WP-Safety

Product Watermark for WooCommerce Security & Risk Analysis

wordpress.org/plugins/product-watermark-for-woocommerce

Allows you to add watermark to images that applied to products

2K active installs v1.3.9.2 PHP 7.0+ WP 5.0+ Updated Dec 10, 2025
photo-watermarkpicture-watermarkproduct-imageproduct-watermarkwatermark
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Product Watermark for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Product Watermark for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'product-watermark-for-woocommerce' plugin exhibits a mixed security posture. While it boasts a clean vulnerability history with no recorded CVEs and a seemingly good number of nonce and capability checks, the static analysis reveals significant areas of concern. A primary risk lies in the presence of 14 AJAX handlers, with one entirely lacking authentication checks, opening a potential backdoor for unauthorized actions. Furthermore, the use of a dangerous `unserialize` function, coupled with raw SQL queries and a concerning percentage of improperly escaped output, indicates potential for injection attacks or data leakage. The taint analysis, while not flagging critical or high severity unsanitized paths, warrants caution due to the presence of unsanitized paths at all. The lack of any recorded vulnerabilities might suggest responsible development or simply a lack of discovered issues to date. However, the identified code signals and attack surface characteristics necessitate careful attention to mitigate potential risks.

Key Concerns

  • AJAX handler without authentication check
  • Dangerous unserialize function used
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
  • Unsanitized paths found in taint analysis
Vulnerabilities
None known

Product Watermark for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Product Watermark for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
0 prepared
Unescaped Output
147
118 escaped
Nonce Checks
14
Capability Checks
24
File Operations
8
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket\includes\updater.php:128

SQL Query Safety

0% prepared2 total queries

Output Escaping

45% escaped265 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths
berocket_single_image (main.php:149)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Product Watermark for WooCommerce Attack Surface

Entry Points14
Unprotected1

AJAX Handlers 14

authwp_ajax_brfr_get_export_settingsberocket\includes\admin\import_export.php:5
authwp_ajax_brfr_set_import_settingsberocket\includes\admin\import_export.php:6
authwp_ajax_brfr_get_import_backupsberocket\includes\admin\import_export.php:7
authwp_ajax_brfr_restore_import_backupsberocket\includes\admin\import_export.php:8
authwp_ajax_berocket_admin_close_noticeberocket\includes\admin_notices.php:1199
authwp_ajax_berocket_subscribe_emailberocket\includes\admin_notices.php:1200
authwp_ajax_berocket_rate_stars_closeberocket\includes\admin_notices.php:1208
authwp_ajax_berocket_feature_request_sendberocket\includes\admin_notices.php:1209
authwp_ajax_berocket_error_notices_getberocket\includes\error_notices.php:5
authwp_ajax_berocket_information_close_noticeberocket\includes\information_notices.php:198
authwp_ajax_br_test_keyberocket\includes\updater.php:46
authwp_ajax_br_test_keysberocket\includes\updater.php:47
authwp_ajax_berocket_get_watermark_imagesincludes\generate_watermark.php:4
authwp_ajax_berocket_single_imagemain.php:133
WordPress Hooks 107
actionprint_media_templatesaddons\media_buttons\media_buttons_include.php:4
actionattachment_submitbox_misc_actionsaddons\media_buttons\media_buttons_include.php:5
filterplugins_listberocket\framework.php:84
filterBeRocket_updater_add_pluginberocket\framework.php:105
filterberocket_admin_notices_rate_stars_pluginsberocket\framework.php:106
actioninitberocket\framework.php:107
actioninitberocket\framework.php:110
actionwp_headberocket\framework.php:111
actionwp_footerberocket\framework.php:112
actionadmin_initberocket\framework.php:113
actionadmin_menuberocket\framework.php:114
actionadmin_enqueue_scriptsberocket\framework.php:115
actionberocket_enqueue_mediaberocket\framework.php:116
filterplugin_row_metaberocket\framework.php:122
filteris_berocket_settings_pageberocket\framework.php:123
actionplugins_loadedberocket\framework.php:128
actionsanitize_comment_cookiesberocket\framework.php:129
actioninstall_plugins_pre_plugin-informationberocket\framework.php:130
filterberocket_admin_notices_subscribe_pluginsberocket\framework.php:132
filterBeRocket_admin_init_user_capabilitiesberocket\framework.php:135
filterberocket_sanitize_array_predefineberocket\framework.php:136
filterberocket_sanitize_array_ksesberocket\framework.php:137
filterberocket_sanitize_array_ksesberocket\framework.php:140
actionbefore_woocommerce_initberocket\framework.php:150
filterloop_shop_per_pageberocket\framework.php:391
actionupgrader_process_completeberocket\framework.php:499
actionadmin_footerberocket\framework.php:1158
actionwp_footerberocket\framework.php:1159
actionadmin_initberocket\framework.php:1273
actionadmin_bar_menuberocket\includes\admin\admin_bar.php:8
actionwp_footerberocket\includes\admin\admin_bar.php:9
filterberocket_admin_bar_plugins_databerocket\includes\admin\admin_bar.php:149
actionBeRocket_framework_updater_account_form_afterberocket\includes\admin\import_export.php:4
filterberocket_admin_notice_is_display_noticeberocket\includes\admin_notices.php:75
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\admin_notices.php:76
actionadmin_noticesberocket\includes\admin_notices.php:1198
actionadmin_noticesberocket\includes\admin_notices.php:1207
actionberocket_rate_plugin_windowberocket\includes\admin_notices.php:1210
actionberocket_related_plugins_windowberocket\includes\admin_notices.php:1211
actionberocket_above_admin_settingsberocket\includes\admin_notices.php:1212
actionberocket_feature_request_windowberocket\includes\admin_notices.php:1213
actionadmin_footerberocket\includes\admin_notices.php:1285
actionadmin_footerberocket\includes\admin_notices.php:1493
actionadmin_footerberocket\includes\admin_notices.php:1922
actionadmin_footerberocket\includes\admin_notices.php:2079
actioninitberocket\includes\custom_post\enable_disable.php:9
actionadmin_initberocket\includes\custom_post\enable_disable.php:10
actionpost_action_enableberocket\includes\custom_post\enable_disable.php:13
actionpost_action_disableberocket\includes\custom_post\enable_disable.php:14
filterpost_classberocket\includes\custom_post\enable_disable.php:16
filterpre_get_postsberocket\includes\custom_post\enable_disable.php:18
actionpre_get_postsberocket\includes\custom_post\sortable.php:22
actionin_admin_footerberocket\includes\custom_post\sortable.php:117
actioninitberocket\includes\custom_post.php:58
filterinitberocket\includes\custom_post.php:59
filteradmin_initberocket\includes\custom_post.php:60
filterwp_insert_post_databerocket\includes\custom_post.php:61
filterBeRocket_admin_init_user_capabilitiesberocket\includes\custom_post.php:71
actionadd_meta_boxesberocket\includes\custom_post.php:128
actionsave_postberocket\includes\custom_post.php:129
filterpost_row_actionsberocket\includes\custom_post.php:130
filterlist_table_primary_columnberocket\includes\custom_post.php:131
actionadmin_enqueue_scriptsberocket\includes\custom_post.php:133
filteris_berocket_settings_pageberocket\includes\custom_post.php:135
actionadmin_footerberocket\includes\custom_post.php:162
actionadmin_noticesberocket\includes\information_notices.php:197
actionadmin_initberocket\includes\updater.php:18
filterwoocommerce_addons_sectionsberocket\includes\updater.php:27
filteris_berocket_settings_pageberocket\includes\updater.php:28
actionadmin_footerberocket\includes\updater.php:30
actionadmin_headberocket\includes\updater.php:39
actionadmin_menuberocket\includes\updater.php:40
actionadmin_menuberocket\includes\updater.php:41
actionnetwork_admin_menuberocket\includes\updater.php:42
actionadmin_initberocket\includes\updater.php:43
filterpre_set_site_transient_update_pluginsberocket\includes\updater.php:44
filterplugins_api_resultberocket\includes\updater.php:45
filterhttp_request_host_is_externalberocket\includes\updater.php:48
actionadmin_footerberocket\includes\updater.php:51
actionwp_footerberocket\includes\updater.php:52
filterberocket_display_additional_noticesberocket\includes\updater.php:92
filtercustom_menu_orderberocket\includes\updater.php:98
filterberocket_admin_notice_is_display_noticeberocket\includes\updater.php:102
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\updater.php:103
filterplugins_api_resultberocket\includes\updater.php:109
actioninitberocket\includes\updater.php:1413
actionadmin_enqueue_scriptsberocket\sale\sale.php:4
filterberocket_watermark_applyincludes\imagelib\gd.php:6
filterberocket_watermark_applyincludes\imagelib\imagick.php:6
filterBeRocket_framework_check_init_temp_php_extensionmain.php:113
actionadded_post_metamain.php:124
actionupdated_post_metamain.php:125
actionadded_post_metamain.php:126
actionupdated_post_metamain.php:127
filterget_post_metadatamain.php:129
filterget_post_metadatamain.php:130
filterwoocommerce_product_get_image_idmain.php:131
filterberocket_apply_all_content_to_imagemain.php:132
filterberocket_display_additional_noticesmain.php:136
filterimage_downsizemain.php:198
filterimage_downsizemain.php:200
filterimage_downsizemain.php:226
filterimage_downsizemain.php:228
filterintermediate_image_sizes_advancedmain.php:358
filterget_post_metadatamain.php:430
filterget_post_metadatamain.php:452
filterwoocommerce_product_get_image_idmain.php:467
Maintenance & Trust

Product Watermark for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version7.0
Downloads95K

Community Trust

Rating74/100
Number of ratings55
Active installs2K
Alternatives

Product Watermark for WooCommerce Alternatives

Product Image Watermark for Woo

Product Image Watermark for Woo

product-image-watermark-for-woo

A
100

Automatically add watermarks to WooCommerce product images to protect your store visuals and maintain brand identity.

30 No CVEs
Ultimate Watermark – Protect Images with Professional Watermarks

Ultimate Watermark – Protect Images with Professional Watermarks

ultimate-watermark

A
99

Automatically protect your images with professional watermarks. Add text or image watermarks to WordPress media uploads with advanced positioning and …

1K 1 CVE
Easy Watermark

Easy Watermark

easy-watermark

A
99

Allows to add watermark to images automatically on upload or manually.

40K 1 CVE
Image Watermark

Image Watermark

image-watermark

A
99

Secure and brand your images with automatic watermarks. Apply image or text overlays to new uploads and bulk process existing Media Library images wit …

40K 1 CVE
Protect Uploads

Protect Uploads

protect-uploads

A
100

Protect your uploads directory. Prevent browsing, add watermarks, disable right-click, and password-protect files. For more information, visit protect …

30K 1 CVE
Developer Profile

Product Watermark for WooCommerce Developer Profile

BeRocket

22 plugins · 139K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
381 days
View full developer profile
Detection Fingerprints

How We Detect Product Watermark for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-watermark-for-woocommerce/css/main.css/wp-content/plugins/product-watermark-for-woocommerce/css/admin.css/wp-content/plugins/product-watermark-for-woocommerce/js/main.js/wp-content/plugins/product-watermark-for-woocommerce/js/admin.js
Version Parameters
/wp-content/plugins/product-watermark-for-woocommerce/css/main.css?ver=/wp-content/plugins/product-watermark-for-woocommerce/css/admin.css?ver=/wp-content/plugins/product-watermark-for-woocommerce/js/main.js?ver=/wp-content/plugins/product-watermark-for-woocommerce/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
br-product-watermark-settings
JS Globals
BeRocket_image_watermark_lang
FAQ

Frequently Asked Questions about Product Watermark for WooCommerce