WP-Safety

Easy Watermark Security & Risk Analysis

wordpress.org/plugins/easy-watermark

Allows to add watermark to images automatically on upload or manually.

40K active installs v1.0.11 PHP 5.6+ WP 4.6+ Updated Aug 25, 2025
imagemediaphotopicturewatermark
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 25, 2019
Download
Safety Verdict

Is Easy Watermark Safe to Use in 2026?

Generally Safe

Score 99/100

Easy Watermark has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 25, 2019Updated 7mo ago
Risk Assessment

The "easy-watermark" plugin v1.0.11 exhibits a concerning security posture primarily due to a large number of unprotected AJAX handlers. While the code demonstrates good practices in other areas, such as a high percentage of properly escaped output and the use of prepared statements for SQL queries, the 7 unprotected AJAX entry points represent a significant attack surface. Taint analysis revealed no critical or high severity flows, which is a positive sign, and there are no currently unpatched CVEs. However, the plugin's vulnerability history indicates a past high severity vulnerability related to missing authorization, and the current prevalence of unprotected AJAX handlers suggests a persistent pattern of not adequately securing entry points. The absence of bundled libraries and external HTTP requests are strengths. Overall, while the code quality in many aspects is good, the lack of authorization checks on a substantial portion of its AJAX functionality poses a considerable risk that could be exploited if malicious actors can trigger these handlers.

Key Concerns

  • 7 AJAX handlers without auth checks
  • 1 known high severity CVE (Missing Authorization)
Vulnerabilities
1

Easy Watermark Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-easy-watermarkhigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 0.7.1 (1793d)
Code Analysis
Analyzed Mar 16, 2026

Easy Watermark Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
11
219 escaped
Nonce Checks
8
Capability Checks
12
File Operations
7
External Requests
0
Bundled Libraries
0

SQL Query Safety

80% prepared5 total queries

Output Escaping

95% escaped230 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
ajax_preview_image (src\classes\Metaboxes\Watermark\Preview.php:91)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Easy Watermark Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 7

authwp_ajax_easy-watermark/apply_singlesrc\inc\hooks.php:24
authwp_ajax_easy-watermark/apply_allsrc\inc\hooks.php:25
authwp_ajax_easy-watermark/restore_backupsrc\inc\hooks.php:26
authwp_ajax_easy-watermark/autosavesrc\inc\hooks.php:27
authwp_ajax_easy-watermark/attachments-infosrc\inc\hooks.php:28
authwp_ajax_easy-watermark/tools/get-attachmentssrc\inc\hooks.php:68
authwp_ajax_easy-watermark/preview_imagesrc\inc\hooks.php:86
WordPress Hooks 75
actionadmin_initindex.php:11
actionadmin_noticessrc\bootstrap.php:55
actionplugins_loadedsrc\classes\Core\Plugin.php:77
actionplugins_loadedsrc\inc\hooks.php:12
actioninitsrc\inc\hooks.php:13
actioneasy-watermark/settings/registersrc\inc\hooks.php:14
actioneasy-watermark/settings/register/backupsrc\inc\hooks.php:15
actioneasy-watermark/placeholders/loadsrc\inc\hooks.php:16
actionpre-plupload-upload-uisrc\inc\hooks.php:17
actionadmin_noticessrc\inc\hooks.php:18
actioneasy-watermark/settings/register/generalsrc\inc\hooks.php:19
filterwp_get_attachment_image_srcsrc\inc\hooks.php:20
filterwp_calculate_image_srcsetsrc\inc\hooks.php:21
actioneasy-watermark/settings/register/generalsrc\inc\hooks.php:22
filterwp_calculate_image_srcset_metasrc\inc\hooks.php:23
actiondelete_attachmentsrc\inc\hooks.php:29
filterwp_generate_attachment_metadatasrc\inc\hooks.php:30
filterwp_prepare_attachment_for_jssrc\inc\hooks.php:31
filterbulk_actions-uploadsrc\inc\hooks.php:32
actioneasy-watermark/settings/register/generalsrc\inc\hooks.php:33
actionadmin_initsrc\inc\hooks.php:34
filterplugin_action_links_easy-watermark/easy-watermark.phpsrc\inc\hooks.php:35
actionparse_requestsrc\inc\hooks.php:36
actioninitsrc\inc\hooks.php:37
filterparent_filesrc\inc\hooks.php:38
actioncurrent_screensrc\inc\hooks.php:39
filterpost_updated_messagessrc\inc\hooks.php:40
filterbulk_post_updated_messagessrc\inc\hooks.php:41
actionuntrashed_postsrc\inc\hooks.php:42
actiondelete_postsrc\inc\hooks.php:43
actionwp_redirectsrc\inc\hooks.php:44
actionadmin_noticessrc\inc\hooks.php:45
filterpost_row_actionssrc\inc\hooks.php:46
filterbulk_actions-edit-watermarksrc\inc\hooks.php:47
filterscreen_options_show_screensrc\inc\hooks.php:48
actionedit_form_topsrc\inc\hooks.php:49
actionedit_form_after_titlesrc\inc\hooks.php:50
filterget_user_option_screen_layout_watermarksrc\inc\hooks.php:51
actionedit_form_topsrc\inc\hooks.php:52
filterpre_untrash_postsrc\inc\hooks.php:53
filterwp_insert_post_datasrc\inc\hooks.php:54
actionadmin_menusrc\inc\hooks.php:55
actionadmin_noticessrc\inc\hooks.php:56
actioneasy-watermark/dashboard/watermarks/noticessrc\inc\hooks.php:57
filtereasy-watermark/dashboard/watermarks/view-argssrc\inc\hooks.php:58
filtereasy-watermark/dashboard/tabssrc\inc\hooks.php:59
filtereasy-watermark/dashboard/settings/view-argssrc\inc\hooks.php:60
filtereasy-watermark/dashboard/tabssrc\inc\hooks.php:61
actionadmin_initsrc\inc\hooks.php:62
actioneasy-watermark/dashboard/permissions/noticessrc\inc\hooks.php:63
filtereasy-watermark/dashboard/permissions/view-argssrc\inc\hooks.php:64
filtereasy-watermark/dashboard/tabssrc\inc\hooks.php:65
actioneasy-watermark/dashboard/settings/noticessrc\inc\hooks.php:66
filtereasy-watermark/dashboard/tools/view-argssrc\inc\hooks.php:67
filtereasy-watermark/dashboard/tabssrc\inc\hooks.php:69
filteradmin_body_classsrc\inc\hooks.php:70
actionadmin_enqueue_scriptssrc\inc\hooks.php:71
actionadmin_enqueue_scriptssrc\inc\hooks.php:72
actionwp_enqueue_mediasrc\inc\hooks.php:73
actiondo_meta_boxessrc\inc\hooks.php:74
filterhidden_meta_boxessrc\inc\hooks.php:75
actiondo_meta_boxessrc\inc\hooks.php:76
filterhidden_meta_boxessrc\inc\hooks.php:77
actiondo_meta_boxessrc\inc\hooks.php:78
filterhidden_meta_boxessrc\inc\hooks.php:79
actiondo_meta_boxessrc\inc\hooks.php:80
filterhidden_meta_boxessrc\inc\hooks.php:81
actiondo_meta_boxessrc\inc\hooks.php:82
filterhidden_meta_boxessrc\inc\hooks.php:83
actiondo_meta_boxessrc\inc\hooks.php:84
filterhidden_meta_boxessrc\inc\hooks.php:85
actiondo_meta_boxessrc\inc\hooks.php:87
filterhidden_meta_boxessrc\inc\hooks.php:88
actiondo_meta_boxessrc\inc\hooks.php:89
filterhidden_meta_boxessrc\inc\hooks.php:90
Maintenance & Trust

Easy Watermark Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 25, 2025
PHP min version5.6
Downloads668K

Community Trust

Rating74/100
Number of ratings157
Active installs40K
Alternatives

Easy Watermark Alternatives

Product Watermark for WooCommerce

Product Watermark for WooCommerce

product-watermark-for-woocommerce

A
100

Allows you to add watermark to images that applied to products

2K No CVEs
Image Watermark WP

Image Watermark WP

image-watermark-wp

A
85

Image Watermark WP that protects your photos quickly!

600 No CVEs
Automatic Featured Image Posts

Automatic Featured Image Posts

automatic-featured-image-posts

A
85

Automatic Featured Image Posts creates a new post with a Featured Image every time an image is uploaded.

300 No CVEs
Next Watermark

Next Watermark

next-watermark

A
100

Next Watermark helps you easily add automatically text or/and image watermarks on your images (GIF, JPEG, PNG and WEBP formats supported)! Backup/rest &hellip;

300 No CVEs
htaccess Watermark

htaccess Watermark

ips-watermark

A
85

This plugin allows to add a watermark on your images uploaded.

10 No CVEs
Developer Profile

Easy Watermark Developer Profile

Wojtek Szałkiewicz

2 plugins · 42K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1793 days
View full developer profile
Detection Fingerprints

How We Detect Easy Watermark

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-watermark/assets/css/attachment-edit.css/wp-content/plugins/easy-watermark/assets/css/dashboard.css/wp-content/plugins/easy-watermark/assets/css/uploader.css/wp-content/plugins/easy-watermark/assets/css/media-library.css/wp-content/plugins/easy-watermark/assets/css/watermark-edit.css/wp-content/plugins/easy-watermark/assets/js/attachment-edit.js/wp-content/plugins/easy-watermark/assets/js/dashboard.js/wp-content/plugins/easy-watermark/assets/js/uploader.js+2 more
Script Paths
/wp-content/plugins/easy-watermark/assets/js/attachment-edit.js/wp-content/plugins/easy-watermark/assets/js/dashboard.js/wp-content/plugins/easy-watermark/assets/js/uploader.js/wp-content/plugins/easy-watermark/assets/js/media-library.js/wp-content/plugins/easy-watermark/assets/js/watermark-edit.js
Version Parameters
easy-watermark/assets/js/attachment-edit.js?ver=easy-watermark/assets/css/attachment-edit.css?ver=easy-watermark/assets/js/dashboard.js?ver=easy-watermark/assets/css/dashboard.css?ver=easy-watermark/assets/js/uploader.js?ver=easy-watermark/assets/css/uploader.css?ver=easy-watermark/assets/js/media-library.js?ver=easy-watermark/assets/css/media-library.css?ver=easy-watermark/assets/js/watermark-edit.js?ver=easy-watermark/assets/css/watermark-edit.css?ver=

HTML / DOM Fingerprints

CSS Classes
ew-new-form-style
Data Attributes
data-nonce
JS Globals
ewAdminEasyWatermark
FAQ

Frequently Asked Questions about Easy Watermark