Does Smart Agreements have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Smart Agreements compatible with WordPress 6.9.4?

According to WordPress.org data, Smart Agreements 1.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Smart Agreements compatible with PHP 7.2+?

Smart Agreements requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Smart Agreements updated?

Smart Agreements was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is Smart Agreements's security score?

Smart Agreements has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smart Agreements: 1 Patched CVE

Safety Verdict

Is Smart Agreements Safe to Use in 2026?

Generally Safe

Score 97/100

Smart Agreements has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 17, 2025Updated 3mo ago

Risk Assessment

The 'smart-agreements' plugin v1.0.4 presents a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices, with 100% of outputs being properly escaped and a high percentage of SQL queries utilizing prepared statements. The presence of 10 nonce checks and 1 capability check also indicates an awareness of common WordPress security mechanisms. However, significant concerns arise from the attack surface and taint analysis.

The plugin exposes 5 entry points, with 2 AJAX handlers lacking authentication checks, creating a direct pathway for potential unauthorized actions. The taint analysis reveals 4 critical severity flows with unsanitized paths, which is particularly concerning as these could lead to remote code execution or data breaches if exploited, especially considering the plugin's past vulnerability history.

The plugin has a history of a critical vulnerability, specifically Remote File Inclusion. While currently unpatched CVEs are zero, this past critical issue, coupled with the identified critical taint flows and unprotected AJAX endpoints, suggests a recurring theme of potential weaknesses in input validation and file handling. The overall risk is moderate, leaning towards high due to the critical taint flows and unprotected entry points, despite good practices in output escaping and SQL query preparation.

Key Concerns

Unprotected AJAX handlers
Critical taint flows with unsanitized paths
Past critical vulnerability (RFI)
Bundled library (dompdf)

Vulnerabilities

1 published

Smart Agreements Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

1

1 total CVE

CVE-2025-39462critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Smart Agreements <= 1.0.3 - Unauthenticated Local File Inclusion

Apr 17, 2025 Patched in 1.0.4 (6d)

Version History

Smart Agreements Release Timeline

v1.0.4Current

v1.0.31 CVE

v1.0.21 CVE

v1.0.11 CVE

v1.0.01 CVE

Code Analysis

Analyzed Mar 16, 2026

Smart Agreements Code Analysis

Dangerous Functions

0

Raw SQL Queries

2

58 prepared

Unescaped Output

2

689 escaped

Nonce Checks

10

Capability Checks

1

File Operations

1

External Requests

0

Bundled Libraries

1

Bundled Libraries

dompdf

SQL Query Safety

97% prepared60 total queries

Output Escaping

100% escaped691 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

16 flows5 with unsanitized paths

ztsa_owner_signeture (includes\class-ztsa-entries.php:455)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Smart Agreements Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 4

authwp_ajax_show_previewincludes\class-ztsa-contracts.php:38

authwp_ajax_show_entries_fullincludes\class-ztsa-entries.php:27

noprivwp_ajax_show_entries_fullincludes\class-ztsa-entries.php:28

authwp_ajax_test_mail_checkincludes\class-ztsa-setting.php:29

Shortcodes 1

[ztsa_Contract_Form] includes\class-ztsa-contracts.php:33

WordPress Hooks 21

actionadmin_enqueue_scriptsincludes\class-ztsa-contracts.php:26

actionwp_enqueue_scriptsincludes\class-ztsa-contracts.php:27

actioninitincludes\class-ztsa-contracts.php:28

actionadd_meta_boxesincludes\class-ztsa-contracts.php:29

actionsave_postincludes\class-ztsa-contracts.php:30

actionadmin_post_save_ques_requestincludes\class-ztsa-contracts.php:34

actionadmin_post_nopriv_save_ques_requestincludes\class-ztsa-contracts.php:35

actionadmin_post_ztsa_agreement_formincludes\class-ztsa-contracts.php:36

actionadmin_post_save_templateincludes\class-ztsa-contracts.php:37

actionadmin_menuincludes\class-ztsa-entries.php:26

actionadmin_post_ztsa_owner_response_to_customerincludes\class-ztsa-entries.php:29

actionadmin_post_nopriv_ztsa_owner_response_to_customerincludes\class-ztsa-entries.php:30

actionadmin_post_customer_responseincludes\class-ztsa-entries.php:31

actionadmin_post_nopriv_customer_responseincludes\class-ztsa-entries.php:32

actionadmin_post_ztsa_owner_signetureincludes\class-ztsa-entries.php:33

actionadmin_post_ztsa_owner_sign_templateincludes\class-ztsa-entries.php:34

actionadmin_post_show_pdfincludes\class-ztsa-pdf-generator.php:29

actionadmin_menuincludes\class-ztsa-setting.php:26

actionadmin_post_save_smtp_settingincludes\class-ztsa-setting.php:27

actionphpmailer_initincludes\class-ztsa-setting.php:28

actionadmin_post_ztsa_notification_setting_tabincludes\class-ztsa-setting.php:30

Maintenance & Trust

Smart Agreements Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.2

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Smart Agreements Alternatives

Easy Digital Downloads Digital Signature

edd-digital-signature-add-on

A

100

Automatically require your Easy Digital Downloads customers to sign a legally binding contract before downloading your product. Easy to Use.

80 No CVEs

Signature Add-On for Gravity Forms

gravity-signature-forms-add-on

A

99

Automatically generate a legally binding & court recognized contract from a Gravity Forms submission. Proposals. Time sheets. Contracts.

1K 1 CVE

Signature Add-On for WooCommerce

woocommerce-digital-signature

A

100

Automatically require your WooCommerce customers to sign a legally binding contract before downloading your product. Easy to Use.

1K No CVEs

NEX-Forms ADD ON – Digital Signatures

nex-forms-digital-signatures-add-on

A

100

Easily add Digital / E-Signature fields to your forms. Capture signatures with submissions and automatically include them in emails and PDF exports.

700 No CVEs

Ninja Forms Signature Contract Add-On

ninja-signature-contract-forms-add-on

A

100

Instantly produce a legally enforceable & court recognized contract from a Ninja Form submission. Signature Pad Contracts. Proposals.

400 No CVEs

Developer Profile

Smart Agreements Developer Profile

teamzt

3 plugins · 20 total installs

99

trust score

Avg Security Score

99/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Smart Agreements

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smart-agreements/assets/css/style.css/wp-content/plugins/smart-agreements/assets/js/form-builder.min.js/wp-content/plugins/smart-agreements/assets/js/form-render.min.js/wp-content/plugins/smart-agreements/assets/js/custom.js/wp-content/plugins/smart-agreements/assets/js/jquery.validate.min.js

Script Paths

/wp-content/plugins/smart-agreements/assets/js/form-builder.min.js/wp-content/plugins/smart-agreements/assets/js/form-render.min.js/wp-content/plugins/smart-agreements/assets/js/custom.js/wp-content/plugins/smart-agreements/assets/js/jquery.validate.min.js

Version Parameters

smart-agreements/assets/css/style.css?ver=smart-agreements/assets/js/form-builder.min.js?ver=smart-agreements/assets/js/form-render.min.js?ver=smart-agreements/assets/js/custom.js?ver=smart-agreements/assets/js/jquery.validate.min.js?ver=

HTML / DOM Fingerprints

Shortcode Output

[ztsa_Contract_Form id="[ztsa_Contract_Form id="

FAQ

Smart Agreements Security & Risk Analysis

Is Smart Agreements Safe to Use in 2026?

Generally Safe

Key Concerns

Smart Agreements Security Vulnerabilities

CVEs by Year

Severity Breakdown

Smart Agreements Release Timeline

Smart Agreements Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Smart Agreements Attack Surface

AJAX Handlers 4

Shortcodes 1

Smart Agreements Maintenance & Trust

Maintenance Signals

Community Trust

Smart Agreements Alternatives

Easy Digital Downloads Digital Signature

Signature Add-On for Gravity Forms

Signature Add-On for WooCommerce

NEX-Forms ADD ON – Digital Signatures

Ninja Forms Signature Contract Add-On

Smart Agreements Developer Profile

How We Detect Smart Agreements

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Smart Agreements