Urgent action is required to secure your WordPress website from potential risks as a high-severity Cross-Site Scripting (XSS) vulnerability has been uncovered in the Easy Watermark Plugin. This critical security flaw was discovered and responsibly reported by Rafie Muhammad of Patchstack, underscoring the significance of promptly updating the plugin to ensure robust WordPress security and protect against potential malware threats.

The identified XSS vulnerability in the Easy Watermark Plugin poses a high-severity risk with the potential to inject malicious scripts, including redirects, advertisements, and other harmful HTML payloads into your website. These scripts can be executed when guests visit your site, leading to detrimental consequences for your website’s security.


Rated with a high-severity CVSS 3.1 score, this vulnerability is deemed critical, signifying its propensity for exploitation and the substantial impact on WordPress security.

Affected Plugin Version:

The vulnerability affects all versions of the Easy Watermark Plugin up to version 1.0.7.


The critical XSS vulnerability opens the door for malicious actors to inject harmful scripts into your website, potentially redirecting users to malicious sites, displaying unauthorized advertisements, and compromising sensitive data.


To safeguard your website from potential exploits and bolster WordPress security, it is imperative to act swiftly. Update your WordPress Easy Watermark Plugin to the latest available version, 1.0.7. This crucial update contains vital fixes to eliminate the XSS vulnerability, ensuring your website remains shielded from high-severity attacks.

As a responsible website owner, prioritizing WordPress security is paramount to maintaining the integrity of your website and safeguarding your visitors and users. Stay vigilant by regularly updating your plugins, staying informed about emerging vulnerabilities, and adhering to best practices to foster a secure online environment.