[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhTI-t2B-f91L3Lw23_H2S2DydbI5RPofZX9ivUxov8A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":5,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":118,"fingerprints":191},"wp-anything-downloader","WP Anything Downloader","3.0.2","vinit sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinit-sharma\u002F","\u003Cp>This plugin allows you to Direct download Any theme and plugin from wp admin panel. best plugin for download theme or plugin from wp-admin\u003C\u002Fp>\n\u003Cp>Perfect plugin  for direct download theme and plugin  with admin panel.\u003C\u002Fp>\n\u003Ch3>3.0.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>upgrade plugin for aws\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>3.0.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed a bug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>3.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed a bug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>2.0.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Security Updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>2.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed a bug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Display WP Anything Downloader\u003C\u002Fli>\n\u003C\u002Ful>\n",3000,42978,100,2,"2022-03-22T08:13:00.000Z","5.9.13","3.5","",[19,20,21],"direct-download","theme-downloader-plugin-downloader","wordpress-theme-and-plugin-download","https:\u002F\u002Fd3logics.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-anything-downloader.3.0.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"vinit-sharma",1,30,84,"2026-04-04T07:18:02.865Z",[36,54,76,96],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":12,"downloaded":44,"rating":12,"num_ratings":31,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":17,"tags":48,"homepage":17,"download_link":52,"security_score":53,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"downloadify-wp","Downloadify WP","1.0.1","Md Khorshed Alam","https:\u002F\u002Fprofiles.wordpress.org\u002Fkhorshedalamwp\u002F","\u003Cp>Downloadify WP is one of the most popular plugins for downloading plugins and themes in WordPress.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Download the plugin and theme with one click.\u003C\u002Fli>\n\u003C\u002Ful>\n","Downloadify WP for WordPress Plugin And Theme Downloader.",1836,"2025-01-06T05:18:00.000Z","6.7.5","6.2.2",[19,49,50,51],"downloader-wp","plugin-downloader","theme-downloader","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownloadify-wp.1.0.1.zip",92,{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":12,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":16,"requires_php":17,"tags":67,"homepage":72,"download_link":73,"security_score":74,"vuln_count":31,"unpatched_count":31,"last_vuln_date":75,"fetched_at":27},"hide-real-download-path","Hide Real Download Path","1.6","Deepak S","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeepaks\u002F","\u003Cp>Plugin helps you to hide real\u002Fdirect path of files hosted on your server for download and make your files secure from unauthorized download. It also maintains a log of all downloads done using it and provide capability to disallow direct linking (hot linking) to your files from other website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You can:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allow or restrict hotlink (direct download) of your files from other website\u002Fexternal links.\u003C\u002Fli>\n\u003Cli>Restrict ‘download only’ from link on your website\u003C\u002Fli>\n\u003Cli>View log of individual download\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It support multiple files extensions including:\u003Cbr \u002F>\nzip \u002F pdf \u002F doc \u002F xls \u002F ppt \u002F exe \u002F gif \u002F png \u002F jpg \u002F jpeg \u002F mp3 \u002F wav \u002F mpeg \u002F mpg \u002F mpe \u002F mov \u002F avi \u002F xlsx\u003C\u002Fp>\n\u003Cp>*\u003Cstrong>Step by step configuration guideline\u003C\u002Fstrong> in Settings sections of plugin after activation\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Version 1.5 changes:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Corrupt file bug fixed\u003Cbr \u002F>\n– Easy step by step guide added in admin to configure plugin\u003Cbr \u002F>\n– Generate Root path dynamically\u003Cbr \u002F>\n– Support for xlsx added\u003C\u002Fp>\n","This plugin help to hide real download path of your files on server and allow file downloading using a common URL. Also maintain log of your downloads …",10370,76,14,"2014-10-20T09:55:00.000Z","4.0.38",[68,69,55,70,71],"disable-direct-download","hide-download-path","hot-linking","secure-file","http:\u002F\u002Fxlab.biz\u002Fhide-download-path-of-file-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-real-download-path.zip",63,"2025-09-05 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":12,"num_ratings":31,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":17,"tags":89,"homepage":94,"download_link":95,"security_score":12,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"direct-download-for-woocommerce","Direct Download for WooCommerce","1.19","Kamalyon","https:\u002F\u002Fprofiles.wordpress.org\u002Fkamalyon\u002F","\u003Cp>This plugin allows customers to download virtual, downloadable, and free products directly from the product page without adding them to the cart. It’s perfect for stores that offer free digital downloads.\u003C\u002Fp>\n","Direct Download for WooCommerce allows customers to download virtual, downloadable, and free products directly from the product page.",40,740,"2025-11-28T19:13:00.000Z","6.9.4","4.0",[19,90,91,92,93],"download","free-products","virtual-products","woocommerce","https:\u002F\u002Fkamalyon.com\u002Fdirect-download-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdirect-download-for-woocommerce.1.19.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":66,"requires_at_least":109,"requires_php":17,"tags":110,"homepage":114,"download_link":115,"security_score":116,"vuln_count":31,"unpatched_count":31,"last_vuln_date":117,"fetched_at":27},"avenirsoft-directdownload","Avenir-soft Direct Download","1.0","Sahil-Ahlawat","https:\u002F\u002Fprofiles.wordpress.org\u002Fsahil-ahlawat\u002F","\u003Cp>Avenir-soft Direct Download give a download button for products which are virtual, free and downloadable.\u003C\u002Fp>\n","Download Button for WooCommerce Free, virtual and downloadable products.",10,2915,74,3,"2015-01-08T15:07:00.000Z","3.8",[19,90,111,112,113],"downloadable","woocommerce-download-button","wordpress-woocommerce","http:\u002F\u002Fwww.avenirsoft.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Favenirsoft-directdownload.zip",64,"2015-08-06 00:00:00",{"attackSurface":119,"codeSignals":145,"taintFlows":152,"riskAssessment":182,"analyzedAt":190},{"hooks":120,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":25,"unprotectedCount":25},[121,127,132,136],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","plugins_loaded","wad_load","wp-anything-downloader.php",13,{"type":128,"name":129,"callback":130,"priority":104,"file":125,"line":131},"filter","plugin_action_links","wad_plugin_action_links",23,{"type":128,"name":133,"callback":134,"priority":104,"file":125,"line":135},"theme_action_links","wad_theme_action_links",25,{"type":122,"name":137,"callback":138,"priority":139,"file":125,"line":140},"admin_footer-themes.php","wad_scripts",99,27,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":13,"externalRequests":25,"nonceChecks":31,"capabilityChecks":25,"bundledLibraries":151},[],{"prepared":25,"raw":25,"locations":148},[],{"escaped":31,"rawEcho":25,"locations":150},[],[],[153,172],{"entryPoint":154,"graph":155,"unsanitizedCount":31,"severity":171},"wad_download (wp-anything-downloader.php:152)",{"nodes":156,"edges":168},[157,162],{"id":158,"type":159,"label":160,"file":125,"line":161},"n0","source","$_GET",161,{"id":163,"type":164,"label":165,"file":125,"line":166,"wp_function":167},"n1","sink","header() [Header Injection]",206,"header",[169],{"from":158,"to":163,"sanitized":170},false,"medium",{"entryPoint":173,"graph":174,"unsanitizedCount":25,"severity":181},"\u003Cwp-anything-downloader> (wp-anything-downloader.php:0)",{"nodes":175,"edges":178},[176,177],{"id":158,"type":159,"label":160,"file":125,"line":161},{"id":163,"type":164,"label":165,"file":125,"line":166,"wp_function":167},[179],{"from":158,"to":163,"sanitized":180},true,"low",{"summary":183,"deductions":184},"The wp-anything-downloader v3.0.2 plugin exhibits a generally strong security posture based on the provided static analysis.  The absence of identified dangerous functions, the exclusive use of prepared statements for SQL queries, and the proper escaping of all output are commendable practices that significantly reduce the risk of common vulnerabilities like SQL injection and cross-site scripting.  Furthermore, the plugin has no recorded vulnerabilities, indicating a history of stable and secure development.  \n\nHowever, a key concern arises from the taint analysis which identified one flow with an unsanitized path. While no critical or high severity issues were flagged, this indicates a potential weakness in how the plugin handles file paths, which could be exploited for directory traversal or other file system attacks if not handled with extreme care by the developer.  Additionally, the lack of capability checks on any entry points, though the attack surface is currently zero, suggests that if new entry points are added in the future, they might not be adequately secured against unauthorized access. \n\nIn conclusion, wp-anything-downloader v3.0.2 is largely secure, demonstrating good coding practices. The primary area of potential risk lies in the single identified unsanitized path flow and the lack of capability checks on potential future entry points. The absence of historical vulnerabilities is a positive indicator, but the identified taint flow warrants attention.",[185,187],{"reason":186,"points":104},"Flow with unsanitized path identified",{"reason":188,"points":189},"No capability checks on entry points",5,"2026-03-16T18:20:56.752Z",{"wat":192,"direct":198},{"assetPaths":193,"generatorPatterns":195,"scriptPaths":196,"versionParams":197},[194],"\u002Fwp-content\u002Fplugins\u002Fwp-anything-downloader\u002Fwp-anything-downloader.php",[],[],[],{"cssClasses":199,"htmlComments":200,"htmlAttributes":201,"restEndpoints":204,"jsGlobals":205,"shortcodeOutput":207},[90],[],[202,203],"id=\"wp-downloader\"","id=\"tmpl-theme-single\"",[],[206],"jQuery",[]]