Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin Security & Risk Analysis

wordpress.org/plugins/subscribe-to-download-lite

Capture subscribers right from your WordPress site by simply providing them freebies to download through email after successful subscription

400 active installs v1.3.0 PHP 7.0.0+ WP 5.0+ Updated Dec 8, 2025

downloadformsubscribesubscriptionsubscription-plugin

A · Safe

CVEs total2

Unpatched0

Last CVEMar 29, 2025

Plugin page Download

Safety Verdict

Is Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin Safe to Use in 2026?

Generally Safe

Score 97/100

Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 29, 2025Updated 3mo ago

Risk Assessment

The "subscribe-to-download-lite" v1.3.0 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling (80% prepared statements) and output escaping (83% proper), significant concerns arise from its attack surface and taint analysis. A substantial portion of its AJAX handlers (6 out of 6) lack authentication checks, creating a wide entry point for potential unauthorized actions. Furthermore, the taint analysis revealed one high-severity flow with unsanitized paths, indicating a risk of file inclusion vulnerabilities if user-controlled input is not properly validated before being used in file operations. The vulnerability history, though currently showing no unpatched CVEs, has a past of two high-severity "Improper Control of Filename for Include/Require Statement" vulnerabilities. This pattern suggests a recurring weakness in handling file-related operations, which, when combined with the static analysis findings, amplifies the risk.

Key Concerns

All AJAX handlers lack authentication checks
High severity unsanitized path taint flow detected
History of critical file inclusion vulnerabilities
Multiple entry points lack authorization checks

Vulnerabilities

Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

2 total CVEs

CVE-2025-30782high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Subscribe to Download Lite <= 1.2.9 - Authenticated (Subscriber+) Local File Inclusion

Mar 29, 2025 Patched in 1.3.0 (13d)

CVE-2025-30785high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Subscribe to Download Lite <= 1.2.9 - Authenticated (Contributor+) Local File Inclusion

Mar 27, 2025 Patched in 1.3.0 (8d)

Code Analysis

Analyzed Mar 16, 2026

Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

137 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared5 total queries

Output Escaping

83% escaped166 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths

initialize_downloader (inc\classes\class-stdl-downloader.php:12)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 6

authwp_ajax_stdl_settings_save_actioninc\classes\class-stdl-ajax-admin.php:17

noprivwp_ajax_stdl_settings_save_actioninc\classes\class-stdl-ajax-admin.php:18

authwp_ajax_stdl_subscriber_delete_actioninc\classes\class-stdl-ajax-admin.php:25

noprivwp_ajax_stdl_subscriber_delete_actioninc\classes\class-stdl-ajax-admin.php:26

authwp_ajax_stdl_form_process_actioninc\classes\class-stdl-ajax.php:12

noprivwp_ajax_stdl_form_process_actioninc\classes\class-stdl-ajax.php:13

Shortcodes 1

[subscribe_to_download_form] inc\classes\class-stdl-shortcode.php:9

WordPress Hooks 14

actionadmin_menuinc\classes\class-stdl-admin.php:9

actionadmin_footerinc\classes\class-stdl-admin.php:13

actionadmin_post_stdl_export_csvinc\classes\class-stdl-admin.php:17

actiontemplate_redirectinc\classes\class-stdl-downloader.php:9

actionwp_enqueue_scriptsinc\classes\class-stdl-enqueue.php:9

actionadmin_enqueue_scriptsinc\classes\class-stdl-enqueue.php:10

actiontemplate_redirectinc\classes\class-stdl-hooks.php:9

actioninitinc\classes\class-stdl-init.php:9

actionadd_meta_boxesinc\classes\class-stdl-metabox.php:9

actionsave_postinc\classes\class-stdl-metabox.php:10

actionadmin_initinc\classes\class-stdl-review.php:6

actionadmin_post_stdl_hide_review_noticeinc\classes\class-stdl-review.php:7

actionadmin_post_stdl_remind_later_review_noticeinc\classes\class-stdl-review.php:8

actionadmin_noticesinc\classes\class-stdl-review.php:34

Maintenance & Trust

Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 8, 2025

PHP min version7.0.0

Downloads19K

Community Trust

Rating60/100

Number of ratings4

Active installs400

Alternatives

Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin Alternatives

Download After Email – Subscribe & Download Form Plugin

download-after-email

Download After Email is a free Subscribe & Download plugin that allows you to gain subscribers by offering free downloads.

7K 1 unpatched

WP Subscription Forms – Subscription Form Plugin for WordPress

wp-subscription-forms

Create unlimited subscription forms effortlessly with our user-friendly tool. Collect subscribers directly in WP Backend and export them to CSV.

500 3 CVEs

Moptin – Email Subscription Optin form

moptin-email-subscription-optin-form

Moptin is an Email Subscription Optin Form WordPress Plugin.

10 No CVEs

Psmailer

psmailer

Ya puedes colocar de forma fácil un formulario para que tus visitantes se suscriban al newsletter.

10 No CVEs

Subscription Widget for SendGrid

subscription-widget-for-sendgrid

100

SG Widget is a Sendgrid Subscription Widget for collecting emails. Just add a shortcode to capture emails and store them in your Sendgrid Account.

0 No CVEs

Developer Profile

Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin Developer Profile

WP Shuffle

8 plugins · 4K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/subscribe-to-download-lite/fontawesome/css/all.min.css/wp-content/plugins/subscribe-to-download-lite/css/stdl-frontend.css/wp-content/plugins/subscribe-to-download-lite/css/stdl-preview.css/wp-content/plugins/subscribe-to-download-lite/css/stdl-custom.css/wp-content/plugins/subscribe-to-download-lite/css/stdl-backend.css

Script Paths

/wp-content/plugins/subscribe-to-download-lite/js/stdl-frontend.js/wp-content/plugins/subscribe-to-download-lite/js/stdl-backend.js

Version Parameters

subscribe-to-download-lite/fontawesome/css/all.min.css?ver=subscribe-to-download-lite/css/stdl-frontend.css?ver=subscribe-to-download-lite/css/stdl-preview.css?ver=subscribe-to-download-lite/css/stdl-custom.css?ver=subscribe-to-download-lite/js/stdl-frontend.js?ver=subscribe-to-download-lite/css/stdl-backend.css?ver=subscribe-to-download-lite/js/stdl-backend.js?ver=

HTML / DOM Fingerprints

CSS Classes

stdl-download-formstdl-email-fieldstdl-name-fieldstdl-submit-buttonstdl-button-primarystdl-subscriber-form-wrapperstdl-admin-wrapper

Data Attributes

data-stdl-id

JS Globals

stdl_frontend_objstdl_backend_obj

Shortcode Output

[subscribe_to_download_form]

FAQ