WP-Safety

Signature Watermark Security & Risk Analysis

wordpress.org/plugins/signature-watermark

Automatically watermark images as they are uploaded to the WordPress Media Library using Both Images and Text.

200 active installs v1.7.12 PHP + WP 3.3+ Updated Feb 14, 2015
imageimagespicturepictureswatermark
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Signature Watermark Safe to Use in 2026?

Generally Safe

Score 85/100

Signature Watermark has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The 'signature-watermark' plugin version 1.7.12 exhibits a generally good security posture with a limited attack surface and no recorded vulnerabilities. The static analysis indicates that all identified entry points, including two AJAX handlers, are protected by authentication checks. Furthermore, the code adheres to secure practices by using prepared statements for all SQL queries and incorporating nonce and capability checks for its AJAX handlers. There are no critical or high severity taint flows identified, suggesting a low risk of remote code execution or sensitive data leakage through unsanitized input paths.

However, there is a notable concern regarding output escaping. With only 29% of the 56 outputs properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. An attacker could potentially inject malicious scripts through user-controllable data displayed on the frontend, which could lead to session hijacking or other malicious activities. While the plugin has no known CVEs and a clean vulnerability history, this weakness in output sanitization presents a tangible risk that requires attention. The plugin's strengths lie in its robust authentication and SQL practices, but the output escaping deficiency is a critical area for improvement to achieve a truly secure state.

Key Concerns

  • Low percentage of properly escaped output
Vulnerabilities
None known

Signature Watermark Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Signature Watermark Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
40
16 escaped
Nonce Checks
2
Capability Checks
3
File Operations
4
External Requests
0
Bundled Libraries
0

Output Escaping

29% escaped56 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
update_mwa_plugin_installer_menu_disable_option (signature-watermark-plugin-installer.php:423)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Signature Watermark Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_update_mwa_plugin_installer_menu_optionsignature-watermark-plugin-installer.php:419
authwp_ajax_revert_watermarkssignature-watermark-plugin.php:85
WordPress Hooks 12
actioninstall_plugins_table_headersignature-watermark-plugin-installer.php:97
actioninstall_plugins_favoritessignature-watermark-plugin-installer.php:114
actionadmin_menusignature-watermark-plugin-installer.php:413
actionadmin_initsignature-watermark-plugin.php:63
filterwp_generate_attachment_metadatasignature-watermark-plugin.php:71
actionadmin_enqueue_scriptssignature-watermark-plugin.php:79
filterattachment_fields_to_editsignature-watermark-plugin.php:81
actiondelete_attachmentsignature-watermark-plugin.php:89
actionadmin_initsignature-watermark-plugin.php:93
actionadmin_initsignature-watermark-plugin.php:96
actionadmin_menusignature-watermark-plugin.php:99
filterplugin_row_metasignature-watermark-plugin.php:108
Maintenance & Trust

Signature Watermark Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedFeb 14, 2015
PHP min version
Downloads46K

Community Trust

Rating32/100
Number of ratings9
Active installs200
Alternatives

Signature Watermark Alternatives

Bulk Watermark

Bulk Watermark

bulk-watermark

C
63

Adds an image and/or text watermark to all uploaded images, using PNG images with transparency.

100 1 unpatched
Transparent Image Watermark

Transparent Image Watermark

transparent-image-watermark-plugin

A
85

Automatically watermark images as they are uploaded to the WordPress Media Library.

100 No CVEs
Simple Watermark

Simple Watermark

simple-watermark

A
85

Automatically watermark images as they are viewed

10 No CVEs
Watermark Hotlink Protection

Watermark Hotlink Protection

watermark-hotlink-protection

A
85

Displays a watermark on images which have been hotlinked

10 No CVEs
FancyBox for WordPress

FancyBox for WordPress

fancybox-for-wordpress

A
96

Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.

40K 3 CVEs
Developer Profile

Signature Watermark Developer Profile

ChrisHurst

19 plugins · 2K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
2044 days
View full developer profile
Detection Fingerprints

How We Detect Signature Watermark

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/signature-watermark/css/signature-watermark-admin.css/wp-content/plugins/signature-watermark/css/signature-watermark-public.css/wp-content/plugins/signature-watermark/js/signature-watermark-admin.js
Script Paths
/wp-content/plugins/signature-watermark/js/signature-watermark-admin.js
Version Parameters
signature-watermark/css/signature-watermark-admin.css?ver=signature-watermark/css/signature-watermark-public.css?ver=signature-watermark/js/signature-watermark-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
signature-watermark-settings
Data Attributes
data-signature-watermark-admin
JS Globals
signature_watermark_settings
FAQ

Frequently Asked Questions about Signature Watermark