WP-Safety

Premium Packages – Sell Digital Products Securely Security & Risk Analysis

wordpress.org/plugins/wpdm-premium-packages

Premium Packages is a free, full-featured WordPress eCommerce plugin to sell digital products easily and securely.

3K active installs v6.2.0 PHP + WP 5.3+ Updated Jan 2, 2026
digital-downloadsecommercesell-digital-productsshopping-cartwordpress-store
94
A · Safe
CVEs total9
Unpatched0
Last CVEAug 14, 2025
Plugin page Download
Safety Verdict

Is Premium Packages – Sell Digital Products Securely Safe to Use in 2026?

Generally Safe

Score 94/100

Premium Packages – Sell Digital Products Securely has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Aug 14, 2025Updated 3mo ago
Risk Assessment

The "wpdm-premium-packages" v6.2.0 plugin exhibits a mixed security posture. While it demonstrates some good practices, such as utilizing prepared statements for a significant portion of its SQL queries and implementing nonce and capability checks on some entry points, there are considerable concerns. The large attack surface, with 16 AJAX handlers and a concerning 10 of these lacking authentication checks, presents a significant risk of unauthorized access and potential exploitation. Furthermore, the presence of the `unserialize` function, a known source of vulnerabilities, coupled with a notable percentage of improperly escaped output, increases the susceptibility to various attacks.

Key Concerns

  • Unprotected AJAX handlers
  • Presence of unserialize function
  • Low percentage of properly escaped output
  • High severity taint flows
  • SQL queries without prepared statements
  • Historical medium severity vulnerabilities
Vulnerabilities
9

Premium Packages – Sell Digital Products Securely Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
5 CVEs in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
8

9 total CVEs

CVE-2025-54732medium · 4.3Cross-Site Request Forgery (CSRF)

WPDM – Premium Packages <= 6.0.2 - Cross-Site Request Forgery

Aug 14, 2025 Patched in 6.0.3 (5d)
CVE-2025-30991medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Packages <= 6.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2025 Patched in 6.0.7 (126d)
CVE-2025-24659medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Premium Packages <= 5.9.6 - Authenticated (Administrator+) SQL Injection

Jan 24, 2025 Patched in 5.9.7 (5d)
CVE-2024-11225medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg

Nov 21, 2024 Patched in 5.9.4 (4d)
CVE-2024-10164medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Packages - Sell Digital Products Securely <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link Shortcode

Nov 20, 2024 Patched in 5.9.4 (113d)
CVE-2024-52435medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Premium Packages <= 6.0.5 - Authenticated (Administrator+) SQL Injection

Nov 15, 2024 Patched in 6.0.6 (328d)
CVE-2024-7386medium · 4.3Cross-Site Request Forgery (CSRF)

Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery

Sep 24, 2024 Patched in 5.9.2 (1d)
CVE-2024-29924medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Packages <= 5.8.2 - Reflected Cross-Site Scripting

Mar 25, 2024 Patched in 5.8.3 (8d)
CVE-2023-4293high · 8.8Improper Privilege Management

Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation

Aug 11, 2023 Patched in 5.7.5 (165d)
Code Analysis
Analyzed Mar 16, 2026

Premium Packages – Sell Digital Products Securely Code Analysis

Dangerous Functions
14
Raw SQL Queries
39
28 prepared
Unescaped Output
1051
344 escaped
Nonce Checks
10
Capability Checks
12
File Operations
5
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$billing = unserialize($order->billing_info);includes\menus\templates\orders\list-order-renews.php:311
unserialize$billing = unserialize($order->billing_info);includes\menus\templates\orders\list-orders.php:310
unserialize$order->items = unserialize( $order->items );includes\menus\templates\orders\view-order.php:14
unserialize$total_coupon = wpdmpp_get_all_coupon( unserialize( $order->cart_data ) );includes\menus\templates\orders\view-order.php:27
unserialize$billing = unserialize( $order->billing_info );includes\menus\templates\orders\view-order.php:44
unserialize$billing_info_from_order = unserialize($order->billing_info);templates\invoices\default\invoice.php:62
unserialize$unit_prices = unserialize($order->unit_prices);templates\invoices\default\invoice.php:99
unserialize$sbilling = isset($order, $order->billing_info) ? unserialize($order->billing_info) : array();templates\partials\guest-order-billing-info.php:51
unserialize$cart_data = unserialize($order->cart_data);templates\partials\guest-order-details.php:27
unserialize$items = unserialize($order->items);templates\partials\user-orders-list.php:55
unserialize$billing_info_from_order = unserialize($order->billing_info);templates\wpdm-pp-invoice.php:62
unserialize$unit_prices = unserialize($order->unit_prices);templates\wpdm-pp-invoice.php:99
unserialize$billing_info = unserialize( $order->billing_info );wpdm-premium-packages.php:618
unserialize$items = array_keys( unserialize( $odata->cart_data ) );wpdm-premium-packages.php:712

SQL Query Safety

42% prepared67 total queries

Output Escaping

25% escaped1395 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

13 flows6 with unsanitized paths
freeDownload (wpdm-premium-packages.php:1363)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Premium Packages – Sell Digital Products Securely Attack Surface

Entry Points16
Unprotected10

AJAX Handlers 16

authwp_ajax_resolveorderwpdm-premium-packages.php:155
authwp_ajax_set_payment_method_for_orderwpdm-premium-packages.php:157
noprivwp_ajax_set_payment_method_for_orderwpdm-premium-packages.php:158
noprivwp_ajax_gettaxwpdm-premium-packages.php:160
authwp_ajax_gettaxwpdm-premium-packages.php:161
authwp_ajax_wpdmpp_cancel_subscriptionwpdm-premium-packages.php:163
authwp_ajax_product_sales_overviewwpdm-premium-packages.php:165
noprivwp_ajax_payment_optionswpdm-premium-packages.php:167
authwp_ajax_payment_optionswpdm-premium-packages.php:168
authwp_ajax_wpdmpp_update_withdraw_statuswpdm-premium-packages.php:170
authwp_ajax_wpdmpp_expire_orderswpdm-premium-packages.php:172
authwp_ajax_wpdmpp_email_payment_linkwpdm-premium-packages.php:174
authwp_ajax_wpdmpp_save_settingswpdm-premium-packages.php:181
authwp_ajax_wpdmpp_toggle_auto_renewwpdm-premium-packages.php:182
authwp_ajax_wpdmpp_toggle_manual_renewwpdm-premium-packages.php:183
authwp_ajax_wpdmpp_async_requestwpdm-premium-packages.php:184
WordPress Hooks 31
actionadmin_menuincludes\menus\AdminMenus.php:13
actionadmin_menuincludes\settings\wizard\class.SetupWizard.php:22
actionadmin_initincludes\settings\wizard\class.SetupWizard.php:23
actionwpincludes\widgets\widget-cart.php:13
actionupgrader_process_completewpdm-premium-packages.php:118
actionwpwpdm-premium-packages.php:120
actionwp_loginwpdm-premium-packages.php:122
actionwpdm-package-form-leftwpdm-premium-packages.php:124
filterwpdm_package_settings_tabswpdm-premium-packages.php:125
filteradd_wpdm_settings_tabwpdm-premium-packages.php:126
filterwpdm_privacy_settings_panelwpdm-premium-packages.php:127
actionwpdm_template_editor_menuwpdm-premium-packages.php:129
actionadmin_noticeswpdm-premium-packages.php:131
actioninitwpdm-premium-packages.php:134
actionwpdm_login_formwpdm-premium-packages.php:150
actionwpdm_register_formwpdm-premium-packages.php:151
actionwp_loginwpdm-premium-packages.php:152
actionuser_registerwpdm-premium-packages.php:153
actionwp_enqueue_scriptswpdm-premium-packages.php:176
actionadmin_enqueue_scriptswpdm-premium-packages.php:178
actionwp_loadedwpdm-premium-packages.php:185
actionwpdm_login_formwpdm-premium-packages.php:189
filterwpdm_meta_boxwpdm-premium-packages.php:192
filterwpdm_user_dashboard_menuwpdm-premium-packages.php:193
filterwpdm_after_prepare_package_datawpdm-premium-packages.php:195
filterwdm_before_fetch_templatewpdm-premium-packages.php:196
filterwpdm_download_linkwpdm-premium-packages.php:197
filterwpdm_check_lockwpdm-premium-packages.php:198
filterwpdm_single_file_download_linkwpdm-premium-packages.php:199
actioninitwpdm-premium-packages.php:203
actionadmin_noticeswpdm-premium-packages.php:1821
Maintenance & Trust

Premium Packages – Sell Digital Products Securely Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 2, 2026
PHP min version
Downloads383K

Community Trust

Rating76/100
Number of ratings4
Active installs3K
Alternatives

Premium Packages – Sell Digital Products Securely Alternatives

Easy Digital Downloads – Empty Cart

Easy Digital Downloads – Empty Cart

easy-digital-downloads-empty-cart

A
85

Easily add content to the empty cart display in Easy Digital Downloads.

90 No CVEs
Easy Digital Downloads – Continue Shopping

Easy Digital Downloads – Continue Shopping

easy-digital-downloads-continue-shopping

A
85

Adds a Continue Shopping link to the Easy Digital Downloads checkout cart.

70 No CVEs
Easy Digital Downloads – Clear Cart

Easy Digital Downloads – Clear Cart

easy-digital-downloads-clear-cart

A
85

Adds a Clear Cart link to the Easy Digital Downloads checkout cart.

20 No CVEs
WooCommerce

WooCommerce

woocommerce

A
87

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 42 CVEs
Ecwid by Lightspeed Ecommerce Shopping Cart

Ecwid by Lightspeed Ecommerce Shopping Cart

ecwid-shopping-cart

B
83

Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.

20K 13 CVEs
Developer Profile

Premium Packages – Sell Digital Products Securely Developer Profile

Shahjada

6 plugins · 116K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
769 days
View full developer profile
Detection Fingerprints

How We Detect Premium Packages – Sell Digital Products Securely

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpdm-premium-packages/assets/css/backend.css/wp-content/plugins/wpdm-premium-packages/assets/css/frontend.css/wp-content/plugins/wpdm-premium-packages/assets/css/animate.min.css/wp-content/plugins/wpdm-premium-packages/assets/css/bootstrap-theme.css/wp-content/plugins/wpdm-premium-packages/assets/css/bootstrap.min.css/wp-content/plugins/wpdm-premium-packages/assets/css/datepicker.css/wp-content/plugins/wpdm-premium-packages/assets/css/font-awesome.min.css/wp-content/plugins/wpdm-premium-packages/assets/css/jquery.dataTables.min.css+17 more
Generator Patterns
Premium Packages - Sell Digital Products Securely
Script Paths
/wp-content/plugins/wpdm-premium-packages/assets/js/backend.js/wp-content/plugins/wpdm-premium-packages/assets/js/bootstrap.min.js/wp-content/plugins/wpdm-premium-packages/assets/js/chart.min.js/wp-content/plugins/wpdm-premium-packages/assets/js/custom.js/wp-content/plugins/wpdm-premium-packages/assets/js/datepicker.js/wp-content/plugins/wpdm-premium-packages/assets/js/download-manager.js+6 more
Version Parameters
wpdm-premium-packages/assets/css/backend.css?ver=wpdm-premium-packages/assets/css/frontend.css?ver=wpdm-premium-packages/assets/css/animate.min.css?ver=wpdm-premium-packages/assets/css/bootstrap-theme.css?ver=wpdm-premium-packages/assets/css/bootstrap.min.css?ver=wpdm-premium-packages/assets/css/datepicker.css?ver=wpdm-premium-packages/assets/css/font-awesome.min.css?ver=wpdm-premium-packages/assets/css/jquery.dataTables.min.css?ver=wpdm-premium-packages/assets/css/jquery.mCustomScrollbar.min.css?ver=wpdm-premium-packages/assets/css/select2.css?ver=wpdm-premium-packages/assets/css/style.css?ver=wpdm-premium-packages/assets/css/sweet-alert.css?ver=wpdm-premium-packages/assets/js/backend.js?ver=wpdm-premium-packages/assets/js/bootstrap.min.js?ver=wpdm-premium-packages/assets/js/chart.min.js?ver=wpdm-premium-packages/assets/js/custom.js?ver=wpdm-premium-packages/assets/js/datepicker.js?ver=wpdm-premium-packages/assets/js/download-manager.js?ver=wpdm-premium-packages/assets/js/front-script.js?ver=wpdm-premium-packages/assets/js/jquery.dataTables.min.js?ver=wpdm-premium-packages/assets/js/jquery.mCustomScrollbar.concat.min.js?ver=wpdm-premium-packages/assets/js/script.js?ver=wpdm-premium-packages/assets/js/select2.js?ver=wpdm-premium-packages/assets/js/sweet-alert.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpdm-premium-packagewpdm-pp-cart-widgetwpdm-pp-cart-contentswpdm-pp-checkout-formwpdm-pp-order-detailswpdm-pp-add-to-cartwpdm-pp-product-pricewpdm-pp-coupon-form+2 more
HTML Comments
<!-- WPDMPP Settings --><!-- WPDMPP Premium Package Shortcodes --><!-- End WPDMPP Premium Package Shortcodes -->
Data Attributes
data-package-iddata-product-iddata-pricedata-currencydata-cart-urldata-checkout-url+2 more
JS Globals
wpdmpp_ajax_objectwpdmpp_cartwpdmpp_checkout
REST Endpoints
/wp-json/wpdmpp/v1/cart/wp-json/wpdmpp/v1/order/wp-json/wpdmpp/v1/payment
Shortcode Output
[wpdm_cart][wpdm_checkout][wpdm_order_details][wpdm_buy_now]
FAQ

Frequently Asked Questions about Premium Packages – Sell Digital Products Securely