Does Watchman have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Watchman compatible with WordPress 4.4.34?

According to WordPress.org data, Watchman 0.7.1 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Watchman updated?

Watchman was last updated on Dec 19, 2015. Frequent updates are generally a positive security signal.

What is Watchman's security score?

Watchman has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Watchman Security & Risk Analysis

wordpress.org/plugins/watchman

Watchman is a WordPress plugin which keeps track of revisions for your posts, pages and custom post types as well.

10 active installs v0.7.1 PHP + WP 3.6+ Updated Dec 19, 2015

pagepostpostsrevisionrevisions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Watchman Safe to Use in 2026?

Generally Safe

Score 85/100

Watchman has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "watchman" plugin v0.7.1 exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with exposed entry points, coupled with the lack of dangerous functions and file operations, significantly minimizes the plugin's attack surface. The use of prepared statements for all SQL queries and the presence of nonce and capability checks are positive indicators of secure coding practices. However, the low percentage of properly escaped output (30%) represents a notable weakness. While taint analysis shows no critical or high severity flows, this doesn't negate the risk associated with unescaped output, which could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these outputs. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign. In conclusion, "watchman" v0.7.1 is secure in terms of attack surface and data handling (SQL), but the lack of comprehensive output escaping warrants attention to prevent potential XSS vulnerabilities.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

Watchman Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Watchman Release Timeline

v0.7.1Current

v0.7

v0.6

v0.5

v0.4

v0.3

v0.2

Code Analysis

Analyzed Mar 16, 2026

Watchman Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

30% escaped10 total outputs

Attack Surface

Watchman Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

filterwp_revisions_to_keeprevision\class-wm-revision.php:33

action_wp_put_post_revisionrevision\class-wm-revision.php:42

filterwp_save_post_revision_post_has_changedrevision\class-wm-revision.php:52

filterwp_get_revision_ui_diffrevision\class-wm-revision.php:64

actionadd_meta_boxessettings\class-wm-admin.php:38

actionsave_postsettings\class-wm-admin.php:39

actionadmin_noticessettings\class-wm-admin.php:40

filterremovable_query_argssettings\class-wm-admin.php:41

filterredirect_post_locationsettings\class-wm-admin.php:103

actionadmin_menusettings\class-wm-settings.php:23

actionadmin_initsettings\class-wm-settings.php:24

actionadmin_enqueue_scriptssettings\class-wm-settings.php:25

actionadmin_enqueue_scriptssettings\class-wm-settings.php:26

actionadmin_noticessettings\class-wm-settings.php:27

Maintenance & Trust

Watchman Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedDec 19, 2015

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Watchman Alternatives

Revisioner

revisioner

Clears all revisions from your database.

10 No CVEs

Simple Revision Control

simple-revision-control

100

Easily control and limit post revisions per post type to keep your WordPress database clean and optimized—no coding required!

1K No CVEs

WP Revisions Limit

wp-revisions-limit

Limit the number of revisions stored for your posts. Keep your WordPress fast and your database clean!

900 No CVEs

Thin Out Revisions

thin-out-revisions

Enables flexible revision management for you.

800 No CVEs

Better Revisions

better-revisions

Extend your Revisions: Add important fields like "Permalink" or "Status" to the revisions for a better Content Management.

90 No CVEs

Developer Profile

Watchman Developer Profile

Udit Desai

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Watchman

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/watchman/ui/css/watchman-icons.css

Version Parameters

watchman?ver=watchman-icons?ver=

HTML / DOM Fingerprints

CSS Classes

wm-icon

FAQ