Does Simple Downloads List have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Downloads List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Downloads List compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Downloads List 1.5.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Downloads List compatible with PHP 8.2+?

Simple Downloads List requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Downloads List updated?

Simple Downloads List was last updated on Nov 2, 2025. Frequent updates are generally a positive security signal.

What is Simple Downloads List's security score?

Simple Downloads List has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Downloads List Security & Risk Analysis

wordpress.org/plugins/simple-downloads-list

Provide a list of downloads for your visitors - quick and easy. With download categories and mobile friendly design.

100 active installs v1.5.0 PHP 8.2+ WP 6.1+ Updated Nov 2, 2025

downloadsdownloads-listfilessimpletable

A · Safe

CVEs total2

Unpatched0

Last CVENov 7, 2025

Plugin page Download

Safety Verdict

Is Simple Downloads List Safe to Use in 2026?

Generally Safe

Score 98/100

Simple Downloads List has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 7, 2025Updated 5mo ago

Risk Assessment

The security posture of the "simple-downloads-list" plugin version 1.5.0 presents a mixed bag of good practices and areas of concern. On the positive side, the plugin boasts a relatively small attack surface with all identified entry points (AJAX handlers, REST API routes, and shortcodes) appearing to have authorization checks in place. Furthermore, there are no reported file operations or external HTTP requests, and no dangerous functions were identified. However, the static analysis reveals some significant weaknesses. A notable concern is the output escaping, with only 30% of outputs being properly escaped, leaving potential for Cross-Site Scripting (XSS) vulnerabilities. The presence of SQL queries where 50% are not using prepared statements also raises red flags for SQL injection risks. The vulnerability history is also a significant concern, with two medium-severity CVEs recorded, both related to Missing Authorization and SQL Injection. Although these are currently unpatched, the historical pattern suggests recurring vulnerabilities in these areas, indicating a need for more robust input validation and authorization mechanisms. The lack of taint analysis results is neither a positive nor a negative; it simply means that specific flows were not analyzed in this manner.

Key Concerns

Output escaping issues (30% properly escaped)
SQL queries without prepared statements (50%)
Historical vulnerability pattern: SQL Injection
Historical vulnerability pattern: Missing Authorization

Vulnerabilities

Simple Downloads List Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-12583medium · 6.4Missing Authorization

Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Nov 7, 2025 Patched in 1.5.0 (1d)

CVE-2024-13594medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Simple Downloads List <= 1.4.2 - Authenticated (Contributor+) SQL Injection

Jan 23, 2025 Patched in 1.4.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

Simple Downloads List Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared8 total queries

Output Escaping

30% escaped43 total outputs

Attack Surface

Simple Downloads List Attack Surface

Entry Points7

Unprotected0

REST API Routes 6

GET/wp-json/neofix-sdl/v1/alladmin\adminpanel_v3.php:62

POST/wp-json/neofix-sdl/v1/addadmin\adminpanel_v3.php:68

POST/wp-json/neofix-sdl/v1/editadmin\adminpanel_v3.php:74

POST/wp-json/neofix-sdl/v1/deleteadmin\adminpanel_v3.php:80

GET/wp-json/neofix-sdl/v1/editor-preview/blocks\sdl\download_block.php:33

GET/wp-json/neofix-sdl/v1/download-categories/blocks\sdl\download_block.php:42

Shortcodes 1

[neofix_sdl] lists\list_1\download_list_1.php:7

WordPress Hooks 7

actionrest_api_initadmin\adminpanel_v3.php:7

actionadmin_menuadmin\adminpanel_v3.php:8

actionadmin_enqueue_scriptsadmin\adminpanel_v3.php:9

actioninitblocks\sdl\download_block.php:12

actionrest_api_initblocks\sdl\download_block.php:13

actionplugins_loadedsetup\setup.php:7

actionadmin_noticessetup\setup.php:8

Maintenance & Trust

Simple Downloads List Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 2, 2025

PHP min version8.2

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Simple Downloads List Alternatives

WP-DownloadManager

wp-downloadmanager

Adds a simple download manager to your WordPress blog.

3K 10 CVEs

m1.DownloadList

m1downloadlist

This plugin easily displays the folders and files from a selected directory. It can be placed by shortcode in any post.

400 1 unpatched

s2member Secure File Uploader

s2member-secure-file-uploader

A s2member add-on that allows you to upload a file to the s2member-files/ secure directory and automatically insert a link into your post.

90 No CVEs

Download Manager MS

download-manager-ms

Download manager with multisite support. Stats charts, shortcodes for download buttons and forms, easy file uploads, and much more.

10 No CVEs

Product Table – Easy Digital Downloads

edd-product-table

A simple plugin that will help you build product table for Easy Digital Downloads

10 No CVEs

Developer Profile

Simple Downloads List Developer Profile

Neofix

1 plugin · 100 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Simple Downloads List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-downloads-list/dist/fontawesome/fontawesome-7.1.0/css/all.min.css/wp-content/plugins/simple-downloads-list/dist/admin/admin-styles.css/wp-content/plugins/simple-downloads-list/dist/admin/admin-scripts.js/wp-content/plugins/simple-downloads-list/dist/blocks/sdl/style-index.css

Script Paths

/wp-content/plugins/simple-downloads-list/dist/admin/admin-scripts.js

Version Parameters

/wp-content/plugins/simple-downloads-list/dist/fontawesome/fontawesome-7.1.0/css/all.min.css?ver=7.1.0/wp-content/plugins/simple-downloads-list/dist/admin/admin-styles.css?ver=/wp-content/plugins/simple-downloads-list/dist/admin/admin-scripts.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-wp-element

JS Globals

sdlRest

REST Endpoints

/wp-json/neofix-sdl/v1/all/wp-json/neofix-sdl/v1/add/wp-json/neofix-sdl/v1/edit/wp-json/neofix-sdl/v1/delete

Shortcode Output

[neofix_sdl]

FAQ