Does WP Forms Signature Contract Add-On have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Forms Signature Contract Add-On have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Forms Signature Contract Add-On compatible with WordPress 6.9.4?

According to WordPress.org data, WP Forms Signature Contract Add-On 1.8.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP Forms Signature Contract Add-On updated?

WP Forms Signature Contract Add-On was last updated on Jan 8, 2026. Frequent updates are generally a positive security signal.

What is WP Forms Signature Contract Add-On's security score?

WP Forms Signature Contract Add-On has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Forms Signature Contract Add-On Security & Risk Analysis

wordpress.org/plugins/wp-forms-signature-contract-add-on

Instantly produce a legally binding PDF WordPress contract from a WP Forms contact form submission. Digital Signature Pad. Proposal.

1K active installs v1.8.3 PHP + WP 4.5+ Updated Jan 8, 2026

contractproposalwp-formwp-formswpforms

A · Safe

CVEs total1

Unpatched0

Last CVEJan 19, 2026

Plugin page Download

Safety Verdict

Is WP Forms Signature Contract Add-On Safe to Use in 2026?

Generally Safe

Score 99/100

WP Forms Signature Contract Add-On has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 19, 2026Updated 2mo ago

Risk Assessment

The "wp-forms-signature-contract-add-on" v1.8.3 plugin exhibits a generally good security posture, with many strong security practices in place. The static analysis reveals a small attack surface with no unprotected entry points. The plugin effectively utilizes prepared statements for all SQL queries and has a high percentage of properly escaped output. Furthermore, it implements both nonce and capability checks for its AJAX handlers, which is a positive indicator of security awareness. No critical or high severity issues were identified in the taint analysis, and there are no known critical or high severity vulnerabilities historically.

Key Concerns

Medium severity vulnerability history
Vulnerability identified in the past
File operations detected
Slightly less than perfect output escaping

Vulnerabilities

WP Forms Signature Contract Add-On Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-24985medium · 4.3Missing Authorization

WP Forms Signature Contract Add-On <= 1.8.2 - Missing Authorization to Authenticated (Subscriber+) Notice Dimissal

Jan 19, 2026 Patched in 1.8.3 (23d)

Code Analysis

Analyzed Mar 16, 2026

WP Forms Signature Contract Add-On Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

178 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped198 total outputs

Attack Surface

WP Forms Signature Contract Add-On Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_esig_wpform_fieldsadmin\esig-wpform-admin.php:49

authwp_ajax_esig_wpform_ratting_widget_removeadmin\rating-widget\esign-rating-widget.php:44

Shortcodes 1

[esigwpform] admin\esig-wpform-admin.php:54

WordPress Hooks 28

actionadmin_noticesadmin\about\autoload.php:27

actionesig_admin_noticesadmin\about\autoload.php:29

actionin_admin_headeradmin\about\autoload.php:82

actionadmin_menuadmin\about\includes\esig-about-load.php:30

filteresig_document_title_filteradmin\esig-wpf-filters.php:16

filteresig_strip_shortcodes_tagnamesadmin\esig-wpf-filters.php:17

filteresig_document_clone_render_contentadmin\esig-wpf-filters.php:19

actioninitadmin\esig-wpform-admin.php:42

actionadmin_enqueue_scriptsadmin\esig-wpform-admin.php:44

filteresig_sif_buttons_filteradmin\esig-wpform-admin.php:46

filteresig_text_editor_sif_menuadmin\esig-wpform-admin.php:47

filteresig_admin_more_document_contentsadmin\esig-wpform-admin.php:48

actionadmin_initadmin\esig-wpform-admin.php:51

filtershow_sad_invite_linkadmin\esig-wpform-admin.php:52

filteresig_invite_not_sentadmin\esig-wpform-admin.php:53

filterwpforms_builder_settings_sectionsadmin\esig-wpform-admin.php:56

actionwpforms_form_settings_panel_contentadmin\esig-wpform-admin.php:57

actionwpforms_process_completeadmin\esig-wpform-admin.php:58

actionwp_esignature_loadedadmin\esig-wpform-admin.php:60

actionesig_signature_loadedadmin\esig-wpform-admin.php:61

actioninitadmin\includes\esig-wpform.php:50

actionadmin_initadmin\includes\esig-wpform.php:51

actionesig_admin_noticesadmin\rating-widget\esign-rating-widget.php:41

actionadmin_enqueue_scriptsadmin\rating-widget\esign-rating-widget.php:42

actionadmin_enqueue_scriptsadmin\rating-widget\esign-rating-widget.php:43

actionplugins_loadedwpform-signature-addon.php:58

actionplugins_loadedwpform-signature-addon.php:59

actionplugins_loadedwpform-signature-addon.php:63

Maintenance & Trust

WP Forms Signature Contract Add-On Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 8, 2026

PHP min version

Downloads54K

Community Trust

Rating88/100

Number of ratings5

Active installs1K

Alternatives

WP Forms Signature Contract Add-On Alternatives

Embed PDF for WPForms

embed-pdf-wpforms

An add-on for WPForms. Provides a PDF Viewer field.

30 1 CVE

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

Form Popup Maker for WPForms, Contact Form 7 and Many other Forms

wpb-form-popup

100

WPB Popup Form WordPress plugin will help you to create effective form popups. WPForms Popup form, Mailchimp popup, Opt-in, login popup.

600 No CVEs

WP Forms + Sprout Invoices – Easy Invoice & Quote Submissions

sprout-invoices-wp-forms

100

Dynamic invoicing (and estimates/quotes) from WP Form submissions.

400 No CVEs

Electronic Signature Add-on for Fluent Forms

signature-fluent-contract-forms-add-on

100

Instantly produce a legally binding PDF WordPress contract from a Fluent Forms contact form submission. Digital Signature Pad. Proposal.

200 No CVEs

Developer Profile

WP Forms Signature Contract Add-On Developer Profile

approveme

10 plugins · 4K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect WP Forms Signature Contract Add-On

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-forms-signature-contract-add-on/assets/css/esig-about-alert.css/wp-content/plugins/wp-forms-signature-contract-add-on/admin/rating-widget/css/esign-rating-widget.css

Script Paths

/wp-content/plugins/wp-forms-signature-contract-add-on/admin/rating-widget/js/esign-rating-widget.js/wp-content/plugins/wp-forms-signature-contract-add-on/assets/js/wpforms-signature-contracts.js

Version Parameters

wp-forms-signature-contract-add-on/assets/css/esig-about-alert.css?ver=wp-forms-signature-contract-add-on/admin/rating-widget/js/esign-rating-widget.js?ver=wp-forms-signature-contract-add-on/assets/js/wpforms-signature-contracts.js?ver=

HTML / DOM Fingerprints

CSS Classes

esig-about-alert

HTML Comments

Data Attributes

data-esig-wpform-plugin-url

JS Globals

ESIG_WPFORM_Admin

FAQ