WP-Safety

Payhip – Sell Downloads Security & Risk Analysis

wordpress.org/plugins/payhip-sell-ebooks

This plugin will allow you to Sell Downloads directly to your customers. Sell your eBooks, music, videos, design assets, courses, software and more.

200 active installs v1.0.1 PHP 5.6+ WP 3.5.0+ Updated Nov 24, 2025
digital-productspaypalsell-digital-downloadssell-digital-productssell-downloads
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Payhip – Sell Downloads Safe to Use in 2026?

Generally Safe

Score 100/100

Payhip – Sell Downloads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "payhip-sell-ebooks" v1.0.1 plugin exhibits a mixed security posture. While the absence of known CVEs and recorded vulnerabilities is a positive sign, the static analysis reveals several concerning areas. The presence of two AJAX handlers without authentication checks significantly expands the attack surface, creating potential entry points for unauthorized actions. Furthermore, only 26% of output escaping is properly implemented, suggesting a high risk of cross-site scripting (XSS) vulnerabilities where user-supplied data is displayed without adequate sanitization.

Key Concerns

  • Unprotected AJAX handlers
  • Low percentage of proper output escaping
  • No capability checks on entry points
Vulnerabilities
None known

Payhip – Sell Downloads Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Payhip – Sell Downloads Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Payhip – Sell Downloads Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
26
9 escaped
Nonce Checks
1
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared2 total queries

Output Escaping

26% escaped35 total outputs
Attack Surface
2 unprotected

Payhip – Sell Downloads Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_pfPayhipDataadmin\class-payhip-sell-ebooks-admin.php:93
noprivwp_ajax_pfPayhipDataadmin\class-payhip-sell-ebooks-admin.php:94

Shortcodes 1

[Payhip_Products] public\class-payhip-sell-ebooks.php:85
WordPress Hooks 15
actionadmin_enqueue_scriptsadmin\class-payhip-sell-ebooks-admin.php:73
actionadmin_enqueue_scriptsadmin\class-payhip-sell-ebooks-admin.php:74
actionadmin_menuadmin\class-payhip-sell-ebooks-admin.php:77
action@TODOadmin\class-payhip-sell-ebooks-admin.php:89
filter@TODOadmin\class-payhip-sell-ebooks-admin.php:90
filtercron_schedulesincludes\general.php:18
actionpf_curl_cron_actionincludes\general.php:38
actionplugins_loadedpayhip-sell-ebooks.php:62
actionplugins_loadedpayhip-sell-ebooks.php:87
actioninitpublic\class-payhip-sell-ebooks.php:69
actionwpmu_new_blogpublic\class-payhip-sell-ebooks.php:72
actionwp_enqueue_scriptspublic\class-payhip-sell-ebooks.php:75
actionwp_enqueue_scriptspublic\class-payhip-sell-ebooks.php:76
actioninitpublic\class-payhip-sell-ebooks.php:81
filter@TODOpublic\class-payhip-sell-ebooks.php:82

Scheduled Events 1

pf_curl_cron_action
Maintenance & Trust

Payhip – Sell Downloads Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedNov 24, 2025
PHP min version5.6
Downloads10K

Community Trust

Rating90/100
Number of ratings8
Active installs200
Alternatives

Payhip – Sell Downloads Alternatives

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

easy-digital-downloads

B
75

The #1 eCommerce plugin to sell digital products & subscriptions. Accept payments with Stripe & PayPal. Sell ebooks, software & more.

40K 40 CVEs
Premium Packages – Sell Digital Products Securely

Premium Packages – Sell Digital Products Securely

wpdm-premium-packages

A
94

Premium Packages is a free, full-featured WordPress eCommerce plugin to sell digital products easily and securely.

3K 9 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Payment Plugins for PayPal WooCommerce

Payment Plugins for PayPal WooCommerce

pymntpl-paypal-woocommerce

A
99

Developed exclusively between Payment Plugins and PayPal, PayPal for WooCommerce integrates with PayPal's newest API's.

90K 1 CVE
Developer Profile

Payhip – Sell Downloads Developer Profile

payhip

1 plugin · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Payhip – Sell Downloads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/payhip-sell-ebooks/assets/css/admin.css/wp-content/plugins/payhip-sell-ebooks/assets/js/admin.js
Version Parameters
payhip-sell-ebooks/assets/css/admin.css?ver=payhip-sell-ebooks/assets/js/admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- @TODO: --><!-- If you want to include Ajax within the dashboard, change the following --><!-- conditional to: --><!-- othewise && if ( is_admin() && (!defined('DOING_AJAX') || !DOING_AJAX ) -->+8 more
Data Attributes
data-plugin-slug
JS Globals
pf_json_admin_data
FAQ

Frequently Asked Questions about Payhip – Sell Downloads