Sign Customiser Security & Risk Analysis
wordpress.org/plugins/sign-customiserTransform your WooCommerce store into a powerful custom sign business with real-time pricing, instant previews, and automated manufacturing specs.
Is Sign Customiser Safe to Use in 2026?
Generally Safe
Score 100/100Sign Customiser has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "sign-customiser" plugin v1.6.2 exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions and using prepared statements for all SQL queries, and importantly, has no recorded vulnerability history, several critical concerns are present.
The static analysis reveals a significant attack surface with one unprotected REST API route. Furthermore, only 30% of output is properly escaped, and there are no nonce or capability checks implemented for any entry points. The presence of file operations and external HTTP requests without apparent sanitization or validation in the analyzed code signals potential avenues for exploitation.
Despite the absence of past CVEs, the current lack of robust authentication and authorization checks on its entry points, combined with insufficient output escaping, creates a substantial risk. The plugin's strengths in SQL handling and lack of historical vulnerabilities are overshadowed by the immediate threats posed by its unprotected REST API route and general lack of input validation and output sanitization.
Key Concerns
- Unprotected REST API route
- Insufficient output escaping (30% proper)
- Missing nonce checks
- Missing capability checks
- File operations without apparent validation
- External HTTP requests without apparent validation
Sign Customiser Security Vulnerabilities
Sign Customiser Code Analysis
Output Escaping
Sign Customiser Attack Surface
REST API Routes 1
WordPress Hooks 10
Maintenance & Trust
Sign Customiser Maintenance & Trust
Maintenance Signals
Community Trust
Sign Customiser Alternatives
NeonCRM Sign-In
neoncrm-sign-in
Sign in to WordPress using a NeonCRM constituent account.
Neon Channel Product Customizer Free
neon-channel-product-customizer-free
Neon Channel Product Customizer (NCPC) lets you create fully custom neon signs and letters directly in your WordPress/WooCommerce store, helping you s …
Neon Product Designer
neon-product-designer-for-woocommerce
NPD is a WordPress/WooCommerce plugin that helps you set up your online custom neon sign store, and receives orders from your customers.
NeonCRM Events Widget
neoncrm-events-widget
Displays a feed of upcoming events retrieved from NeonCRM.
LineOne
lineone-one
LineOne.one LineOne - your websites greatest agent. LineOne connects you to your customers straight away on the phone so you can talk and help your u …
Sign Customiser Developer Profile
1 plugin · 30 total installs
How We Detect Sign Customiser
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/sign-customiser/assets/js/sign-customiser-frontend.js/wp-content/plugins/sign-customiser/assets/css/sign-customiser-frontend.css/wp-content/plugins/sign-customiser/assets/css/sign-customiser-admin.css/wp-content/plugins/sign-customiser/assets/js/sign-customiser-admin.js/wp-content/plugins/sign-customiser/assets/js/sign-customiser-frontend.js/wp-content/plugins/sign-customiser/assets/js/sign-customiser-admin.jssign-customiser/assets/js/sign-customiser-frontend.js?ver=sign-customiser/assets/css/sign-customiser-frontend.css?ver=sign-customiser/assets/css/sign-customiser-admin.css?ver=sign-customiser/assets/js/sign-customiser-admin.js?ver=HTML / DOM Fingerprints
spcwp_ajax_cart_dismissspcwp_migration_banner_dismissid="spcwp_ajax_cart_dismiss"id="spcwp_migration_banner_dismiss"window.SpcWcConfig/wp-json/sign-customiser/v1/product