WP-Safety

Ultimate Watermark – Protect Images with Professional Watermarks Security & Risk Analysis

wordpress.org/plugins/ultimate-watermark

Automatically protect your images with professional watermarks. Add text or image watermarks to WordPress media uploads with advanced positioning and …

1K active installs v2.0.4 PHP 7.4+ WP 5.0+ Updated Feb 26, 2026
bulk-watermarkcopyrightimage-protectionphoto-watermarkwatermark
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Ultimate Watermark – Protect Images with Professional Watermarks Safe to Use in 2026?

Generally Safe

Score 99/100

Ultimate Watermark – Protect Images with Professional Watermarks has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2025Updated 1mo ago
Risk Assessment

The 'ultimate-watermark' v2.0.4 plugin exhibits a generally good security posture with several strengths. The plugin demonstrates excellent practice by using prepared statements for all SQL queries and properly escaping a high percentage of its output. The absence of dangerous functions, external HTTP requests, and critical or high-severity taint flows is also commendable. Furthermore, the plugin utilizes nonces and capability checks for all its AJAX handlers, which is a crucial security measure.

However, there are notable concerns regarding the attack surface. The plugin exposes 22 AJAX handlers, and a significant portion (3 of them) lack proper authentication checks. This creates a potential entry point for unauthenticated attackers to interact with the plugin in unintended ways, potentially leading to unintended actions or information disclosure if these handlers perform sensitive operations. While there are no currently unpatched vulnerabilities, the history indicates a past medium-severity vulnerability, specifically related to missing authorization. This pattern suggests a recurring need for careful review of authorization mechanisms, especially within the AJAX endpoints.

In conclusion, while the plugin has strong foundational security practices in place, the presence of unprotected AJAX handlers represents a clear risk that needs immediate attention. Addressing these unauthenticated entry points is paramount to improving the overall security of the 'ultimate-watermark' plugin.

Key Concerns

  • AJAX handlers without authentication checks
  • Past medium severity vulnerability (Missing Authorization)
Vulnerabilities
1

Ultimate Watermark – Protect Images with Professional Watermarks Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-57985medium · 5.4Missing Authorization

Ultimate Watermark <= 1.1 - Missing Authorization

Sep 22, 2025 Patched in 1.1.1 (17d)
Code Analysis
Analyzed Mar 16, 2026

Ultimate Watermark – Protect Images with Professional Watermarks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
44 prepared
Unescaped Output
51
705 escaped
Nonce Checks
22
Capability Checks
22
File Operations
26
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared44 total queries

Output Escaping

93% escaped756 total outputs
Data Flows
All sanitized

Data Flow Analysis

10 flows
handleUpdateToggleState (src\Admin\AdminManager.php:669)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Ultimate Watermark – Protect Images with Professional Watermarks Attack Surface

Entry Points22
Unprotected3

AJAX Handlers 22

authwp_ajax_ultimate_watermark_delete_backupsrc\Admin\AdminManager.php:67
authwp_ajax_ultimate_watermark_restore_backupsrc\Admin\AdminManager.php:68
authwp_ajax_ultimate_watermark_bulk_restore_backupsrc\Admin\AdminManager.php:69
authwp_ajax_ultimate_watermark_bulk_delete_backupsrc\Admin\AdminManager.php:70
authwp_ajax_ultimate_watermark_save_settingssrc\Admin\AdminManager.php:71
authwp_ajax_ultimate_watermark_update_toggle_statesrc\Admin\AdminManager.php:72
authwp_ajax_ultimate_watermark_get_analytics_datasrc\Admin\AdminManager.php:73
authwp_ajax_ultimate_watermark_get_paginated_backupssrc\Admin\AdminManager.php:74
authwp_ajax_ultimate_watermark_remove_allsrc\Admin\MediaEditIntegration.php:33
authwp_ajax_ultimate_watermark_apply_manualsrc\Admin\MediaLibraryIntegration.php:24
authwp_ajax_ultimate_watermark_apply_automaticsrc\Admin\MediaLibraryIntegration.php:25
authwp_ajax_ultimate_watermark_removesrc\Admin\MediaLibraryIntegration.php:26
authwp_ajax_ultimate_watermark_set_temp_selected_idssrc\Admin\MediaLibraryIntegration.php:41
authwp_ajax_ultimate_watermark_duplicatesrc\Ajax\WatermarkActionsHandler.php:24
authwp_ajax_ultimate_watermark_deletesrc\Ajax\WatermarkActionsHandler.php:25
authwp_ajax_ultimate_watermark_togglesrc\Ajax\WatermarkActionsHandler.php:26
authwp_ajax_ultimate_watermark_bulk_deletesrc\Ajax\WatermarkActionsHandler.php:27
authwp_ajax_ultimate_watermark_bulk_activatesrc\Ajax\WatermarkActionsHandler.php:28
authwp_ajax_ultimate_watermark_bulk_deactivatesrc\Ajax\WatermarkActionsHandler.php:29
authwp_ajax_ultimate_watermark_savesrc\Ajax\WatermarkAjaxHandler.php:35
authwp_ajax_ultimate_watermark_generate_previewsrc\Ajax\WatermarkPreviewHandler.php:19
authwp_ajax_ultimate_watermark_get_library_statussrc\Ajax\WatermarkPreviewHandler.php:20
WordPress Hooks 43
actionadmin_menusrc\Admin\AdminManager.php:62
actionadmin_initsrc\Admin\AdminManager.php:63
actionadmin_enqueue_scriptssrc\Admin\AdminManager.php:64
actionadmin_post_ultimate_watermark_save_settingssrc\Admin\AdminManager.php:65
actionattachment_fields_to_editsrc\Admin\MediaEditIntegration.php:22
actionadd_meta_boxessrc\Admin\MediaEditIntegration.php:26
actionadd_meta_boxes_attachmentsrc\Admin\MediaEditIntegration.php:27
actioncurrent_screensrc\Admin\MediaEditIntegration.php:30
actionadmin_enqueue_scriptssrc\Admin\MediaEditIntegration.php:36
actionadmin_initsrc\Admin\MediaLibraryIntegration.php:22
actionadmin_enqueue_scriptssrc\Admin\MediaLibraryIntegration.php:23
actionpost-upload-uisrc\Admin\MediaLibraryIntegration.php:29
actionupload-ui-topsrc\Admin\MediaLibraryIntegration.php:30
actionwp_upload_tabssrc\Admin\MediaLibraryIntegration.php:31
actionwp_handle_uploadsrc\Admin\MediaLibraryIntegration.php:34
filterwp_handle_upload_prefiltersrc\Admin\MediaLibraryIntegration.php:35
filterupload_post_paramssrc\Admin\MediaLibraryIntegration.php:38
actionadmin_footersrc\Admin\MediaLibraryIntegration.php:48
actionadmin_footersrc\Admin\MediaLibraryIntegration.php:51
actionadmin_footersrc\Admin\MediaLibraryIntegration.php:54
actiondelete_postsrc\Admin\MediaLibraryIntegration.php:57
actiondelete_attachmentsrc\Admin\MediaLibraryIntegration.php:58
filterbulk_actions-uploadsrc\Admin\MediaLibraryIntegration.php:72
filterhandle_bulk_actions-uploadsrc\Admin\MediaLibraryIntegration.php:75
actionwp_enqueue_scriptssrc\Assets\AssetManager.php:94
actionadmin_enqueue_scriptssrc\Assets\AssetManager.php:97
filterstyle_loader_tagsrc\Assets\AssetManager.php:100
filterscript_loader_tagsrc\Assets\AssetManager.php:101
actionadmin_enqueue_scriptssrc\Components\Toast.php:24
actioninitsrc\Core\Plugin.php:125
actionadmin_initsrc\Core\Plugin.php:126
actionwp_enqueue_scriptssrc\Core\Plugin.php:127
actionadmin_noticessrc\Core\Plugin.php:130
actionadmin_noticessrc\Core\Plugin.php:217
actionadmin_noticessrc\Core\Plugin.php:304
actionadd_attachmentsrc\Integration\RestApiIntegration.php:21
actionrest_insert_attachmentsrc\Integration\RestApiIntegration.php:24
actionrest_after_insert_attachmentsrc\Integration\RestApiIntegration.php:25
actionwp_insert_postsrc\Integration\RestApiIntegration.php:29
filterwp_generate_attachment_metadatasrc\Integration\RestApiIntegration.php:32
actioninitsrc\PostTypes\WatermarkPostType.php:29
actionplugins_loadedultimate-watermark.php:56
actionadmin_noticesultimate-watermark.php:66
Maintenance & Trust

Ultimate Watermark – Protect Images with Professional Watermarks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads24K

Community Trust

Rating66/100
Number of ratings11
Active installs1K
Alternatives

Ultimate Watermark – Protect Images with Professional Watermarks Alternatives

Watermark RELOADED

Watermark RELOADED

watermark-reloaded

A
99

Automatically add customizable text watermarks to new images on upload to protect your WordPress media library.

800 1 CVE
Geotrixe Content Protector & Image Watermarker

Geotrixe Content Protector & Image Watermarker

geotrixe-content-protector-watermarker

A
100

Protect your WordPress content by disabling right-click, text selection, copy/paste shortcuts, and image dragging. Includes image watermarking.

0 No CVEs
Watermark Manager

Watermark Manager

watermark-manager

A
100

Apply text or image watermarks to WordPress media uploads with batch processing, templates, and backup/restore.

0 No CVEs
WP-Copyright-Protection

WP-Copyright-Protection

wp-copyright-protection

A
92

Simple copyright protection for your images and text. No right click, no text selections, no screenshots. A very lean and clean plugin.

6K No CVEs
Product Watermark for WooCommerce

Product Watermark for WooCommerce

product-watermark-for-woocommerce

A
100

Allows you to add watermark to images that applied to products

2K No CVEs
Developer Profile

Ultimate Watermark – Protect Images with Professional Watermarks Developer Profile

MantraBrain

11 plugins · 9K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
88 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Watermark – Protect Images with Professional Watermarks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-watermark/assets/css/admin-style.css/wp-content/plugins/ultimate-watermark/assets/css/frontend-style.css/wp-content/plugins/ultimate-watermark/assets/js/admin-script.js/wp-content/plugins/ultimate-watermark/assets/js/frontend-script.js
Script Paths
/wp-content/plugins/ultimate-watermark/vendor/moxiecode/plupload/js/moxie.js/wp-content/plugins/ultimate-watermark/vendor/moxiecode/plupload/js/plupload.min.js/wp-content/plugins/ultimate-watermark/vendor/tinymce/tinymce/tinymce.min.js
Version Parameters
ultimate-watermark/assets/css/admin-style.css?ver=ultimate-watermark/assets/css/frontend-style.css?ver=ultimate-watermark/assets/js/admin-script.js?ver=ultimate-watermark/assets/js/frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
uw-admin-wrapuw-dashboard-carduw-settings-sectionuw-media-library-itemuw-add-watermark-formuw-analytics-chart
HTML Comments
<!-- Ultimate Watermark Admin Wrap --><!-- Start: Add Watermark Form --><!-- End: Add Watermark Form --><!-- Ultimate Watermark Settings Section -->
Data Attributes
data-uw-iddata-watermark-typedata-watermark-iddata-plugin-name="Ultimate Watermark"
JS Globals
window.UltimateWatermarkAdminvar ultimateWatermarkData = window.UW = const uw_object_name =
REST Endpoints
/wp-json/ultimate-watermark/v1/settings/wp-json/ultimate-watermark/v1/watermarks/wp-json/ultimate-watermark/v1/analytics/wp-json/ultimate-watermark/v1/backups
Shortcode Output
[ultimate_watermark_display_image][uw_image_watermark][ultimate_watermark_gallery]
FAQ

Frequently Asked Questions about Ultimate Watermark – Protect Images with Professional Watermarks