WP-Safety

Wechat download 付费下载 Security & Risk Analysis

wordpress.org/plugins/wechat-shop-download

文章付费下载,VIP会员下载,会员VIP购买,支持个人微信H5支付,个人支付宝H5支付

200 active installs v1.1.0 PHP + WP 4.0+ Updated Sep 14, 2022
pay-downloadwechatweixin%e5%be%ae%e4%bf%a1%e6%94%af%e4%bb%98%e5%ae%9d
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Wechat download 付费下载 Safe to Use in 2026?

Generally Safe

Score 85/100

Wechat download 付费下载 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "wechat-shop-download" plugin v1.1.0 exhibits a mixed security posture. On the positive side, all identified entry points (shortcodes and cron events) appear to be protected by capability checks and nonce checks are present in some parts of the code. Furthermore, all SQL queries utilize prepared statements, which is a strong defense against SQL injection. The plugin also demonstrates proper use of capability checks (8 instances) and nonce checks (5 instances). However, there are significant concerns flagged by the static analysis. The presence of dangerous functions like `shell_exec` and `ini_set` is a red flag, as these can be exploited for remote code execution or server configuration manipulation if not handled with extreme care. The high percentage of flows with unsanitized paths (21 out of 22 analyzed) and a critical taint flow is a major concern, indicating a high likelihood of path traversal or other file system manipulation vulnerabilities. The output escaping is also a weakness, with only 43% of outputs being properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities.

The plugin's vulnerability history is currently clean, with no recorded CVEs. While this is positive, it doesn't negate the risks identified in the static analysis. The lack of historical vulnerabilities could simply mean the plugin hasn't been extensively audited or targeted. The presence of dangerous functions and a high number of unsanitized path flows are significant risk factors that require immediate attention despite the absence of documented CVEs.

Key Concerns

  • High percentage of unsanitized paths
  • Use of dangerous functions (shell_exec, ini_set)
  • Low percentage of properly escaped output
  • Critical severity taint flow
Vulnerabilities
None known

Wechat download 付费下载 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Wechat download 付费下载 Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Wechat download 付费下载 Code Analysis

Dangerous Functions
7
Raw SQL Queries
0
99 prepared
Unescaped Output
978
740 escaped
Nonce Checks
5
Capability Checks
8
File Operations
33
External Requests
8
Bundled Libraries
1

Dangerous Functions Found

shell_execshell_exec("convert $tempj $tempp");includes/captcha/CaptchaBuilder.php:366
shell_exec$value = trim(strtolower(shell_exec("ocrad $tempp")));includes/captcha/CaptchaBuilder.php:367
ini_setini_set('memory_limit','128M');includes/shop/class-wshop-ajax.php:1350
ini_setini_set('display_errors', 'On');init.php:17
ini_setini_set('memory_limit','128M');init.php:481
ini_set@ini_set('memory_limit', WP_MAX_MEMORY_LIMIT);install/abstract-xh-install.php:61
ini_seterror_reporting(E_ALL); ini_set('display_errors', '1');install/abstract-xh-install.php:409

Bundled Libraries

Select2

SQL Query Safety

100% prepared99 total queries

Output Escaping

43% escaped1718 total outputs
Data Flows · Security
21 unsanitized

Data Flow Analysis

22 flows21 with unsanitized paths
<abstract-xh-settings> (includes/abstracts/abstract-xh-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Wechat download 付费下载 Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[wshop_download_link] add-ons/download/init.php:257
WordPress Hooks 67
filterwshop_order_download_received_urladd-ons/download/init.php:248
filterwshop_admin_menu_menu_default_modaladd-ons/download/init.php:249
filterwshop_online_post_typesadd-ons/download/init.php:260
filterwshop_order_download_email_receivedadd-ons/download/init.php:262
filterwshop_membership_fieldsadd-ons/download/init.php:287
filterwshop_admin_menu_menu_default_modaladd-ons/reward/abstract_xh_add_nos_api.php:24
filterwshop_shortcodesadd-ons/reward/abstract_xh_add_nos_api.php:30
filterwshop_membership_discount_enabledadd-ons/reward/abstract_xh_add_nos_api.php:38
filterwshop_order_reward_received_urladd-ons/reward/abstract_xh_add_nos_api.php:46
actionwp_dashboard_setupadd-ons/sales-statistics/init.php:44
filterwshop_admin_menu_menu_default_checkoutadd-ons/wpopen-alipay/init.php:66
filterwshop_paymentsadd-ons/wpopen-alipay/init.php:71
actionrest_api_initadd-ons/wpopen-alipay/init.php:76
filterwshop_admin_menu_menu_default_checkoutadd-ons/wpopen-wechat/init.php:151
filterwshop_paymentsadd-ons/wpopen-wechat/init.php:156
actionrest_api_initadd-ons/wpopen-wechat/init.php:161
filterwshop_admin_menu_menu_default_checkoutadd-ons/xunhupay-alipay/init.php:90
filterwshop_paymentsadd-ons/xunhupay-alipay/init.php:95
actionrest_api_initadd-ons/xunhupay-alipay/init.php:100
filterwshop_admin_menu_menu_default_checkoutadd-ons/xunhupay-wechat/init.php:93
filterwshop_paymentsadd-ons/xunhupay-wechat/init.php:98
actionrest_api_initadd-ons/xunhupay-wechat/init.php:103
actionadmin_initincludes/abstracts/abstract-xh-fields.php:14
actionadmin_menuincludes/admin/class-wshop-admin.php:69
actionadmin_headincludes/admin/class-wshop-admin.php:70
actionwpincludes/class-xh-session-handler.php:182
actionshutdownincludes/class-xh-session-handler.php:183
actionshutdownincludes/class-xh-session-handler.php:184
filterwp_mail_failedincludes/shop/class-wshop-email.php:102
filterhttp_headers_useragentincludes/shop/class-wshop-hooks.php:16
actionadmin_print_footer_scriptsincludes/shop/class-wshop-hooks.php:19
filterwshop_order_order_orderedincludes/shop/class-wshop-hooks.php:20
actionadmin_print_footer_scriptsincludes/shop/class-wshop-hooks.php:21
actionsave_postincludes/shop/class-wshop-hooks.php:29
actionwp_print_footer_scriptsincludes/shop/class-wshop-hooks.php:30
actionxunhuweb_cronincludes/shop/class-wshop-hooks.php:37
actionwshop_register_activation_hookincludes/shop/class-wshop-hooks.php:40
filtertheme_page_templatesincludes/shop/class-wshop-page.php:10
filterpage_template_hierarchyincludes/shop/class-wshop-page.php:11
filtertemplate_includeincludes/shop/class-wshop-page.php:12
actionwshop_flush_rewrite_rulesincludes/shop/class-wshop-query.php:32
actionwshop_flush_rewrite_rulesincludes/shop/class-wshop-query.php:33
filterwshop_checkout_options_3includes/shop/class-wshop-query.php:35
actioninitincludes/shop/class-wshop-query.php:37
actioninitincludes/shop/class-wshop-query.php:38
filterdocument_title_partsincludes/shop/class-wshop-query.php:41
filterwp_title_partsincludes/shop/class-wshop-query.php:43
filterquery_varsincludes/shop/class-wshop-query.php:46
actionparse_requestincludes/shop/class-wshop-query.php:47
actioninitinit.php:160
actioninitinit.php:161
actionimport_endinit.php:162
actioninitinit.php:163
actioninitinit.php:164
actioninitinit.php:165
actionafter_setup_themeinit.php:166
actionrest_api_initinit.php:167
actionadmin_enqueue_scriptsinit.php:169
actionwp_enqueue_scriptsinit.php:170
actioninitinit.php:337
actionwshop_after_initinit.php:338
filterwshop_shortcodesinit.php:339
actioninitinit.php:340
actionwshop_flush_rewrite_rulesinit.php:341
actionxunhuweb_croninit.php:342
actionwshop_after_initinit.php:343
actionactivated_plugininstall/abstract-xh-install.php:23

Scheduled Events 1

xunhuweb_cron
Maintenance & Trust

Wechat download 付费下载 Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.0
Last updatedSep 14, 2022
PHP min version
Downloads27K

Community Trust

Rating100/100
Number of ratings7
Active installs200
Alternatives

Wechat download 付费下载 Alternatives

[凹凸曼]一键微信登录

[凹凸曼]一键微信登录

apoyl-weixin

A
100

这是一款实现微信互联一键登录网站,让用户不在繁琐去注册用户,一键实现微信登录,可以让电脑版网站扫描登录和手机微信登录,多个公众号,甚至以后需要移动APP应用微信登录,统一用户账号的需求,极大的方便用户登录网站.

20 No CVEs
Wenprise WeChatPay Payment Gateway For WooCommerce

Wenprise WeChatPay Payment Gateway For WooCommerce

wenprise-wechatpay-checkout-for-woocommerce

A
92

WeChat payment gateway for WooCommerce, WooCommerce 微信免费全功能支付网关。

400 No CVEs
WP Weixin

WP Weixin

wp-weixin

A
92

WordPress WeChat integration

400 No CVEs
[凹凸曼]微信分享有图-WeChat Page Sharing

[凹凸曼]微信分享有图-WeChat Page Sharing

apoyl-weixinshare

A
100

这是一款解决在微信里首页、文章、单页等页面(如post, page, attachment, revision, menu)分享到朋友或朋友圈,图标无法显示,描述更改为部分文章内容或者文章摘要. This is a solution to share to Chat or share on Mome &hellip;

200 No CVEs
导入微信文章 (Import Articles from WeChat)

导入微信文章 (Import Articles from WeChat)

import-articles-from-wechat

A
100

A simple yet powerful tool to import articles from WeChat Official Accounts into your WordPress site, including all content and images.

100 No CVEs
Developer Profile

Wechat download 付费下载 Developer Profile

xunhuweb

4 plugins · 240 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wechat download 付费下载

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wechat-shop-download/assets/css/frontend.css/wp-content/plugins/wechat-shop-download/assets/js/frontend.js
Script Paths
/wp-content/plugins/wechat-shop-download/assets/js/frontend.js
Version Parameters
wechat-shop-download/assets/css/frontend.css?ver=wechat-shop-download/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wshop-payment-dialog
Data Attributes
wshop_product_id
JS Globals
wshop_frontend_params
REST Endpoints
/wp-json/wshop-payment/v1/wxpay
FAQ

Frequently Asked Questions about Wechat download 付费下载