WP-Safety

Multi Location Marker Security & Risk Analysis

wordpress.org/plugins/add-multiple-marker

Multi Location Marker helps you add multiple map locations to a single map and display them on the frontend using a shortcode.

60 active installs v1.3 PHP 8.2+ WP 5.6+ Updated Jan 6, 2026
google-mapslocationsmapmap-markersmarker
95
A · Safe
CVEs total3
Unpatched0
Last CVENov 10, 2025
Plugin page Download
Safety Verdict

Is Multi Location Marker Safe to Use in 2026?

Generally Safe

Score 95/100

Multi Location Marker has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 10, 2025Updated 2mo ago
Risk Assessment

The 'add-multiple-marker' plugin v1.3, based on static analysis, exhibits generally good security practices with no immediate critical vulnerabilities detected in its code. The plugin demonstrates a strong commitment to secure coding by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of dangerous functions, file operations, and a relatively small, protected attack surface are positive indicators. However, the presence of unsanitized paths in taint analysis, even without critical or high severity, warrants attention as it indicates a potential for unexpected behavior or exploitation if data flows are not properly validated or are used in sensitive operations.

The plugin's vulnerability history is a significant concern. Despite having zero currently unpatched CVEs, the past existence of three vulnerabilities, including one high and two medium severity, points to a pattern of security weaknesses. The common types of historical vulnerabilities, Cross-Site Request Forgery (CSRF) and Missing Authorization, suggest that developers have previously struggled with adequately protecting user actions and data. While the current version might have addressed these, the historical context implies a higher likelihood of future vulnerabilities or overlooked issues.

In conclusion, while the 'add-multiple-marker' plugin v1.3 has improved its security posture with solid coding practices like prepared statements and output escaping, its historical vulnerability record necessitates caution. The taint analysis, though not critical, should be thoroughly investigated, and the past patterns of CSRF and missing authorization should be monitored. Continued vigilance and rigorous testing are recommended to ensure the plugin remains secure.

Key Concerns

  • Unsanitized paths in taint analysis
  • Historical high severity vulnerability
  • Historical medium severity vulnerabilities
  • External HTTP requests
Vulnerabilities
3

Multi Location Marker Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-11999medium · 5.3Missing Authorization

Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update

Nov 10, 2025 Patched in 1.3 (85d)
CVE-2022-45080high · 8.8Cross-Site Request Forgery (CSRF)

Add Multiple Marker <= 1.2 - Cross-Site Request Forgery

Nov 11, 2022 Patched in 1.3 (1181d)
CVE-2022-45081medium · 6.5Missing Authorization

Add Multiple Marker <= 1.2 - Missing Authorization Checks to Settings Update

Nov 11, 2022 Patched in 1.3 (1181d)
Code Analysis
Analyzed Mar 16, 2026

Multi Location Marker Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
54 escaped
Nonce Checks
4
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

95% escaped57 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
addmultiplemarker_save_map_api (admin\helper.php:122)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Multi Location Marker Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 6

authwp_ajax_addmultiplemarker_save_maps_dataadmin\helper.php:69
noprivwp_ajax_addmultiplemarker_save_maps_dataadmin\helper.php:70
authwp_ajax_addmultiplemarker_reset_mapadmin\helper.php:116
noprivwp_ajax_addmultiplemarker_reset_mapadmin\helper.php:117
authwp_ajax_addmultiplemarker_save_map_apiadmin\helper.php:181
noprivwp_ajax_addmultiplemarker_save_map_apiadmin\helper.php:182

Shortcodes 1

[addmultiplemarker] functions.php:24
WordPress Hooks 5
actioninitaddmultiplemarker.php:57
actionadmin_enqueue_scriptsfunctions.php:21
actionwp_enqueue_scriptsfunctions.php:22
actionadmin_menufunctions.php:23
actionadmin_noticesfunctions.php:25
Maintenance & Trust

Multi Location Marker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 6, 2026
PHP min version8.2
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs60
Alternatives

Multi Location Marker Alternatives

WP Go Maps (formerly WP Google Maps)

WP Go Maps (formerly WP Google Maps)

wp-google-maps

A
86

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor &hellip;

300K 22 CVEs
Easy Google Maps

Easy Google Maps

google-maps-easy

A
96

Google Maps with markers, locations and clusterization, KML layers and filters. Custom Google map markers with text, images, videos, links.

20K 7 CVEs
Maps Plugin using Google Maps for WordPress – WP Google Map

Maps Plugin using Google Maps for WordPress – WP Google Map

gmap-embed

A
97

Google Map plugin for WordPress is very Simple, light-weight and Easy to use Google Custom Map with markers in Posts, Pages, Sidebar as shortcode.

10K 6 CVEs
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO

WP Google Street View (with 360° virtual tour) & Google maps + Local SEO

wp-google-street-view

A
96

The WP Google Street View allows you to embed Google street View (with virtual tour) & Google Maps maps with high quality markers.

400 3 CVEs
Map Engine – Google Maps and Open Street Maps for WordPress

Map Engine – Google Maps and Open Street Maps for WordPress

map-engine

A
85

An Ultimate map tool to revolutionize your map building experience.

100 No CVEs
Developer Profile

Multi Location Marker Developer Profile

KrishaWeb

13 plugins · 17K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
655 days
View full developer profile
Detection Fingerprints

How We Detect Multi Location Marker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/add-multiple-marker/admin/css/amm-style.css/wp-content/plugins/add-multiple-marker/admin/fonts/sanasansalt.css/wp-content/plugins/add-multiple-marker/admin/js/jquery.blockUI.js/wp-content/plugins/add-multiple-marker/admin/js/amm-scripts.js/wp-content/plugins/add-multiple-marker/admin/js/amm-custom-settings.js/wp-content/plugins/add-multiple-marker/public/css/amm-frontend-style.css/wp-content/plugins/add-multiple-marker/public/js/frontendscript.js
Script Paths
https://maps.googleapis.com/maps/api/js?key=https://maps.googleapis.com/maps/api/js?key=&libraries=drawing,places
Version Parameters
add-multiple-marker/admin/css/amm-style.css?ver=add-multiple-marker/admin/fonts/sanasansalt.css?ver=add-multiple-marker/admin/js/jquery.blockUI.js?ver=add-multiple-marker/admin/js/amm-scripts.js?ver=add-multiple-marker/admin/js/amm-custom-settings.js?ver=add-multiple-marker/public/css/amm-frontend-style.css?ver=add-multiple-marker/public/js/frontendscript.js?ver=

HTML / DOM Fingerprints

CSS Classes
amm-map-container
HTML Comments
<!-- Admin Notice For Map API --><!-- Admin Notice For Map API -->
Data Attributes
data-map-heightdata-map-latdata-map-lngdata-map-zoomdata-marker-latdata-marker-lng+4 more
JS Globals
amm_plugin_objamm_plugin_custom_objamm_frontend_obj
Shortcode Output
[addmultiplemarker]
FAQ

Frequently Asked Questions about Multi Location Marker