Does Image Watermark have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Image Watermark compatible with WordPress 6.9.4?

According to WordPress.org data, Image Watermark 2.0.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Image Watermark compatible with PHP 7.0+?

Image Watermark requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Image Watermark updated?

Image Watermark was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is Image Watermark's security score?

Image Watermark has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Image Watermark Security & Risk Analysis

wordpress.org/plugins/image-watermark

Secure and brand your images with automatic watermarks. Apply image or text overlays to new uploads and bulk process existing Media Library images wit …

40K active installs v2.0.9 PHP 7.0+ WP 6.0+ Updated Mar 9, 2026

imageimagesprotectionwatermarkwatermarking

A · Safe

CVEs total1

Unpatched0

Last CVEApr 5, 2024

Plugin page Download

Safety Verdict

Is Image Watermark Safe to Use in 2026?

Generally Safe

Score 100/100

Image Watermark has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 5, 2024Updated 2mo ago

Risk Assessment

The image-watermark plugin version 2.0.9 exhibits a generally good security posture with several positive indicators. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and a high percentage of properly escaped output are commendable practices. Furthermore, the plugin demonstrates a proactive approach to security with a significant number of nonce and capability checks, and no detected taint flows of critical or high severity.

However, a notable concern is the presence of one unprotected AJAX handler, which represents a direct entry point for potential unauthorized actions. While the plugin has a history of vulnerabilities, the absence of any currently unpatched CVEs and the fact that the single past vulnerability was of medium severity are encouraging signs. The plugin's primary historical vulnerability type being 'Missing Authorization' aligns with the static analysis finding of an unprotected AJAX handler.

In conclusion, the image-watermark plugin has strengths in its code hygiene and reliance on secure database practices. The main weakness lies in an exposed AJAX endpoint, which should be prioritized for remediation. The historical vulnerability data suggests a developer who addresses security issues, but also highlights a recurring area of concern regarding authorization checks.

Key Concerns

Unprotected AJAX handler present
One medium severity CVE in history

Vulnerabilities

1 published

Image Watermark Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-1994medium · 4.3Missing Authorization

Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

Apr 5, 2024 Patched in 1.7.4 (1d)

Version History

Image Watermark Release Timeline

v2.0.9Current

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.9.1

v1.9.0

v1.8.0.1

v1.8.0

v1.7.4

v1.7.31 CVE

v1.7.21 CVE

v1.7.11 CVE

v1.7.01 CVE

v1.6.61 CVE

Code Analysis

Analyzed Mar 16, 2026

Image Watermark Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

206 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped221 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

bulk_admin_notices (image-watermark.php:935)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Image Watermark Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 3

authwp_ajax_iw_watermark_bulk_actionimage-watermark.php:173

authwp_ajax_iw_text_previewimage-watermark.php:174

authwp_ajax_iw_dismiss_noticeimage-watermark.php:175

WordPress Hooks 31

actioninitimage-watermark.php:162

actionadmin_enqueue_scriptsimage-watermark.php:163

actionwp_enqueue_mediaimage-watermark.php:164

actionwp_enqueue_scriptsimage-watermark.php:165

actionload-upload.phpimage-watermark.php:166

actionadmin_initimage-watermark.php:167

actionadmin_initimage-watermark.php:168

actionadmin_initimage-watermark.php:169

actionadmin_initimage-watermark.php:170

actionadmin_noticesimage-watermark.php:171

actiondelete_attachmentimage-watermark.php:172

actionattachment_submitbox_misc_actionsimage-watermark.php:176

filterplugin_row_metaimage-watermark.php:180

filterwp_handle_uploadimage-watermark.php:181

filterattachment_fields_to_editimage-watermark.php:182

actionadmin_noticesimage-watermark.php:216

actionadmin_print_scriptsimage-watermark.php:592

actionadmin_noticesimage-watermark.php:595

actionadmin_menuincludes\class-settings-api.php:48

actionadmin_initincludes\class-settings-api.php:49

actionadmin_enqueue_scriptsincludes\class-settings-api.php:50

filterwp_redirectincludes\class-settings.php:23

filteriw_settings_pagesincludes\class-settings.php:26

filteriw_settings_dataincludes\class-settings.php:27

actioniw_settings_formincludes\class-settings.php:28

actioniw_settings_sidebarincludes\class-settings.php:29

actionadmin_initincludes\class-update.php:20

filterwp_generate_attachment_metadataincludes\class-upload-handler.php:101

filterwp_generate_attachment_metadataincludes\class-upload-handler.php:121

actionadmin_noticesincludes\class-upload-handler.php:212

actionadmin_noticesincludes\class-upload-handler.php:232

Maintenance & Trust

Image Watermark Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version7.0

Downloads1.1M

Community Trust

Rating82/100

Number of ratings259

Active installs40K

Alternatives

Image Watermark Alternatives

Watermark WP Image Protect

wp-image-protect

Watermark WP Image Protect is an on-the-fly image watermarking plugin for WordPress.

100 No CVEs

ImgMarkFactory

imgmarkfactory

Add professional watermarks to your images with real-time preview and drag-and-drop positioning. Support for both text and image watermarks.

0 No CVEs

Product Watermark for WooCommerce

product-watermark-for-woocommerce

100

Allows you to add watermark to images that applied to products

2K No CVEs

Photection – Easy image protection for WordPress

photection

With this plugin you can disable right click on your images with a custom message!

1K No CVEs

Ultimate Watermark – Protect Images with Professional Watermarks

ultimate-watermark

Automatically protect your images with professional watermarks. Add text or image watermarks to WordPress media uploads with advanced positioning.

1K 1 CVE

Developer Profile

Image Watermark Developer Profile

dFactory

12 plugins · 357K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

251 days

View full developer profile

Detection Fingerprints

How We Detect Image Watermark

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/image-watermark/assets/css/image-watermark-admin.css/wp-content/plugins/image-watermark/assets/css/image-watermark-frontend.css/wp-content/plugins/image-watermark/assets/js/image-watermark-admin.js/wp-content/plugins/image-watermark/assets/js/image-watermark-frontend.js/wp-content/plugins/image-watermark/assets/js/image-watermark-upload.js

Script Paths

/wp-content/plugins/image-watermark/assets/js/image-watermark-admin.js/wp-content/plugins/image-watermark/assets/js/image-watermark-frontend.js/wp-content/plugins/image-watermark/assets/js/image-watermark-upload.js

Version Parameters

image-watermark/assets/css/image-watermark-admin.css?ver=image-watermark/assets/css/image-watermark-frontend.css?ver=image-watermark/assets/js/image-watermark-admin.js?ver=image-watermark/assets/js/image-watermark-frontend.js?ver=image-watermark/assets/js/image-watermark-upload.js?ver=

HTML / DOM Fingerprints

CSS Classes

image-watermark-admin-wrapimage-watermark-bulk-form

HTML Comments

Image WatermarkImage Watermark SettingsImage Watermark Bulk ActionsImage Watermark Bulk Action Form

Data Attributes

data-iw_watermark_iddata-iw_action

JS Globals

ImageWatermarkAdminImageWatermarkFrontendImageWatermarkUploadiw_settings

FAQ

Image Watermark Security & Risk Analysis

Is Image Watermark Safe to Use in 2026?

Generally Safe

Key Concerns

Image Watermark Security Vulnerabilities

CVEs by Year

Severity Breakdown

Image Watermark Release Timeline

Image Watermark Code Analysis

Output Escaping

Data Flow Analysis

Image Watermark Attack Surface

AJAX Handlers 3

Image Watermark Maintenance & Trust

Maintenance Signals

Community Trust

Image Watermark Alternatives

Watermark WP Image Protect

ImgMarkFactory

Product Watermark for WooCommerce

Photection – Easy image protection for WordPress

Ultimate Watermark – Protect Images with Professional Watermarks

Image Watermark Developer Profile

How We Detect Image Watermark

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Image Watermark