WP-Safety

Ninja Forms Signature Contract Add-On Security & Risk Analysis

wordpress.org/plugins/ninja-signature-contract-forms-add-on

Instantly produce a legally enforceable & court recognized contract from a Ninja Form submission. Signature Pad Contracts. Proposals.

400 active installs v3.1.8.3 PHP + WP 4.5+ Updated Jan 8, 2026
contractdigital-signatureninja-forms-e-signaturesninja-forms-signaturesig
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ninja Forms Signature Contract Add-On Safe to Use in 2026?

Generally Safe

Score 100/100

Ninja Forms Signature Contract Add-On has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The ninja-signature-contract-forms-add-on plugin, version 3.1.8.3, exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and a clean taint analysis report are significant strengths, indicating a lack of actively exploited or severe vulnerabilities in the past. The plugin also demonstrates good practices such as utilizing prepared statements for the majority of its SQL queries and implementing capability checks. However, there are areas for improvement that introduce minor risks. The presence of the `unserialize` function, while not directly exploited in the analyzed flows, is a known potential source of vulnerabilities if not handled with extreme caution and sanitization. Additionally, a notable portion of output is not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if malicious data is allowed into these outputs. The limited number of entry points and the fact that they all appear to have authentication checks are positive indicators of a secure design.

Key Concerns

  • Presence of unserialize function
  • Significant portion of outputs not properly escaped
Vulnerabilities
None known

Ninja Forms Signature Contract Add-On Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ninja Forms Signature Contract Add-On Code Analysis

Dangerous Functions
5
Raw SQL Queries
1
6 prepared
Unescaped Output
138
117 escaped
Nonce Checks
2
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$dataArray = unserialize(WP_E_Sig()->meta->get($documentId, 'esig_ninja_submission_value'));includes\esig-nf-settings.php:200
unserialize$dataList = unserialize($calculations[0]);includes\esig-nf-settings.php:206
unserializeif (($result = @unserialize($value)) === false) {includes\esig-nf-settings.php:620
unserialize$data = unserialize($dataArray);includes\esig-nf-settings.php:658
unserializereturn unserialize($value[0]);includes\esig-nf-settings.php:665

SQL Query Safety

86% prepared7 total queries

Output Escaping

46% escaped255 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
esig_ninja_form_fields (admin\esig-nfds-admin.php:368)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Ninja Forms Signature Contract Add-On Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_esig_ninja_form_fieldsadmin\esig-nfds-admin.php:54
authwp_ajax_esig_ninja_ratting_widget_removeadmin\rating-widget\esign-rating-widget.php:43

Shortcodes 1

[esigninja] admin\esig-nfds-admin.php:66
WordPress Hooks 34
actionadmin_noticesadmin\about\autoload.php:27
actionesig_admin_noticesadmin\about\autoload.php:29
actionin_admin_headeradmin\about\autoload.php:84
actionadmin_menuadmin\about\includes\esig-about-load.php:30
actionadmin_noticesadmin\about\views\autoload.php:27
actionesig_admin_noticesadmin\about\views\autoload.php:29
actionin_admin_headeradmin\about\views\autoload.php:79
actionadmin_enqueue_scriptsadmin\esig-nfds-admin.php:46
filternf_notification_typesadmin\esig-nfds-admin.php:48
filteresig_sif_buttons_filteradmin\esig-nfds-admin.php:49
filteresig_text_editor_sif_menuadmin\esig-nfds-admin.php:50
filteresig_admin_more_document_contentsadmin\esig-nfds-admin.php:52
actionadmin_initadmin\esig-nfds-admin.php:62
actionadmin_menuadmin\esig-nfds-admin.php:64
filtershow_sad_invite_linkadmin\esig-nfds-admin.php:69
filteresig_invite_not_sentadmin\esig-nfds-admin.php:70
filterninja_forms_display_before_formadmin\esig-nfds-admin.php:72
filterninja_forms_display_before_formadmin\esig-nfds-admin.php:74
actionesig_signature_loadedadmin\esig-nfds-admin.php:77
actionesig_agreement_after_displayadmin\esig-nfds-admin.php:78
filteresig_document_title_filteradmin\esig-ninja-filters.php:17
filteresig_strip_shortcodes_tagnamesadmin\esig-ninja-filters.php:18
filteresig_document_clone_render_contentadmin\esig-ninja-filters.php:21
filterninja_forms_save_formadmin\nf-admin-controller.php:21
actionesig_admin_noticesadmin\rating-widget\esign-rating-widget.php:40
actionadmin_enqueue_scriptsadmin\rating-widget\esign-rating-widget.php:41
actionadmin_enqueue_scriptsadmin\rating-widget\esign-rating-widget.php:42
actioninitincludes\esig-nfds.php:49
actionadmin_initincludes\esig-nfds.php:50
actionplugins_loadedninja-forms-digital-signature.php:45
actionplugins_loadedninja-forms-digital-signature.php:46
filterninja_forms_register_actionsninja-forms-digital-signature.php:58
actionplugins_loadedninja-forms-digital-signature.php:70
actionplugins_loadedninja-forms-digital-signature.php:73
Maintenance & Trust

Ninja Forms Signature Contract Add-On Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 8, 2026
PHP min version
Downloads42K

Community Trust

Rating100/100
Number of ratings3
Active installs400
Alternatives

Ninja Forms Signature Contract Add-On Alternatives

NEX-Forms ADD ON – Digital Signatures

NEX-Forms ADD ON – Digital Signatures

nex-forms-digital-signatures-add-on

A
100

Easily add Digital / E-Signature fields to your forms. Capture signatures with submissions and automatically include them in emails and PDF exports.

700 No CVEs
Easy Digital Downloads Digital Signature

Easy Digital Downloads Digital Signature

edd-digital-signature-add-on

A
100

Automatically require your Easy Digital Downloads customers to sign a legally binding contract before downloading your product. Easy to Use.

80 No CVEs
Smart Agreements

Smart Agreements

smart-agreements

A
95

The smart agreements plugin helps to create a agreement/contract and digital signature

20 1 CVE
Digital Signature For Contact Form 7

Digital Signature For Contact Form 7

digital-signature-for-contact-form-7

A
100

Contact Form 7 Signature Addon making autographs of people who want to get an E-signature in the system. We build too easy to access and use for users …

5K No CVEs
Signature Add-On for Gravity Forms

Signature Add-On for Gravity Forms

gravity-signature-forms-add-on

A
99

Automatically generate a legally binding & court recognized contract from a Gravity Forms submission. Proposals. Time sheets. Contracts.

1K 1 CVE
Developer Profile

Ninja Forms Signature Contract Add-On Developer Profile

approveme

10 plugins · 4K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
15 days
View full developer profile
Detection Fingerprints

How We Detect Ninja Forms Signature Contract Add-On

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ninja-signature-contract-forms-add-on/assets/css/esig-about-alert.css/wp-content/plugins/ninja-signature-contract-forms-add-on/assets/images/pen_icon.svg
Version Parameters
ninja-signature-contract-forms-add-on/includes/esig-nf-functions.php?ver=ninja-signature-contract-forms-add-on/includes/esig-nf-settings.php?ver=ninja-signature-contract-forms-add-on/includes/esig-nfds.php?ver=ninja-signature-contract-forms-add-on/admin/esig-ninja-filters.php?ver=ninja-signature-contract-forms-add-on/admin/about/autoload.php?ver=ninja-signature-contract-forms-add-on/admin/esig-nfds-admin.php?ver=ninja-signature-contract-forms-add-on/includes/esig-ninjaform-document-view.php?ver=ninja-signature-contract-forms-add-on/includes/esignature-action.php?ver=ninja-signature-contract-forms-add-on/admin/rating-widget/esign-rating-widget.php?ver=

HTML / DOM Fingerprints

CSS Classes
esig-icon-cssesig-about-alertbangBarerror
Data Attributes
esig-nfds
JS Globals
ESIG_NFDS
FAQ

Frequently Asked Questions about Ninja Forms Signature Contract Add-On