Does WP Anything Downloader have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Anything Downloader have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Anything Downloader compatible with WordPress 5.9.13?

According to WordPress.org data, WP Anything Downloader 3.0.2 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is WP Anything Downloader updated?

WP Anything Downloader was last updated on Mar 22, 2022. Frequent updates are generally a positive security signal.

What is WP Anything Downloader's security score?

WP Anything Downloader has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Anything Downloader Security & Risk Analysis

wordpress.org/plugins/wp-anything-downloader

WP Anything Downloader

3K active installs v3.0.2 PHP + WP 3.5+ Updated Mar 22, 2022

direct-downloadtheme-downloader-plugin-downloaderwordpress-theme-and-plugin-download

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Anything Downloader Safe to Use in 2026?

Generally Safe

Score 85/100

WP Anything Downloader has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The wp-anything-downloader v3.0.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of identified dangerous functions, the exclusive use of prepared statements for SQL queries, and the proper escaping of all output are commendable practices that significantly reduce the risk of common vulnerabilities like SQL injection and cross-site scripting. Furthermore, the plugin has no recorded vulnerabilities, indicating a history of stable and secure development.

However, a key concern arises from the taint analysis which identified one flow with an unsanitized path. While no critical or high severity issues were flagged, this indicates a potential weakness in how the plugin handles file paths, which could be exploited for directory traversal or other file system attacks if not handled with extreme care by the developer. Additionally, the lack of capability checks on any entry points, though the attack surface is currently zero, suggests that if new entry points are added in the future, they might not be adequately secured against unauthorized access.

In conclusion, wp-anything-downloader v3.0.2 is largely secure, demonstrating good coding practices. The primary area of potential risk lies in the single identified unsanitized path flow and the lack of capability checks on potential future entry points. The absence of historical vulnerabilities is a positive indicator, but the identified taint flow warrants attention.

Key Concerns

Flow with unsanitized path identified
No capability checks on entry points

Vulnerabilities

None known

WP Anything Downloader Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Anything Downloader Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped1 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

wad_download (wp-anything-downloader.php:152)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Anything Downloader Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedwp-anything-downloader.php:13

filterplugin_action_linkswp-anything-downloader.php:23

filtertheme_action_linkswp-anything-downloader.php:25

actionadmin_footer-themes.phpwp-anything-downloader.php:27

Maintenance & Trust

WP Anything Downloader Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMar 22, 2022

PHP min version

Downloads43K

Community Trust

Rating100/100

Number of ratings2

Active installs3K

Alternatives

WP Anything Downloader Alternatives

Downloadify WP

downloadify-wp

Downloadify WP for WordPress Plugin And Theme Downloader.

100 No CVEs

Hide Real Download Path

hide-real-download-path

This plugin help to hide real download path of your files on server and allow file downloading using a common URL. Also maintain log of your downloads …

100 1 unpatched

Direct Download for WooCommerce

direct-download-for-woocommerce

100

Direct Download for WooCommerce allows customers to download virtual, downloadable, and free products directly from the product page.

40 No CVEs

Avenir-soft Direct Download

avenirsoft-directdownload

Download Button for WooCommerce Free, virtual and downloadable products.

10 1 unpatched

Developer Profile

WP Anything Downloader Developer Profile

vinit sharma

1 plugin · 3K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Anything Downloader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-anything-downloader/wp-anything-downloader.php

HTML / DOM Fingerprints

CSS Classes

download

Data Attributes

id="wp-downloader"id="tmpl-theme-single"

JS Globals

jQuery

FAQ