WP-Safety

Bulk Edit Easy Digital Downloads – Fast Bulk Creator Security & Risk Analysis

wordpress.org/plugins/wp-sheet-editor-edd-downloads

Modern Bulk Editor for EDD products and downloads, create and edit hundreds of users in a spreadsheet inside wp-admin. Quick edits.

90 active installs v1.0.79 PHP + WP 4.7+ Updated Jan 17, 2026
bulk-editeasy-digital-downloadseddspreadsheetspreadsheet-editor
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bulk Edit Easy Digital Downloads – Fast Bulk Creator Safe to Use in 2026?

Generally Safe

Score 100/100

Bulk Edit Easy Digital Downloads – Fast Bulk Creator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The plugin "wp-sheet-editor-edd-downloads" v1.0.79 exhibits a concerning security posture primarily due to its extensive unprotected entry points. While the code generally demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, the presence of 20 AJAX handlers without any authentication checks is a significant risk. This creates a wide attack surface where unauthenticated users could potentially interact with sensitive plugin functionality, leading to unexpected behavior or exploitation.

Taint analysis reveals 4 high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data could be processed insecurely. Although no critical severity taint flows were found, these high-severity flows warrant immediate investigation as they could lead to serious security breaches. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign. However, this cannot entirely mitigate the risks identified in the static analysis, especially the unprotected AJAX endpoints and high-severity taint flows.

In conclusion, while the plugin shows strengths in its SQL querying and output escaping, the lack of authorization on a significant number of AJAX handlers and the presence of high-severity unsanitized taint flows are major security weaknesses. The absence of past vulnerabilities is encouraging, but it is crucial to address these identified code-level risks to prevent future exploitation. A robust approach to securing these entry points is recommended.

Key Concerns

  • 20 AJAX handlers without auth checks
  • 4 high severity unsanitized taint flows
  • 11 flows with unsanitized paths
  • Only 2 capability checks found
  • Bundled Freemius v1.0 library (potential for outdated versions)
Vulnerabilities
None known

Bulk Edit Easy Digital Downloads – Fast Bulk Creator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Bulk Edit Easy Digital Downloads – Fast Bulk Creator Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
103 prepared
Unescaped Output
28
377 escaped
Nonce Checks
9
Capability Checks
2
File Operations
24
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

98% prepared105 total queries

Output Escaping

93% escaped405 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

15 flows11 with unsanitized paths
maybe_download_log_file (modules\wp-sheet-editor\inc\api\logger.php:30)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
20 unprotected

Bulk Edit Easy Digital Downloads – Fast Bulk Creator Attack Surface

Entry Points20
Unprotected20

AJAX Handlers 20

authwp_ajax_vgse_save_manual_column_resizemodules\columns-resizing\columns-resizing.php:17
authwp_ajax_vgse_update_columns_visibilitymodules\columns-visibility\columns-visibility.php:34
authwp_ajax_vgse_remove_columnmodules\columns-visibility\columns-visibility.php:35
authwp_ajax_vgse_restore_columnsmodules\columns-visibility\columns-visibility.php:36
authwp_ajax_vgse_delete_row_idsmodules\wp-sheet-editor\inc\ajax.php:643
authwp_ajax_vgse_dismiss_review_tipmodules\wp-sheet-editor\inc\ajax.php:644
authwp_ajax_vgse_notice_dismissmodules\wp-sheet-editor\inc\ajax.php:645
authwp_ajax_vgse_get_taxonomy_termsmodules\wp-sheet-editor\inc\ajax.php:646
authwp_ajax_vgse_load_datamodules\wp-sheet-editor\inc\ajax.php:647
authwp_ajax_vgse_save_gutenberg_contentmodules\wp-sheet-editor\inc\ajax.php:648
authwp_ajax_vgse_save_datamodules\wp-sheet-editor\inc\ajax.php:649
authwp_ajax_vgse_find_post_by_namemodules\wp-sheet-editor\inc\ajax.php:650
authwp_ajax_vgse_list_post_titlesmodules\wp-sheet-editor\inc\ajax.php:651
authwp_ajax_vgse_save_individual_postmodules\wp-sheet-editor\inc\ajax.php:652
authwp_ajax_vgse_insert_individual_postmodules\wp-sheet-editor\inc\ajax.php:653
authwp_ajax_vgse_search_taxonomy_termsmodules\wp-sheet-editor\inc\ajax.php:654
authwp_ajax_vgse_find_users_by_keywordmodules\wp-sheet-editor\inc\ajax.php:655
authwp_ajax_vgse_find_users_by_keyword_for_select2modules\wp-sheet-editor\inc\ajax.php:656
authwp_ajax_vgse_save_post_types_settingmodules\wp-sheet-editor\inc\ajax.php:657
authwp_ajax_vgse_set_settingsmodules\wp-sheet-editor\inc\ajax.php:658
WordPress Hooks 163
actionvg_sheet_editor/initializededd-downloads.php:105
actionadmin_initedd-downloads.php:106
actioninitedd-downloads.php:107
actionbefore_woocommerce_initedd-downloads.php:108
actionadmin_noticesedd-downloads.php:137
filtervg_sheet_editor/register_admin_pagesedd-downloads.php:143
actionvg_sheet_editor/initializedinc\sheet.php:35
filtervg_sheet_editor/provider/post/update_item_metainc\sheet.php:36
filtervg_sheet_editor/provider/post/get_item_metainc\sheet.php:42
filtervg_sheet_editor/serialized_addon/column_settingsinc\sheet.php:48
filtervg_sheet_editor/columns/blacklisted_columnsinc\sheet.php:54
filtervg_sheet_editor/options_page/optionsinc\sheet.php:60
filtervg_sheet_editor/infinite_serialized_column/column_settingsinc\sheet.php:61
filtervg_sheet_editor/infinite_serialized_column/existing_valueinc\sheet.php:67
filtervg_sheet_editor/infinite_serialized_column/update_valueinc\sheet.php:73
filtervg_sheet_editor/infinite_serialized_column/settingsinc\sheet.php:79
filtervg_sheet_editor/import/save_rows_argsinc\sheet.php:80
filtervg_sheet_editor/handsontable/custom_argsmodules\autofill-cells\autofill-cells.php:30
actionvg_sheet_editor/initializedmodules\autofill-cells\autofill-cells.php:51
actionvg_sheet_editor/after_enqueue_assetsmodules\columns-resizing\columns-resizing.php:15
filtervg_sheet_editor/handsontable/custom_argsmodules\columns-resizing\columns-resizing.php:16
filtervg_sheet_editor/columns/provider_itemsmodules\columns-resizing\columns-resizing.php:20
actionvg_sheet_editor/initializedmodules\columns-resizing\columns-resizing.php:109
actionadmin_initmodules\columns-visibility\columns-visibility.php:30
filtervg_sheet_editor/columns/all_itemsmodules\columns-visibility\columns-visibility.php:31
actionvg_sheet_editor/editor/before_initmodules\columns-visibility\columns-visibility.php:32
actionvg_sheet_editor/after_enqueue_assetsmodules\columns-visibility\columns-visibility.php:33
filtervg_sheet_editor/columns/blacklisted_columnsmodules\columns-visibility\columns-visibility.php:37
actionvg_sheet_editor/save_rows/before_saving_rowsmodules\columns-visibility\columns-visibility.php:38
filtervg_sheet_editor/columns/all_itemsmodules\columns-visibility\columns-visibility.php:247
actionvg_sheet_editor/initializedmodules\columns-visibility\columns-visibility.php:582
actionvg_sheet_editor/initializedmodules\factory.php:34
actionvg_sheet_editor/after_initmodules\factory.php:35
actionvg_sheet_editor/editor/register_columnsmodules\factory.php:94
actionvg_sheet_editor/editor/register_columnsmodules\factory.php:95
actionvg_sheet_editor/editor/register_columnsmodules\factory.php:96
actionvg_sheet_editor/editor/before_initmodules\factory.php:97
filtervg_sheet_editor/custom_columns/teaser/allow_to_lock_columnmodules\factory.php:98
filtervg_sheet_editor/custom_post_types/get_all_post_typesmodules\factory.php:104
filtervg_sheet_editor/custom_post_types/get_all_post_types_namesmodules\factory.php:105
filtervg_sheet_editor/allowed_post_typesmodules\factory.php:106
filtervg_sheet_editor/frontend/allowed_post_typesmodules\factory.php:107
filtervg_sheet_editor/api/all_post_typesmodules\factory.php:108
actionvg_sheet_editor/editor/before_initmodules\filters\filters.php:21
actionvg_sheet_editor/editor/before_initmodules\filters\filters.php:22
actionvg_sheet_editor/editor/before_initmodules\filters\filters.php:23
actionvg_sheet_editor/after_enqueue_assetsmodules\filters\filters.php:24
filtervg_sheet_editor/load_rows/wp_query_argsmodules\filters\filters.php:25
actionvg_sheet_editor/load_rows/after_processingmodules\filters\filters.php:26
filtervg_sheet_editor/handsontable/custom_argsmodules\filters\filters.php:28
filterposts_clausesmodules\filters\filters.php:29
filtervg_sheet_editor/js_datamodules\filters\filters.php:30
filtervg_sheet_editor/load_rows/wp_query_argsmodules\filters\filters.php:31
actionvg_sheet_editor/editor_page/after_editor_pagemodules\filters\filters.php:32
actionload-edit.phpmodules\filters\filters.php:34
actioncurrent_screenmodules\filters\filters.php:35
actionvg_sheet_editor/initializedmodules\filters\filters.php:716
filtervg_sheet_editor/modules/listmodules\init.php:15
actionplugins_loadedmodules\init.php:17
actionafter_uninstallmodules\init.php:111
filterplugin_iconmodules\init.php:112
filtershow_deactivation_feedback_formmodules\init.php:113
filteris_submenu_visiblemodules\init.php:115
filterget_user_metadatamodules\init.php:162
actionadmin_footermodules\wp-sheet-editor\inc\api\bootstrap.php:96
actionadmin_menumodules\wp-sheet-editor\inc\api\editor.php:37
filterheartbeat_settingsmodules\wp-sheet-editor\inc\api\editor.php:65
actionadmin_headmodules\wp-sheet-editor\inc\api\editor.php:68
actionvg_sheet_editor/render_editor_js_settingsmodules\wp-sheet-editor\inc\api\editor.php:69
actionadmin_enqueue_scriptsmodules\wp-sheet-editor\inc\api\editor.php:71
actionadmin_print_stylesmodules\wp-sheet-editor\inc\api\editor.php:72
actionadmin_initmodules\wp-sheet-editor\inc\api\editor.php:73
filterBetterLinks/Admin/skip_no_conflictmodules\wp-sheet-editor\inc\api\editor.php:78
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\api\infinite-serialized-field.php:25
filtervg_sheet_editor/woocommerce/variation_columnsmodules\wp-sheet-editor\inc\api\infinite-serialized-field.php:27
actionwpse_daily_cronmodules\wp-sheet-editor\inc\api\logger.php:302
actionwpse_daily_cronmodules\wp-sheet-editor\inc\api\logger.php:303
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\api\logger.php:306
actionvg_sheet_editor/editor/before_initmodules\wp-sheet-editor\inc\api\logger.php:307
actionwpse_daily_cronmodules\wp-sheet-editor\inc\api\queues.php:121
actionvg_sheet_editor/save_rows/before_saving_cellmodules\wp-sheet-editor\inc\api\serialized-field.php:38
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\api\serialized-field.php:40
filtervg_sheet_editor/formulas/sql_execution/can_executemodules\wp-sheet-editor\inc\api\serialized-field.php:42
filtervg_sheet_editor/woocommerce/variation_columnsmodules\wp-sheet-editor\inc\api\serialized-field.php:45
filtervgse_sheet_editor/provider/post/prefetch/meta_keysmodules\wp-sheet-editor\inc\api\serialized-field.php:47
filtervg_sheet_editor/load_rows/preload_datamodules\wp-sheet-editor\inc\api\serialized-field.php:48
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\api\tables-infinite-serialized-field.php:22
actionvg_sheet_editor/editor_page/after_contentmodules\wp-sheet-editor\inc\api\toolbar.php:170
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\integrations\elementor.php:17
actionvg_sheet_editor/save_rows/after_saving_postmodules\wp-sheet-editor\inc\integrations\elementor.php:18
filtervg_sheet_editor/duplicate/final_post_idmodules\wp-sheet-editor\inc\integrations\elementor.php:19
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\integrations\elementor.php:99
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\integrations\visual-composer.php:15
actionadmin_menumodules\wp-sheet-editor\inc\options-init.php:656
actionvg_sheet_editor/filters/after_fieldsmodules\wp-sheet-editor\inc\teasers\advanced-filters.php:28
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\advanced-filters.php:115
actionadmin_noticesmodules\wp-sheet-editor\inc\teasers\coupons.php:25
filtervg_sheet_editor/prepared_post_typesmodules\wp-sheet-editor\inc\teasers\coupons.php:26
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\coupons.php:104
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\teasers\custom-columns.php:27
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\custom-columns.php:103
actionvg_sheet_editor/editor_page/after_contentmodules\wp-sheet-editor\inc\teasers\formulas.php:25
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\formulas.php:107
actionvg_sheet_editor/editor/before_initmodules\wp-sheet-editor\inc\teasers\frontend.php:24
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\frontend.php:108
actionvg_sheet_editor/editor/before_initmodules\wp-sheet-editor\inc\teasers\post-types.php:37
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\post-types.php:172
filtervg_sheet_editor/prepared_post_typesmodules\wp-sheet-editor\inc\teasers\terms.php:27
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\terms.php:103
actionvg_sheet_editor/editor_page/after_console_textmodules\wp-sheet-editor\inc\teasers\upgrade-popup.php:28
actionvg_sheet_editor/editor_page/after_contentmodules\wp-sheet-editor\inc\teasers\upgrade-popup.php:29
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\upgrade-popup.php:121
actionadmin_noticesmodules\wp-sheet-editor\inc\teasers\users.php:24
filtervg_sheet_editor/prepared_post_typesmodules\wp-sheet-editor\inc\teasers\users.php:25
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\inc\teasers\users.php:99
filtervg_sheet_editor/allowed_post_typesmodules\wp-sheet-editor\inc\teasers\woocommerce.php:72
filtervg_sheet_editor/add_new_posts/create_new_postsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:73
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:74
actionvg_sheet_editor/editor/register_columnsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:75
filtervg_sheet_editor/custom_columns/teaser/allow_to_lock_columnmodules\wp-sheet-editor\inc\teasers\woocommerce.php:76
actionwoocommerce_variable_product_before_variationsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:77
actionvg_sheet_editor/editor_page/after_console_textmodules\wp-sheet-editor\inc\teasers\woocommerce.php:78
actionvg_sheet_editor/save_rows/after_saving_postmodules\wp-sheet-editor\inc\teasers\woocommerce.php:79
filtervg_sheet_editor/js_datamodules\wp-sheet-editor\inc\teasers\woocommerce.php:80
actionvg_sheet_editor/load_rows/found_postsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:82
actionvg_sheet_editor/load_rows/outputmodules\wp-sheet-editor\inc\teasers\woocommerce.php:89
actionvg_sheet_editor/load_rows/allowed_post_columnsmodules\wp-sheet-editor\inc\teasers\woocommerce.php:95
actionvg_sheet_editor/load_rows/outputmodules\wp-sheet-editor\inc\teasers\woocommerce.php:100
filterwoocommerce_product_variation_title_include_attributesmodules\wp-sheet-editor\inc\teasers\woocommerce.php:106
filterwoocommerce_composite_update_price_metamodules\wp-sheet-editor\inc\teasers\woocommerce.php:371
actionvg_sheet_editor/initializedmodules\wp-sheet-editor\inc\teasers\woocommerce.php:953
filterwoocommerce_allow_marketplace_suggestionsmodules\wp-sheet-editor\wp-sheet-editor.php:125
filtervg_sheet_editor/extensions/is_toolbar_allowedmodules\wp-sheet-editor\wp-sheet-editor.php:595
filtervg_sheet_editor/extensions/is_page_allowedmodules\wp-sheet-editor\wp-sheet-editor.php:596
actionadmin_menumodules\wp-sheet-editor\wp-sheet-editor.php:600
actionadmin_enqueue_scriptsmodules\wp-sheet-editor\wp-sheet-editor.php:601
actionadmin_footermodules\wp-sheet-editor\wp-sheet-editor.php:603
actionadd_meta_boxesmodules\wp-sheet-editor\wp-sheet-editor.php:604
actionadmin_enqueue_scriptsmodules\wp-sheet-editor\wp-sheet-editor.php:606
actionadmin_enqueue_scriptsmodules\wp-sheet-editor\wp-sheet-editor.php:607
actionadmin_initmodules\wp-sheet-editor\wp-sheet-editor.php:608
actionwp_dashboard_setupmodules\wp-sheet-editor\wp-sheet-editor.php:609
filterwp_kses_allowed_htmlmodules\wp-sheet-editor\wp-sheet-editor.php:610
filtervg_sheet_editor/use_rest_api_onlymodules\wp-sheet-editor\wp-sheet-editor.php:617
filtervg_sheet_editor/use_rest_api_onlymodules\wp-sheet-editor\wp-sheet-editor.php:621
filtervg_sheet_editor/register_admin_pagesmodules\wp-sheet-editor\wp-sheet-editor.php:629
filtervg_sheet_editor/bootstrap/settingsmodules\wp-sheet-editor\wp-sheet-editor.php:630
actionvg_sheet_editor/after_initmodules\wp-sheet-editor\wp-sheet-editor.php:634
actioncreated_termmodules\wp-sheet-editor\wp-sheet-editor.php:644
filterwp_update_term_datamodules\wp-sheet-editor\wp-sheet-editor.php:645
actiondelete_termmodules\wp-sheet-editor\wp-sheet-editor.php:646
actionuser_registermodules\wp-sheet-editor\wp-sheet-editor.php:647
actionvg_sheet_editor/on_uninstallmodules\wp-sheet-editor\wp-sheet-editor.php:648
actionadmin_page_access_deniedmodules\wp-sheet-editor\wp-sheet-editor.php:649
filterstateless_skip_cache_bustingmodules\wp-sheet-editor\wp-sheet-editor.php:652
actionadmin_initmodules\wp-sheet-editor\wp-sheet-editor.php:653
actionadmin_noticesmodules\wp-sheet-editor\wp-sheet-editor.php:655
actionactivated_pluginmodules\wp-sheet-editor\wp-sheet-editor.php:676
actionadmin_initmodules\wp-sheet-editor\wp-sheet-editor.php:677
actionwp_loadedmodules\wp-sheet-editor\wp-sheet-editor.php:1555
actionwpmodules\wp-sheet-editor\wp-sheet-editor.php:1558
actioninitmodules\wp-sheet-editor\wp-sheet-editor.php:1612
actionsetup_thememodules\wp-sheet-editor\wp-sheet-editor.php:1613

Scheduled Events 1

wpse_daily_cron
Maintenance & Trust

Bulk Edit Easy Digital Downloads – Fast Bulk Creator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 17, 2026
PHP min version
Downloads16K

Community Trust

Rating92/100
Number of ratings9
Active installs90
Alternatives

Bulk Edit Easy Digital Downloads – Fast Bulk Creator Alternatives

Bulk Edit Posts and Products in Spreadsheet

Bulk Edit Posts and Products in Spreadsheet

wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages

A
100

Modern Bulk Editor for Posts and Pages, create and edit hundreds of posts at once in a spreadsheet inside wp-admin. Search and quick edits.

9K No CVEs
Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor

Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor

bulk-edit-categories-tags

A
100

Modern Bulk Editor for Blog Categories and Tags, create and edit hundreds of categories in a spreadsheet inside wp-admin. Quick edits.

4K No CVEs
Bulk Edit Products for WooCommerce – WP Sheet Editor

Bulk Edit Products for WooCommerce – WP Sheet Editor

woo-bulk-edit-products

A
100

Modern Bulk Editor for WooCommerce products, create and edit hundreds of products in a spreadsheet inside wp-admin. No need to export/import

10K No CVEs
Bulk Edit and Create User Profiles – WP Sheet Editor

Bulk Edit and Create User Profiles – WP Sheet Editor

bulk-edit-user-profiles-in-spreadsheet

A
100

Modern Bulk Editor for Users and Profiles, create and edit hundreds of users in a spreadsheet inside wp-admin. Quick edits.

1K 1 CVE
Easy Digital Downloads Free Link

Easy Digital Downloads Free Link

easy-digital-downloads-free-link

A
100

replace EDD add-to-cart button with download link when product is free

1K No CVEs
Developer Profile

Bulk Edit Easy Digital Downloads – Fast Bulk Creator Developer Profile

Jose Vega

20 plugins · 30K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
258 days
View full developer profile
Detection Fingerprints

How We Detect Bulk Edit Easy Digital Downloads – Fast Bulk Creator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-sheet-editor-edd-downloads/assets/imgs/logo.svg
Version Parameters
wp-sheet-editor-edd-downloads/edd-downloads.php?ver=wp-sheet-editor-edd-downloads/modules/init.php?ver=wp-sheet-editor-edd-downloads/inc/freemius-init.php?ver=wp-sheet-editor-edd-downloads/inc/vg-plugin-sdk/vg-plugin-sdk.php?ver=

HTML / DOM Fingerprints

CSS Classes
wpse-notice
Data Attributes
data-vgse-editor
JS Globals
vg_sheet_editor_edd_downloads
FAQ

Frequently Asked Questions about Bulk Edit Easy Digital Downloads – Fast Bulk Creator