WP-Safety

MyStem EDD Security & Risk Analysis

wordpress.org/plugins/mystem-edd

This plugin helps you to create a store with Easy Digital Downloads and WordPress theme MyStem.

10 active installs v1.1 PHP 5.3+ WP 4.5+ Updated Apr 28, 2019
easy-digital-downloadseasydigitaldownloadseddmystem
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MyStem EDD Safe to Use in 2026?

Generally Safe

Score 85/100

MyStem EDD has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The mystem-edd v1.1 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and the presence of nonce and capability checks are positive indicators. The code's adherence to output escaping for a significant majority of its outputs (69%) suggests a good effort towards preventing cross-site scripting vulnerabilities.

However, the analysis also reveals potential areas for improvement. While the attack surface is currently small and appears to have no unprotected entry points, the presence of three shortcodes means there are potential interaction points that could be exploited if not properly secured internally. The 31% of outputs that are not properly escaped represent a moderate risk of cross-site scripting (XSS) vulnerabilities, which could be leveraged to compromise user sessions or inject malicious content.

The plugin's vulnerability history, showing zero known CVEs and no past vulnerabilities, is a positive sign. This indicates a history of stability and potentially good security practices in previous development cycles. Overall, mystem-edd v1.1 demonstrates a good foundation with its use of security best practices, but the unescaped output percentages warrant attention to fully mitigate potential XSS risks.

Key Concerns

  • Unescaped output detected
Vulnerabilities
None known

MyStem EDD Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

MyStem EDD Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

MyStem EDD Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
73
163 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

69% escaped236 total outputs
Attack Surface

MyStem EDD Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[mystem_downloads] shortcodes.php:12
[mystem_account] shortcodes.php:168
[mystem_edd_count] shortcodes.php:194
WordPress Hooks 31
actionadmin_enqueue_scriptsclass-edd.php:18
actionwp_enqueue_scriptsclass-edd.php:19
actiondownload_category_add_form_fieldsclass-edd.php:20
actiondownload_tag_add_form_fieldsclass-edd.php:21
actiondownload_category_edit_form_fieldsclass-edd.php:22
actiondownload_tag_edit_form_fieldsclass-edd.php:23
actionedited_download_categoryclass-edd.php:24
actioncreate_download_categoryclass-edd.php:25
actionedited_download_tagclass-edd.php:26
actioncreate_download_tagclass-edd.php:27
filtertaxonomy_templateclass-edd.php:28
actionpre_get_postsclass-edd.php:29
actionwidgets_initclass-edd.php:30
filtersingle_templateclass-edd.php:31
filterbody_classclass-edd.php:32
filtertheme_page_templatesclass-edd.php:33
filtertemplate_includeclass-edd.php:34
actioncustomize_registerfunctions.php:68
actionmystem_edd_reviewfunctions.php:96
actionadmin_enqueue_scriptsfunctions.php:220
actionadd_meta_boxesfunctions.php:261
actionsave_postfunctions.php:297
actionwidgets_initfunctions.php:338
actionadd_meta_boxesfunctions.php:344
actionadmin_enqueue_scriptsfunctions.php:357
actionsave_postfunctions.php:358
actionpost_submitbox_misc_actionsfunctions.php:362
actionsave_postfunctions.php:363
filterwalker_nav_menu_start_elfunctions.php:400
actionadmin_noticesmystem-edd.php:65
actionwp_enqueue_scriptswidgets\item-details.php:17
Maintenance & Trust

MyStem EDD Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedApr 28, 2019
PHP min version5.3
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

MyStem EDD Alternatives

Easy Digital Downloads Free Link

Easy Digital Downloads Free Link

easy-digital-downloads-free-link

A
100

replace EDD add-to-cart button with download link when product is free

1K No CVEs
EDD Auto Register

EDD Auto Register

edd-auto-register

A
85

Automatically creates a WP user account at checkout, based on customer's email address.

1K No CVEs
Easy Digital Downloads Featured Downloads

Easy Digital Downloads Featured Downloads

edd-featured-downloads

A
100

Easily feature your downloads

1K No CVEs
Counten- Sale Counter Advanced

Counten- Sale Counter Advanced

counten-sale-counter-advanced

A
92

A Sale Counter Plugin work with the Easy Digital Download Products

300 No CVEs
Sale Price for EDD

Sale Price for EDD

edd-sale-price

A
100

Promote your downloads with a sale price!

300 No CVEs
Developer Profile

MyStem EDD Developer Profile

Wow-Company

26 plugins · 98K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
236 days
View full developer profile
Detection Fingerprints

How We Detect MyStem EDD

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mystem-edd/assets/css/style.css/wp-content/plugins/mystem-edd/assets/js/image-slides.js/wp-content/plugins/mystem-edd/assets/js/taxonomy.js
Script Paths
/wp-content/plugins/mystem-edd/assets/js/image-slides.js/wp-content/plugins/mystem-edd/assets/js/taxonomy.js

HTML / DOM Fingerprints

CSS Classes
color-picker-field
Data Attributes
name="mystem_cat_meta[icon_field]"name="mystem_cat_meta[icon_color]"name="mystem_cat_meta[cat_template]"name="mystem_cat_meta[hide_header]"
FAQ

Frequently Asked Questions about MyStem EDD