WP-Safety

VKShop for Easy Digital Downloads Security & Risk Analysis

wordpress.org/plugins/vkshop-for-edd

Автоматическая синхронизация магазина на Easy Digital Downloads c разделом Товары ВКонтакте.

0 active installs v0.9 PHP + WP 4.4+ Updated Jul 10, 2019
easy-digital-downloadsvkvk-shopvkmarketvkontakte
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is VKShop for Easy Digital Downloads Safe to Use in 2026?

Generally Safe

Score 85/100

VKShop for Easy Digital Downloads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The vkshop-for-edd plugin v0.9 exhibits a concerning security posture due to a significant unprotected entry point. While the plugin demonstrates good practices in its SQL query handling, showing 100% prepared statement usage, and has no recorded vulnerability history, these strengths are overshadowed by its attack surface. The presence of an AJAX handler without any authentication or capability checks represents a direct pathway for potential unauthorized actions. Furthermore, the taint analysis indicates flows with unsanitized paths, suggesting that user-supplied data might not be properly validated before being processed, although no critical or high severity issues were identified in this analysis. The limited code signals also point to potential weaknesses, such as the use of the dangerous `create_function` and a low percentage of properly escaped output, which could lead to cross-site scripting vulnerabilities if user-controlled data is echoed without sufficient sanitization. The lack of any nonce checks on its AJAX endpoint further exacerbates the risk, as it leaves the entry point vulnerable to cross-site request forgery (CSRF) attacks. In conclusion, while the plugin's historical security record is clean and its SQL practices are commendable, the current version presents tangible risks due to its unprotected AJAX endpoint and potential for data sanitization and output escaping issues.

Key Concerns

  • AJAX handler without auth check
  • Unsanitized paths in taint analysis
  • Low percentage of properly escaped output
  • Use of dangerous create_function
  • No nonce checks on AJAX
Vulnerabilities
None known

VKShop for Easy Digital Downloads Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

VKShop for Easy Digital Downloads Release Timeline

v0.9Current
Code Analysis
Analyzed Apr 16, 2026

VKShop for Easy Digital Downloads Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
27
21 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function( '', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";'inc/wp-settings-api-class-edd.php:186

SQL Query Safety

100% prepared2 total queries

Output Escaping

44% escaped48 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
vks_vk_autorization (vks-admin.php:1173)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

VKShop for Easy Digital Downloads Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_vks_get_group_idinc/vkwp-api-edd.php:55
WordPress Hooks 44
actionadmin_enqueue_scriptsinc/wp-help-pointer-class-edd.php:57
actionadmin_headinc/wp-help-pointer-class-edd.php:58
actionadmin_enqueue_scriptsinc/wp-settings-api-class-edd.php:35
filterwpsapi_checklist_nameinc/wp-settings-api-class-edd.php:418
filterwpsapi_checklist_nameinc/wp-settings-api-class-edd.php:445
filterwpsapi_checklist_taxonomyinc/wp-settings-api-class-edd.php:446
actionadmin_menuvks-admin.php:9
actionadmin_initvks-admin.php:167
actionadmin_menuvks-admin.php:178
actionadmin_initvks-admin.php:295
actionadmin_menuvks-admin.php:305
actionadmin_initvks-admin.php:454
actionadmin_menuvks-admin.php:464
actionadmin_initvks-admin.php:662
actionadmin_menuvks-admin.php:672
actiondownload_category_add_form_fieldsvks-admin.php:750
actiondownload_category_edit_form_fieldsvks-admin.php:831
actioncreated_termvks-admin.php:853
actionedit_termvks-admin.php:854
filtermanage_edit-download_category_columnsvks-admin.php:863
filtermanage_download_category_custom_columnvks-admin.php:886
actionmanage_posts_custom_columnvks-admin.php:925
filtermanage_edit-download_columnsvks-admin.php:935
filtermanage_edit-download_sortable_columnsvks-admin.php:944
actionadmin_initvks-admin.php:1064
actionadmin_menuvks-admin.php:1076
actionadmin_initvks-admin.php:1189
actionadmin_footervks-admin.php:1269
actionedit_form_after_titlevks-admin.php:1288
actionpost_submitbox_misc_actionsvks-admin.php:1330
actionpost_submitbox_misc_actionsvks-admin.php:1355
actionsave_postvks-admin.php:1374
filtervks_add_productvks-export.php:485
filtervks_add_product_descriptionvks-export.php:530
actiontransition_post_statusvks-export.php:598
filtervks_transition_post_status_addvks-export.php:616
filtervks_transition_post_status_deletevks-export.php:635
filtervks_add_productvks-export.php:659
filteredd_duplicate_product_exclude_metavks-functions.php:148
actionadmin_noticesvkshop-for-edd.php:51
actionadmin_initvkshop-for-edd.php:52
actionadmin_initvkshop-for-edd.php:135
actionadmin_headvkshop-for-edd.php:211
actionadmin_enqueue_scriptsvkshop-for-edd.php:249
Maintenance & Trust

VKShop for Easy Digital Downloads Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedJul 10, 2019
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

VKShop for Easy Digital Downloads Alternatives

Events Tracker for Elementor

Events Tracker for Elementor

events-tracker-for-elementor

A
92

Track Click or Submit events and conversions for any Elementor widget with Google Analytics, Facebook, Yandex Metrika, Vkontakte.

10K No CVEs
Meks Easy Social Share

Meks Easy Social Share

meks-easy-social-share

A
92

Easily display social share buttons for your posts, pages and custom post types. Supports Facebook, Twitter, Reddit, Pinterest, Email, Google+, Linked …

10K 1 CVE
Social Comments by Heateor

Social Comments by Heateor

heateor-social-comments

A
100

Integrate Facebook Comments, Vkontakte Comments and/or Disqus Comments along with default comment form at your website

700 1 CVE
Import VK

Import VK

import-vk

A
92

Importing VKontakte (vk.com) posts into your WordPress site.

300 No CVEs
VKontakte

VKontakte

vkontakte

A
85

The plugin adds a wide range of VKontakte functionality to your site.

300 No CVEs
Developer Profile

VKShop for Easy Digital Downloads Developer Profile

Aleksandr

6 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect VKShop for Easy Digital Downloads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vkshop-for-edd/css/vkshop-for-edd.css/wp-content/plugins/vkshop-for-edd/js/vkshop-for-edd.js/wp-content/plugins/vkshop-for-edd/inc/wp-settings-api-class-edd.php/wp-content/plugins/vkshop-for-edd/inc/wp-help-pointer-class-edd.php/wp-content/plugins/vkshop-for-edd/inc/vkwp-api-edd.php/wp-content/plugins/vkshop-for-edd/vks-functions.php/wp-content/plugins/vkshop-for-edd/vks-export.php/wp-content/plugins/vkshop-for-edd/vks-admin.php
Script Paths
wp-content/plugins/vkshop-for-edd/js/vkshop-for-edd.js
Version Parameters
vkshop-for-edd/css/vkshop-for-edd.css?ver=vkshop-for-edd/js/vkshop-for-edd.js?ver=

HTML / DOM Fingerprints

CSS Classes
vksvks-boxvks-boxx
Data Attributes
data-targetdata-iddata-screendata-titledata-contentdata-position
JS Globals
WP_Help_Pointer_Edd
FAQ

Frequently Asked Questions about VKShop for Easy Digital Downloads