template.php:77
actionhubaga_checkout_formincludes\template.php:78
actionhubaga_checkout_formincludes\template.php:79
actionhubaga_checkout_formincludes\template.php:80
actionhubaga_checkout_formincludes\template.php:81
actionhubaga_checkout_formincludes\template.php:82
actionhubaga_account_page_htmlincludes\template.php:85
actionhubaga_account_page_htmlincludes\template.php:86
actionhubaga_account_page_htmlincludes\template.php:87
actionhubaga_account_page_htmlincludes\template.php:88
actionhubaga_account_page_htmlincludes\template.php:89
actionwp_footerincludes\template.php:93
Maintenance & Trust

Hubaga – Sell Digital Downloads Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedNov 18, 2017
PHP min version5.2.4
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Hubaga – Sell Digital Downloads Alternatives

TriPay Payment Gateway

TriPay Payment Gateway

tripay-payment-gateway

A
100

TriPay Payment adalah payment gateway indonesia yang menyediakan beragam metode pembayaran seperti virtual account, convenience store, e-wallet, dll

1K 1 CVE
Ovic Pinmap

Ovic Pinmap

ovic-pinmap

A
85

Need support? [Contact Us](https://kutethemes.com/contact-us/ "Contact Us")

200 No CVEs
ShipperHQ: Shipping & Checkout Experience Solution

ShipperHQ: Shipping & Checkout Experience Solution

woo-shipperhq

A
100

Control the shipping rates and options you show in your WooCommerce cart. Live rates from 30+ carriers, LTL Freight and custom rates.

200 No CVEs
Sell Downloads

Sell Downloads

sell-downloads

A
93

Sell Downloads is an WordPress eCommerce for selling downloadable files: audio, video, documents, pictures all that may be published in Internet.

100 3 CVEs
OPay Payment for WooCommerce

OPay Payment for WooCommerce

woo-opay-payment

A
85

歐付寶金流外掛套件,提供合作特店以及個人會員使用開放原始碼商店系統時,無須自行處理複雜的檢核,直接透過安裝設定外掛套件,便可以較快速的方式介接的金流系統。

30 No CVEs
Developer Profile

Hubaga – Sell Digital Downloads Developer Profile

Noptin Newsletter Team

5 plugins · 11K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
278 days
View full developer profile
Detection Fingerprints

How We Detect Hubaga – Sell Digital Downloads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hubaga/assets/css/style.css/wp-content/plugins/hubaga/assets/js/main.js
Script Paths
/wp-content/plugins/hubaga/assets/js/main.js
Version Parameters
hubaga/assets/css/style.css?ver=hubaga/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
hubaga-producthubaga-shortcode-wrapper
Data Attributes
data-hubaga-product-id
JS Globals
Hubaga
Shortcode Output
[hubaga_products][hubaga_add_to_cart]
FAQ

Frequently Asked Questions about Hubaga – Sell Digital Downloads