Does WP Downloader have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Downloader have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Downloader compatible with WordPress 4.1.42?

According to WordPress.org data, WP Downloader 2.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is WP Downloader updated?

WP Downloader was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is WP Downloader's security score?

WP Downloader has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Downloader Security & Risk Analysis

wordpress.org/plugins/wp-downloader

Allows to download plugins and themes installed on your site as a zip package, ready to install on another site.

2K active installs v2.0 PHP + WP 3.5+ Updated Nov 28, 2017

downloaddownloaderplugin-downloadzipzipper

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Downloader Safe to Use in 2026?

Generally Safe

Score 85/100

WP Downloader has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The static analysis of wp-downloader v2.0 indicates a generally good security posture. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and properly escaping all outputs. The presence of a nonce check and file operations are noted, but the taint analysis reveals one flow with unsanitized paths, which is a potential concern, although it was not categorized as critical or high severity. The plugin's vulnerability history is clean, with no recorded CVEs, suggesting a history of secure development and maintenance. However, the presence of even one unsanitized path flow warrants attention. Overall, the plugin appears robust, but the single taint flow indicates a minor area for improvement to achieve a completely secure state.

Key Concerns

Flow with unsanitized paths found

Vulnerabilities

None known

WP Downloader Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Downloader Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped1 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

wpd_download (wp-downloader.php:151)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Downloader Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedwp-downloader.php:12

filterplugin_action_linkswp-downloader.php:22

filtertheme_action_linkswp-downloader.php:24

actionadmin_footer-themes.phpwp-downloader.php:26

Maintenance & Trust

WP Downloader Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedNov 28, 2017

PHP min version

Downloads53K

Community Trust

Rating92/100

Number of ratings12

Active installs2K

Alternatives

WP Downloader Alternatives

WP Anything Downloader

wp-anything-downloader

WP Anything Downloader

3K No CVEs

Downloadify WP

downloadify-wp

Downloadify WP for WordPress Plugin And Theme Downloader.

100 No CVEs

Monster Downloader

monster-downloader

Monster Downloader is the best plugin for download plugin and themes.Perfect plugin for quickly downloading themes and plugins.

70 No CVEs

EZ-Downloader

ez-downloader

100

Install Plugin with URL

60 No CVEs

Prominent Manager

prominent-manager

100

Manage WordPress plugins with ease — download, back up, and (coming soon) roll back directly from your dashboard

0 No CVEs

Developer Profile

WP Downloader Developer Profile

Wojtek Szałkiewicz

2 plugins · 42K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1793 days

View full developer profile

Detection Fingerprints

How We Detect WP Downloader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-downloader/wp-downloader.php

HTML / DOM Fingerprints

CSS Classes

wp-downloader

Data Attributes

id="wp-downloader"

JS Globals

wpd_loadwpd_plugin_action_linkswpd_theme_action_linkswpd_scriptswpd_download

FAQ

WP Downloader Security & Risk Analysis

Is WP Downloader Safe to Use in 2026?

Generally Safe

Key Concerns

WP Downloader Security Vulnerabilities

WP Downloader Code Analysis

Output Escaping

Data Flow Analysis

WP Downloader Attack Surface

WP Downloader Maintenance & Trust

Maintenance Signals

Community Trust

WP Downloader Alternatives

WP Anything Downloader

Downloadify WP

Monster Downloader

EZ-Downloader

Prominent Manager

WP Downloader Developer Profile

How We Detect WP Downloader

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Downloader