[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXTfVG3H5UUxELZElUY9LQWy92vTOR0tjZOmV3-EwWSs":3,"$fDKHGZvq-2-F_RZ3WwpLMCwzn57TO_Pbg2T1IpUlh4wQ":330,"$fFi-BdIqQ6Z52CzLYIkktGi_NrviZIB6m6QxV2Y1YYQI":334},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":38,"analysis":135,"fingerprints":311},"add-watermark","Add Watermarks","2.0.2","Michael Zangl","https:\u002F\u002Fprofiles.wordpress.org\u002Fmichaelzangl\u002F","\u003Cp>This plugin allows you to add a watermark images on all images that were uploaded in your wordpress. The watermark is generated on-the-fly and cached for faster access.\u003C\u002Fp>\n\u003Cp>To see the plugin in action, select “Add watermark to all images”, chose a watermark image and and submit the settings page. You should then see the watermark appearing on your site. You might need to reload the page (F5 in most browsers) to bypass the browser cache.\u003C\u002Fp>\n\u003Cp>The plugin does not change your source images. To disable all watermarks, simply disable the plugin, and everything is back to normal.\u003C\u002Fp>\n\u003Cp>If you encounter errors (especially syntax errors), check your PHP version. It should be at least 7.0. This plugin requires Apache and mod_rewrite.\u003C\u002Fp>\n","Adds watermarks to selected images without changing the original image.",40,11781,62,15,"2018-10-26T19:21:00.000Z","4.9.29","4.0.0","",[20,21,22],"htaccess","media","watermark","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-watermark.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"michaelzangl",2,2040,88,1,92,"2026-05-20T09:22:39.008Z",[39,62,81,98,115],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":18,"download_link":59,"security_score":60,"vuln_count":35,"unpatched_count":25,"last_vuln_date":61,"fetched_at":27},"easy-watermark","Easy Watermark","1.0.11","Wojtek Szałkiewicz","https:\u002F\u002Fprofiles.wordpress.org\u002Fszaleq\u002F","\u003Cp>Easy Watermark can automatically add watermark to images as they are uploaded to wordpress media library. You can also watermark existing images manually (all at once or an every single image). Watermark can be an image, text or both.\u003C\u002Fp>\n\u003Ch4>See the demo\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FxM_0Y0oX4o0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Plugin features\u003C\u002Fh4>\n\u003Cp>On one image you can have two watermarks! One of them can be text watermark and the other image watermark. You can control their position and size and apply them to your media independently.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Image watermark can be a JPG, PNG or GIF\u003C\u002Fli>\n\u003Cli>Full support for transparency and alpha chanel in PNG and GIF files\u003C\u002Fli>\n\u003Cli>JPG and GIF files and text can have opacity set (from 0 to 100%)\u003C\u002Fli>\n\u003Cli>Text watermark is created using ttf fonts\u003C\u002Fli>\n\u003Cli>Text color, size and rotation can be set\u003C\u002Fli>\n\u003Cli>All built-in image sizes can be watermarked (thumbnail, medium, large and fullsize) as well as all additional sizes registered by themes or plugins\u003C\u002Fli>\n\u003Cli>Plugin can create image backups and allows to easily restore images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Image watermark\u003C\u002Fh4>\n\u003Cp>Easy Watermark supports three most popular image formats for watermark: JPG, PNG and GIF. For JPG watermarks you can control the opacity as well.\u003C\u002Fp>\n\u003Cp>Watermark can be applied in on of the 9 positions on the image and you can controll the exact sizing of it.\u003C\u002Fp>\n\u003Ch4>Text watermark\u003C\u002Fh4>\n\u003Cp>Text watermark have a powerful feature of placeholders, which can be dynamically applied to the image. Ie. you can put the name of user who uploaded the image as well as the upload date. Watermark text will be automatically generated and applied.\u003C\u002Fp>\n\u003Cp>The plugin supports a few fonts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Arial\u003C\u002Fli>\n\u003Cli>Arial Black\u003C\u002Fli>\n\u003Cli>Comic Sans MS\u003C\u002Fli>\n\u003Cli>Courier New\u003C\u002Fli>\n\u003Cli>Georgia\u003C\u002Fli>\n\u003Cli>Impact\u003C\u002Fli>\n\u003Cli>Tahoma\u003C\u002Fli>\n\u003Cli>Times New Roman\u003C\u002Fli>\n\u003Cli>Trebuchet MS\u003C\u002Fli>\n\u003Cli>Verdana\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also place the text watermark in one of the 9 positions on the image, control the angle, color, opacity and size.\u003C\u002Fp>\n\u003Ch4>Custom development\u003C\u002Fh4>\n\u003Cp>BracketSpace – the company behind this plugin provides \u003Ca href=\"https:\u002F\u002Fbracketspace.com\u002Fcustom-development\u002F\" rel=\"nofollow ugc\">custom WordPress plugin development services\u003C\u002Fa>. We can create any custom plugin for you.\u003C\u002Fp>\n","Allows to add watermark to images automatically on upload or manually.",40000,669281,74,157,"2025-08-25T11:16:00.000Z","6.8.5","4.6","5.6",[56,21,57,58,22],"image","photo","picture","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-watermark.1.0.11.zip",99,"2019-02-25 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":35,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":18,"tags":76,"homepage":78,"download_link":79,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":80},"htaccess-secure-files","Htaccess Secure Files","0.5","isaacchapman","https:\u002F\u002Fprofiles.wordpress.org\u002Fisaacchapman\u002F","\u003Cp>\u003Cstrong>The Htaccess Secure Files plugin can only be activated on Apache web servers with mod_rewrite enabled, and will automatically raise an error upon activation if this is not the case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Htaccess Secure Files plugin allows for setting files to be accessible only to visitors who have a specified IP address or \u003Ca title=\"WordPress role or capbility\" href=\"https:\u002F\u002Fcodex.wordpress.org\u002FRoles_and_Capabilities\" rel=\"nofollow ugc\">WordPress role or capability\u003C\u002Fa>. By using \u003Ca title=\".htaccess files\" href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FHtaccess\" rel=\"nofollow ugc\">.htaccess files\u003C\u002Fa> to secure the content instead of a separate directory outside the web root, WordPress’s native media library functionality can be used to upload secure files and link to them from within the visual editor.\u003C\u002Fp>\n\u003Cp>By default all built-in WordPress roles will be allowed to access content that is marked as secure. The Settings -> Secure Files admin screen controls which roles, capabilities, and IP addresses are allowed to view or download secured files. If a custom role or capability is desired, there are several \u003Ca title=\"WordPress plugins\" href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsearch.php?q=roles+capabilities\" rel=\"ugc\">WordPress plugins\u003C\u002Fa> capable of creating and editing roles and capabilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Any visitor that matches any selected role, capability, or IP address will be allowed to access secured files.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin works by creating a .htaccess files in the directory of each secured file. If you manually edit the .htaccess file and it becomes corrupt (a 500 Internal Server Error is the most likely symptom), I recommend deleting the .htaccess file and then edit and save each secured item in the media library.\u003C\u002Fp>\n","Allows securing files in WP's media library to be only accessible to users with specific roles, capabilities, or IP addresses.",10,6432,100,"2012-06-08T07:14:00.000Z","3.3.2","3.2.1",[20,21,77],"secure","http:\u002F\u002Fisaacchapman.com\u002Fwordpress-plugins\u002Fhtaccess-secure-files\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtaccess-secure-files.0.5.zip","2026-04-06T09:54:40.288Z",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":70,"downloaded":89,"rating":25,"num_ratings":25,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":18,"download_link":97,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"ips-watermark","htaccess Watermark","0.1","ip4368","https:\u002F\u002Fprofiles.wordpress.org\u002Fip4368\u002F","\u003Cp>This plugin allows to add a watermark on the images uploaded.\u003C\u002Fp>\n\u003Cp>It make use of .htaccess, so all images that are uploaded or to be upload will all have the watermark. Your source images will not be affected, and after you delete\u002Fdeactivate your plugin, all watermark will disappear. This plugin also work with @2x images that use on retina display or high resolution screen devices.\u003C\u002Fp>\n\u003Cp>With this plugin, you may :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>change the size of the watermark proportion to the images width.\u003C\u002Fli>\n\u003Cli>change the opacity of the watermark, you are recommended to upload a png with solid color, as you may adjust the opacity after you upload.\u003C\u002Fli>\n\u003Cli>(soon)set the position of the watermark and the offset position.\u003C\u002Fli>\n\u003Cli>(soon)choose repetitive mode to display your watermark.\u003C\u002Fli>\n\u003Cli>(soon, but later)choose the path that images in that path will have watermark.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The watermark is only visible if you try to download\u002Fview the images from a web browser.\u003C\u002Fp>\n\u003Cp>You have to know that :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>you need to be able to create a htaccess file in your uploads directory.\u003C\u002Fli>\n\u003Cli>you need the GD library.\u003C\u002Fli>\n\u003Cli>works only with JPG\u002FJPEG\u002FPNG files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Available languages in :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows to add a watermark on your images uploaded.",2286,"2014-06-01T08:10:00.000Z","3.9.40","3.0.1",[94,95,96,58,22],"copyright","medias","photography","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fips-watermark.0.1.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":25,"downloaded":106,"rating":25,"num_ratings":25,"last_updated":107,"tested_up_to":52,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":113,"download_link":114,"security_score":72,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"aquamark","AquaMark","1.0.0","William Arin","https:\u002F\u002Fprofiles.wordpress.org\u002Fwilliarin\u002F","\u003Cp>AquaMark is a full-featured, professional solution for applying image watermarks to your media uploads.\u003Cbr \u002F>\nBuilt with a modern, robust architecture, it provides extensive control over the appearance and placement of your watermark, ensuring your brand is consistently represented across your site.\u003Cbr \u002F>\nThe plugin automatically uses the best available image processing library on your server (Imagick for quality, GD for compatibility) to deliver excellent results.\u003C\u002Fp>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Selectable Watermark Image\u003C\u002Fstrong>: Choose any image from your Media Library to use as a watermark.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Precise Positioning\u003C\u002Fstrong>: Place your watermark in any one of nine grid positions (top-left, middle-center, bottom-right, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fine-Tuned Offset\u003C\u002Fstrong>: Adjust the watermark’s final position with pixel (px) or percentage (%) based X and Y offsets.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Sizing\u003C\u002Fstrong>: Control the watermark’s size with pixel (px) or percentage (%) based width and height. Supports auto-scaling.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Opacity Control\u003C\u002Fstrong>: Set the transparency of your watermark from 0% (fully transparent) to 100% (fully opaque).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Blend Modes\u003C\u002Fstrong>: Go beyond simple overlays with Photoshop-like blend modes, including Normal, Multiply, Screen, and Overlay.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Target Specific Image Sizes\u003C\u002Fstrong>: Choose exactly which registered image sizes should receive the watermark (e.g., thumbnail, medium, large).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Driver Selection\u003C\u002Fstrong>: Automatically uses the best image library available (Imagick or GD), with a manual override option for advanced users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Destructive Action Warning\u003C\u002Fstrong>: The plugin warns you if you choose to apply the watermark to the ‘full’ size image, as this is a permanent, destructive action.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Regenerate Watermarks\u003C\u002Fstrong>: Easily apply new settings to existing images via a “Regenerate Watermarks” bulk action in the Media Library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Watermarks\u003C\u002Fstrong>: Remove watermarks from existing images via a “Remove Watermarks” bulk action in the Media Library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong>: Includes WordPress actions and filters for programmatic extension and customization.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern & Conflict-Free\u003C\u002Fstrong>: Built with modern PHP and scoped dependencies to prevent conflicts with other plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Cp>The plugin includes a variety of actions and filters for programmatic customization. For detailed documentation and code examples, please see the \u003Ccode>DEVELOPER.md\u003C\u002Fcode> file included with the plugin.\u003C\u002Fp>\n","Add a custom watermark to your images in the WordPress media library with powerful controls and blending modes.",277,"2025-09-04T04:14:00.000Z","6.0","8.1",[111,112,56,21,22],"branding","free","https:\u002F\u002Fgithub.com\u002Fwilliarin\u002Faquamark","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faquamark.1.0.0.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":25,"downloaded":123,"rating":72,"num_ratings":35,"last_updated":124,"tested_up_to":52,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":133,"download_link":134,"security_score":72,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":80},"guest-video-protection","Guest Video Protection – Copy Protect PDF & Video","1.5.0","ArtistScope","https:\u002F\u002Fprofiles.wordpress.org\u002Fartistscope\u002F","\u003Cp>The Guest Video Protection plugin enables the embedding of copy protected media. That media can include a comprehensive Guest Video page or media only, such as images, PDF and video. The Guest Video service also provides secure file hosting. In fact it is the only service of its kind… web hosting for copy protected web pages and media with secure file hosting included for images, PDF and video.\u003C\u002Fp>\n\u003Cp>Pages and media are most securely protected from all exploits including save, copy, screenshot and screen recording… and they can be viewd on all computers and devices including mobile phones.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin displays your media from a third party service provided by \u003Ca href=\"https:\u002F\u002Fguest.video\u002Fterms-conditions\u002F\" rel=\"nofollow ugc\">Guest Video\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Guest Video provides a most unique “copy protected web hosting” service, unique in that it is the only web hosting service to provide real copy protection. The copy protection begins at the Guest Video server hosting your media, creating a secure tunnel between that backend and your user’s device which can be a computer or mobile phone.\u003C\u002Fp>\n\u003Cp>However a point to note is that the ArtisBrowser is required to decrypt and view the content. While that may seem to be a disadvantage to those concerned about being popular, it is the reason that Guest Video copy protection is incomaparable to any other copy protection solution. ArtisBrowser makes real copy protection possible (preventing all copy and exploits) where all other browsers fail. Anyone looking for copy protection that works in popular browsers like Firefox or Chrome is wasting their time.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FkFKwQlPhbK4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>More Info\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>About \u003Ca href=\"https:\u002F\u002Fartistscope.com\u002Fcopy-protection.asp\" rel=\"nofollow ugc\">Copy Protection\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Licensing\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin is free to use. However it will require at least a Guest Video “DEMO” account to benefit from the special features.\u003C\u002Fli>\n\u003Cli>For a DEMO account visit \u003Ca href=\"https:\u002F\u002Fguest.video\u002Fjoin.asp\" rel=\"nofollow ugc\">Guest Video\u003C\u002Fa> for a 14-day free trial.\u003C\u002Fli>\n\u003Cli>The author can be contacted from their \u003Ca href=\"https:\u002F\u002Fartistscope.com\u002Fcopy-protected-file-hosting.asp\" rel=\"nofollow ugc\">Guest Video\u003C\u002Fa> page.\u003C\u002Fli>\n\u003C\u002Ful>\n","The most secure copy protection for images, video and PDF. Prevent save, screenshots, screen capture and screen recording.",931,"2025-10-05T00:19:00.000Z","5.7","7.0",[128,129,130,131,132],"copy-protect-pdf","copy-protect-video","copy-protect-web-page","copy-protection","watermark-media","https:\u002F\u002Fguest.video\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguest-video-protection.zip",{"attackSurface":136,"codeSignals":212,"taintFlows":295,"riskAssessment":296,"analyzedAt":310},{"hooks":137,"ajaxHandlers":200,"restRoutes":209,"shortcodes":210,"cronEvents":211,"entryPointCount":32,"unprotectedCount":32},[138,144,146,151,154,157,162,166,169,173,177,181,185,189,192,196],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_enqueue_scripts","closure","add-watermark.php",22,{"type":139,"name":140,"callback":141,"file":142,"line":145},30,{"type":139,"name":147,"callback":148,"priority":149,"file":142,"line":150},"wp_head","anonymous",8,37,{"type":139,"name":152,"callback":148,"priority":149,"file":142,"line":153},"admin_head",38,{"type":139,"name":155,"callback":148,"priority":149,"file":142,"line":156},"login_head",39,{"type":139,"name":158,"callback":159,"file":160,"line":161},"admin_init","loadPositionSettings","php\\add-watermark.php",72,{"type":139,"name":163,"callback":164,"file":160,"line":165},"admin_menu","registerMenu",75,{"type":139,"name":140,"callback":167,"file":160,"line":168},"scripts",76,{"type":170,"name":171,"callback":20,"file":160,"line":172},"filter","init",78,{"type":170,"name":174,"callback":175,"file":160,"line":176},"load-settings_page_add-watermark-menu","onSettingsLoad",80,{"type":170,"name":178,"callback":179,"file":160,"line":180},"manage_media_columns","addWatermarkColumn",82,{"type":170,"name":182,"callback":183,"file":160,"line":184},"manage_media_custom_column","outputWatermarkColumn",83,{"type":170,"name":186,"callback":187,"file":160,"line":188},"admin_footer-upload.php","outputAdminFooter",84,{"type":139,"name":190,"callback":191,"file":160,"line":24},"load-upload.php","doBulkAction",{"type":139,"name":193,"callback":194,"file":160,"line":195},"plugins_loaded","loadTextdomain",86,{"type":139,"name":197,"callback":198,"file":160,"line":199},"delete_attachment","removeAttachmentFromCache",89,[201,206],{"action":202,"nopriv":203,"callback":204,"hasNonce":203,"hasCapCheck":203,"file":160,"line":205},"watermark_image",false,"runAjax",898,{"action":202,"nopriv":207,"callback":204,"hasNonce":203,"hasCapCheck":203,"file":160,"line":208},true,899,[],[],[],{"dangerousFunctions":213,"sqlUsage":214,"outputEscaping":216,"fileOperations":293,"externalRequests":25,"nonceChecks":35,"capabilityChecks":25,"bundledLibraries":294},[],{"prepared":25,"raw":25,"locations":215},[],{"escaped":217,"rawEcho":150,"locations":218},12,[219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291],{"file":160,"line":13,"context":220},"raw output",{"file":160,"line":222,"context":220},183,{"file":160,"line":224,"context":220},184,{"file":160,"line":226,"context":220},185,{"file":160,"line":228,"context":220},186,{"file":160,"line":230,"context":220},187,{"file":160,"line":232,"context":220},188,{"file":160,"line":234,"context":220},364,{"file":160,"line":236,"context":220},365,{"file":160,"line":238,"context":220},380,{"file":160,"line":240,"context":220},382,{"file":160,"line":242,"context":220},402,{"file":160,"line":244,"context":220},412,{"file":160,"line":246,"context":220},415,{"file":160,"line":248,"context":220},417,{"file":160,"line":250,"context":220},419,{"file":160,"line":252,"context":220},421,{"file":160,"line":254,"context":220},423,{"file":160,"line":256,"context":220},434,{"file":160,"line":258,"context":220},437,{"file":160,"line":260,"context":220},439,{"file":160,"line":262,"context":220},441,{"file":160,"line":264,"context":220},443,{"file":160,"line":266,"context":220},445,{"file":160,"line":268,"context":220},465,{"file":160,"line":270,"context":220},467,{"file":160,"line":272,"context":220},469,{"file":160,"line":274,"context":220},477,{"file":160,"line":276,"context":220},479,{"file":160,"line":278,"context":220},481,{"file":160,"line":280,"context":220},483,{"file":160,"line":282,"context":220},498,{"file":160,"line":284,"context":220},501,{"file":160,"line":286,"context":220},531,{"file":160,"line":288,"context":220},604,{"file":160,"line":290,"context":220},686,{"file":160,"line":292,"context":220},784,11,[],[],{"summary":297,"deductions":298},"The 'add-watermark' plugin v2.0.2 exhibits a mixed security posture.  While it demonstrates good practices by avoiding dangerous functions, using prepared statements for SQL queries, and having no known historical vulnerabilities, significant concerns arise from its attack surface. The plugin exposes two AJAX handlers, both of which lack proper authentication checks. This creates a direct pathway for unauthenticated users to interact with potentially sensitive functionality, significantly increasing the risk of exploitation.  The lack of capability checks and the low percentage of properly escaped output further exacerbate these risks, suggesting potential for cross-site scripting (XSS) vulnerabilities if the exposed AJAX actions handle user-supplied data without sufficient sanitization and escaping.\n\nThe taint analysis showing zero flows with unsanitized paths is a positive indicator, suggesting that at least in the analyzed flows, sensitive data is handled with some degree of caution. However, this does not fully mitigate the risks posed by the unprotected AJAX endpoints. The complete absence of recorded CVEs is a strength, implying a history of stable and likely secure development.  Overall, the plugin's strength lies in its lack of historical issues and its safe SQL handling. Its primary weakness, and the most pressing concern, is the direct exposure of AJAX endpoints without any authentication or permission checks, which represents a substantial security vulnerability.",[299,301,304,307],{"reason":300,"points":70},"Unprotected AJAX handlers",{"reason":302,"points":303},"Low output escaping percentage",7,{"reason":305,"points":306},"No capability checks",5,{"reason":308,"points":309},"Single nonce check on two entry points",3,"2026-03-16T22:15:11.901Z",{"wat":312,"direct":321},{"assetPaths":313,"generatorPatterns":316,"scriptPaths":317,"versionParams":318},[314,315],"\u002Fwp-content\u002Fplugins\u002Fadd-watermark\u002Fassets\u002Fsettings.js","\u002Fwp-content\u002Fplugins\u002Fadd-watermark\u002Fassets\u002Fsettings.css",[],[314],[319,320],"add-watermark\u002Fassets\u002Fsettings.js?ver=","add-watermark\u002Fassets\u002Fsettings.css?ver=",{"cssClasses":322,"htmlComments":323,"htmlAttributes":324,"restEndpoints":326,"jsGlobals":327,"shortcodeOutput":329},[],[],[325],"id=\"wpp-add-watermark\"",[],[328],"window.addEventListener('load',",[],{"error":207,"url":331,"statusCode":332,"statusMessage":333,"message":333},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fadd-watermark\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":335,"versions":336},6,[337,343,350,357,364,371],{"version":6,"download_url":338,"svn_tag_url":339,"released_at":26,"has_diff":203,"diff_files_changed":340,"diff_lines":26,"trac_diff_url":341,"vulnerabilities":342,"is_current":207},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-watermark.2.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadd-watermark\u002Ftags\u002F2.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadd-watermark%2Ftags%2F2.0.1&new_path=%2Fadd-watermark%2Ftags%2F2.0.2",[],{"version":344,"download_url":345,"svn_tag_url":346,"released_at":26,"has_diff":203,"diff_files_changed":347,"diff_lines":26,"trac_diff_url":348,"vulnerabilities":349,"is_current":203},"2.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-watermark.2.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadd-watermark\u002Ftags\u002F2.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadd-watermark%2Ftags%2F2.0.0&new_path=%2Fadd-watermark%2Ftags%2F2.0.1",[],{"version":351,"download_url":352,"svn_tag_url":353,"released_at":26,"has_diff":203,"diff_files_changed":354,"diff_lines":26,"trac_diff_url":355,"vulnerabilities":356,"is_current":203},"2.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-watermark.2.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadd-watermark\u002Ftags\u002F2.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadd-watermark%2Ftags%2F1.2&new_path=%2Fadd-watermark%2Ftags%2F2.0.0",[],{"version":358,"download_url":359,"svn_tag_url":360,"released_at":26,"has_diff":203,"diff_files_changed":361,"diff_lines":26,"trac_diff_url":362,"vulnerabilities":363,"is_current":203},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-watermark.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadd-watermark\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadd-watermark%2Ftags%2F1.1&new_path=%2Fadd-watermark%2Ftags%2F1.2",[],{"version":365,"download_url":366,"svn_tag_url":367,"released_at":26,"has_diff":203,"diff_files_changed":368,"diff_lines":26,"trac_diff_url":369,"vulnerabilities":370,"is_current":203},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-watermark.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadd-watermark\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadd-watermark%2Ftags%2F1.0.0&new_path=%2Fadd-watermark%2Ftags%2F1.1",[],{"version":101,"download_url":372,"svn_tag_url":373,"released_at":26,"has_diff":203,"diff_files_changed":374,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":375,"is_current":203},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-watermark.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadd-watermark\u002Ftags\u002F1.0.0\u002F",[],[]]