WP-Safety

Seraphinite Downloads Statistics Security & Risk Analysis

wordpress.org/plugins/seraphinite-downloads-stats

Measure direct downloads from your site.

10 active installs v1.3.1 PHP 5.4+ WP 4.5+ Updated Unknown
analyticsdirectorydownloaddownload-monitorstatistic
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Seraphinite Downloads Statistics Safe to Use in 2026?

Generally Safe

Score 100/100

Seraphinite Downloads Statistics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The Seraphinite Downloads Stats plugin version 1.3.1 presents a concerning security posture due to several critical vulnerabilities identified in the static analysis. The presence of two unprotected AJAX handlers represents a significant attack surface, as these can be exploited by unauthenticated users to execute arbitrary actions within the plugin. Furthermore, the extensive use of the `unserialize` function, coupled with a high percentage of unsanitized paths in taint analysis, strongly suggests potential for Remote Code Execution (RCE) or other severe attacks if user-controlled data is passed to these functions without proper validation and sanitization. The plugin also lacks essential security checks such as nonce and capability checks on its entry points, exacerbating the risk posed by the unprotected AJAX handlers. While there is no known vulnerability history, this should not be interpreted as a sign of robust security, but rather as a potential lack of historical auditing or discovery of existing issues. The plugin's strengths lie in its moderate use of prepared statements for SQL queries and a reasonable number of file operations and external HTTP requests, which are not inherently insecure. However, the identified vulnerabilities significantly outweigh these minor strengths, demanding immediate attention.

Key Concerns

  • 2 AJAX handlers without auth checks
  • Unsanitized paths in taint analysis (High severity)
  • Use of 'unserialize' function
  • No nonce checks
  • No capability checks
  • Low percentage of properly escaped output
Vulnerabilities
None known

Seraphinite Downloads Statistics Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Seraphinite Downloads Statistics Code Analysis

Dangerous Functions
8
Raw SQL Queries
4
9 prepared
Unescaped Output
111
62 escaped
Nonce Checks
0
Capability Checks
0
File Operations
33
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$v = @unserialize( $data );Cmn\Gen.php:275
unserialize$val = ( $val !== false ) ? @unserialize( $val ) : null;Cmn\Plugin.php:141
unserialize$data = Gen::GetArrField( @unserialize( $data ), array( 'data' ), array() );Cmn\Plugin.php:468
unserialize$data = Gen::GetArrField( @unserialize( Gen::FileContentExclusive_Get( $h, '' ) ), array( 'data' ), Cmn\Plugin.php:795
unserialize$data = Gen::GetArrField( @unserialize( Gen::FileContentExclusive_Get( $h, '' ) ), array( 'data' ), Cmn\Plugin.php:858
unserialize$data = Gen::GetArrField( @unserialize( Gen::FileContentExclusive_Get( $h, '' ) ), array( 'data' ), Cmn\Plugin.php:897
unserializeif( $info = @unserialize( str_replace( array( '{{{CR}}}', '{{{LF}}}' ), array( "\r", "\n" ), rtrim( common.php:271
unserialize$cfg = Gen::GetArrField( @unserialize( Gen::FileGetContentExclusive( $opDir . '/cfg.dat', '', true, get.php:20

SQL Query Safety

69% prepared13 total queries

Output Escaping

36% escaped173 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
StreamOutFileContent (Cmn\Fs.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Seraphinite Downloads Statistics Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_seraph_dlstat_actCmn\Plugin.php:544
authwp_ajax_seraph_dlstat_apiCmn\Plugin.php:638
WordPress Hooks 38
filterhome_urlCmn\Gen.php:3077
actionrequests-requests.before_requestCmn\Gen.php:3162
actionrequests-requests.before_requestCmn\Gen.php:3173
filterplugin_localeCmn\Gen.php:4258
filterload_textdomain_mofileCmn\Gen.php:4260
actionadmin_noticesCmn\Plugin.php:421
actionnetwork_admin_noticesCmn\Plugin.php:422
actionplugins_loadedCmn\Plugin.php:426
actionchange_localeCmn\Plugin.php:427
actionwp_loadedCmn\Plugin.php:436
filterremovable_query_argsCmn\Plugin.php:546
actionadmin_initCmn\Plugin.php:554
actionseraph_dlstat_postOpsResCmn\Plugin.php:568
actionadmin_enqueue_scriptsCmn\Plugin.php:586
actionwp_loadedCmn\Plugin.php:623
filterplugins_update_check_localesCmn\Plugin.php:631
actionadmin_post_nopriv_seraph_dlstat_apiCmn\Plugin.php:633
actionadmin_post_seraph_dlstat_apiCmn\Plugin.php:634
actionadmin_footerCmn\Plugin.php:693
filteradmin_footer_textCmn\Plugin.php:1051
filtercron_schedulescommon.php:24
filterdo_parse_requestcommon.php:25
actionseraph_dlstat_cron_hookcommon.php:60
actionadmin_menumain.php:23
actionadmin_initmain.php:33
actionseraph_dlstat_postOpsResmain.php:45
actionadmin_menumain.php:53
actionadmin_noticesmain.php:60
actionseraph_dlstat_settings_displayPlugins\Ga\main.php:8
filterseraph_dlstat_onSettingsSavePlugins\Ga\main.php:9
filterseraph_dlstat_options_loadPlugins\Ga\main.php:11
filterseraph_dlstat_options_savePlugins\Ga\main.php:12
actionseraph_dlstat_items_download_requestedPlugins\Ga\main.php:14
actionseraph_dlstat_settings_displayPlugins\LocalDb\main.php:10
filterseraph_dlstat_onSettingsSavePlugins\LocalDb\main.php:11
filterseraph_dlstat_options_loadPlugins\LocalDb\main.php:13
filterseraph_dlstat_options_savePlugins\LocalDb\main.php:14
actionseraph_dlstat_items_download_requestedPlugins\LocalDb\main.php:16

Scheduled Events 1

seraph_dlstat_cron_hook
Maintenance & Trust

Seraphinite Downloads Statistics Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedUnknown
PHP min version5.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Seraphinite Downloads Statistics Alternatives

EDD Metrics

EDD Metrics

edd-metrics

A
85

Better reports for Easy Digital Downloads, similar to Baremetrics.

80 No CVEs
Download Counter

Download Counter

download-counter

B
74

Counts the number of downloads for files and displays a table with the results.

30 1 unpatched
SFR Directory Analytics

SFR Directory Analytics

sfr-directory-analytics

A
100

Free analytics for Directorist, GeoDirectory & Business Directory. Track listings, searches & performance with beautiful dashboards.

10 No CVEs
GA Google Analytics – Connect Google Analytics to WordPress

GA Google Analytics – Connect Google Analytics to WordPress

ga-google-analytics

A
100

Adds Google Analytics tracking code to your WordPress site. Supports many tracking features.

400K No CVEs
Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)

Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)

burst-statistics

A
96

Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.

200K 3 CVEs
Developer Profile

Seraphinite Downloads Statistics Developer Profile

Seraphinite Solutions

5 plugins · 61K total installs

84
trust score
Avg Security Score
94/100
Avg Patch Time
36 days
View full developer profile
Detection Fingerprints

How We Detect Seraphinite Downloads Statistics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/seraphinite-downloads-stats/css/seraphinite-downloads-stats.css/wp-content/plugins/seraphinite-downloads-stats/js/seraphinite-downloads-stats.js
Script Paths
/wp-content/plugins/seraphinite-downloads-stats/js/seraphinite-downloads-stats.js
Version Parameters
seraphinite-downloads-stats/css/seraphinite-downloads-stats.css?ver=seraphinite-downloads-stats/js/seraphinite-downloads-stats.js?ver=

HTML / DOM Fingerprints

CSS Classes
seraphinite-downloads-stats-admin-wrapseraphinite-downloads-stats-admin-option-wrap
HTML Comments
<!-- Seraphinite Downloads Statistics -->
Data Attributes
data-seraphinite-downloads-stats-post-id
JS Globals
seraphinite_downloads_stats
FAQ

Frequently Asked Questions about Seraphinite Downloads Statistics