WP-Safety

Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-digital-content-delivery-with-drm-flickrocket

Sales and rentals of (optionally DRM protected) digital content such as video (HD+SD), DVD, audio books, ebooks (epub and PDF) and packaged content

60 active installs v4.83 PHP + WP 3.0.1+ Updated Oct 22, 2025
audiocontentdrmebookvideo
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 6, 2025
Plugin page Download
Safety Verdict

Is Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 6, 2025Updated 5mo ago
Risk Assessment

The plugin "woocommerce-digital-content-delivery-with-drm-flickrocket" v4.83 exhibits a generally positive security posture, with most code signals indicating good development practices. The plugin has a very small attack surface with no apparent unprotected entry points. The vast majority of its output is properly escaped, and a high percentage of SQL queries utilize prepared statements, significantly reducing the risk of common web vulnerabilities like SQL injection. File operations and external HTTP requests are present, which are typical for such plugins, but are not flagged as a direct concern based on the provided data.

However, the analysis does reveal some concerning areas. Notably, there are zero nonce checks and zero capability checks across all analyzed code. This is a significant weakness, as it means that actions triggered by cron events or other internal processes could potentially be initiated by unauthorized users if an attacker can find a way to trigger them. The taint analysis, while not revealing critical or high severity issues, shows that all analyzed flows involve unsanitized paths, which could be a precursor to vulnerabilities if not handled carefully in future development or if specific inputs are not thoroughly validated.

The plugin's vulnerability history shows one known medium severity CVE, which has since been patched. While this is reassuring, the fact that a medium vulnerability existed, especially with the absence of capability checks, suggests that robust authorization checks are a potential area for improvement. In conclusion, while the plugin demonstrates good practices in areas like output escaping and prepared statements, the complete lack of nonce and capability checks, combined with the taint analysis findings, represents a notable risk that needs attention. The absence of these fundamental security controls is a significant concern.

Key Concerns

  • No nonce checks implemented
  • No capability checks implemented
  • All analyzed taint flows have unsanitized paths
  • 1 known medium CVE in vulnerability history
Vulnerabilities
1

Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-12438medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket <= 4.75 - Reflected Cross-Site Scripting

Jan 6, 2025 Patched in 4.76 (199d)
Code Analysis
Analyzed Mar 16, 2026

Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
3 prepared
Unescaped Output
3
136 escaped
Nonce Checks
0
Capability Checks
0
File Operations
11
External Requests
7
Bundled Libraries
0

SQL Query Safety

75% prepared4 total queries

Output Escaping

98% escaped139 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
flickrocket_my_account_redirect (includes\class.FlickrocketWoocommerce.php:337)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 45
filterwoocommerce_settings_tabs_arrayincludes\class.FlickrocketSettings.php:18
actionadd_meta_boxesincludes\class.FlickrocketWoocommerce.php:8
actionwoocommerce_product_options_general_product_dataincludes\class.FlickrocketWoocommerce.php:9
actionwoocommerce_process_product_metaincludes\class.FlickrocketWoocommerce.php:10
actionwoocommerce_product_after_variable_attributesincludes\class.FlickrocketWoocommerce.php:11
actionsave_postincludes\class.FlickrocketWoocommerce.php:12
actionwoocommerce_save_product_variationincludes\class.FlickrocketWoocommerce.php:13
filterproduct_type_optionsincludes\class.FlickrocketWoocommerce.php:14
filterpre_option_woocommerce_enable_guest_checkoutincludes\class.FlickrocketWoocommerce.php:15
actionwoocommerce_after_customer_login_formincludes\class.FlickrocketWoocommerce.php:16
actionwoocommerce_after_my_accountincludes\class.FlickrocketWoocommerce.php:17
actionwoocommerce_order_details_after_order_tableincludes\class.FlickrocketWoocommerce.php:18
actionwoocommerce_order_status_processingincludes\class.FlickrocketWoocommerce.php:19
actionwoocommerce_order_status_completedincludes\class.FlickrocketWoocommerce.php:20
actionwoocommerce_single_product_summaryincludes\class.FlickrocketWoocommerce.php:21
actionwoocommerce_email_after_order_tableincludes\class.FlickrocketWoocommerce.php:22
filterwoocommerce_login_redirectincludes\class.FlickrocketWoocommerce.php:23
filterparse_requestincludes\class.FlickrocketWoocommerce.php:24
filterwoocommerce_product_meta_endincludes\class.FlickrocketWoocommerce.php:25
actionwoocommerce_account_mycontent_endpointincludes\class.FlickrocketWoocommerce.php:27
filterwoocommerce_account_menu_itemsincludes\class.FlickrocketWoocommerce.php:28
actionadmin_post_nopriv_GetFrProductsincludes\class.FlickrocketWoocommerceSync.php:11
actionadmin_post_GetFrProductsincludes\class.FlickrocketWoocommerceSync.php:12
actionadmin_post_nopriv_GetWcProductsincludes\class.FlickrocketWoocommerceSync.php:15
actionadmin_post_GetWcProductsincludes\class.FlickrocketWoocommerceSync.php:16
actionadmin_post_nopriv_fr_product_syncincludes\class.FlickrocketWoocommerceSync.php:19
actionadmin_post_fr_product_syncincludes\class.FlickrocketWoocommerceSync.php:20
actionadmin_post_nopriv_fr_auto_product_syncincludes\class.FlickrocketWoocommerceSync.php:23
actionadmin_post_fr_auto_product_syncincludes\class.FlickrocketWoocommerceSync.php:24
actionsend_group_notificationincludes\class.GroupAccessNotification.php:39
filtercron_scheduleswoocommerce-flickrocket.php:40
actioninitwoocommerce-flickrocket.php:42
actionplugins_loadedwoocommerce-flickrocket.php:43
actionadmin_initwoocommerce-flickrocket.php:44
actionflickrocket_sync_hookwoocommerce-flickrocket.php:45
actionwoocommerce_get_settings_pageswoocommerce-flickrocket.php:46
actionwp_loginwoocommerce-flickrocket.php:47
actionadmin_noticeswoocommerce-flickrocket.php:48
actionadmin_post_nopriv_fr_oauth_callbackwoocommerce-flickrocket.php:50
actionadmin_post_fr_oauth_callbackwoocommerce-flickrocket.php:51
actionadmin_post_nopriv_flickrocket_product_redirectwoocommerce-flickrocket.php:53
actionadmin_post_flickrocket_product_redirectwoocommerce-flickrocket.php:54
actionadmin_menuwoocommerce-flickrocket.php:57
actionadmin_menuwoocommerce-flickrocket.php:59
actionbefore_woocommerce_initwoocommerce-flickrocket.php:61

Scheduled Events 1

flickrocket_sync_hook
Maintenance & Trust

Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedOct 22, 2025
PHP min version
Downloads16K

Community Trust

Rating52/100
Number of ratings10
Active installs60
Alternatives

Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce Alternatives

Miguel for WooCommerce

Miguel for WooCommerce

miguel

A
100

Sell watermarked e-books and audiobooks directly from your WooCommerce e-shop.

10 No CVEs
Tierra's Billboard Manager

Tierra's Billboard Manager

tierra-billboard-manager

A
85

The Tierra Billboard Manager plugin for WordPress offers a single, customizable "billboard panel" through which publishers can present image &hellip;

10 No CVEs
Prime Slider – Addons for Elementor

Prime Slider – Addons for Elementor

bdthemes-prime-slider-lite

A
95

Create responsive sliders using Elementor for hero sections, posts, logos, images, products, testimonials, and more.

100K 15 CVEs
The Ultimate Video Player For WordPress – by Presto Player

The Ultimate Video Player For WordPress – by Presto Player

presto-player

A
99

The Ultimate WordPress Video Player.

100K 2 CVEs
Mixed Media Gallery Blocks

Mixed Media Gallery Blocks

simply-gallery-block

A
92

Create mixed media galleries with images, HTML5 video, YouTube, Vimeo, and VideoPress — all in one gallery by Simply Gallery.

40K 7 CVEs
Developer Profile

Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce Developer Profile

FlickRocket

1 plugin · 60 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
199 days
View full developer profile
Detection Fingerprints

How We Detect Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-digital-content-delivery-with-drm-flickrocket/css/flickrocket.css
Script Paths
/wp-content/plugins/woocommerce-digital-content-delivery-with-drm-flickrocket/js/fr_public.js/wp-content/plugins/woocommerce-digital-content-delivery-with-drm-flickrocket/js/fr_custom.js
Version Parameters
woocommerce-digital-content-delivery-with-drm-flickrocket/css/flickrocket.css?ver=woocommerce-digital-content-delivery-with-drm-flickrocket/js/fr_public.js?ver=woocommerce-digital-content-delivery-with-drm-flickrocket/js/fr_custom.js?ver=

HTML / DOM Fingerprints

Data Attributes
fr_unlock
JS Globals
fr_options
FAQ

Frequently Asked Questions about Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce