WP-Safety

Basic Google Maps Placemarks Security & Risk Analysis

wordpress.org/plugins/basic-google-maps-placemarks

Embeds a Google Map into your site and lets you add map markers with custom icons and information windows.

3K active installs v1.10.8 PHP + WP 3.1+ Updated Mar 31, 2026
geocodegoogle-mapsmapmarkerplacemark
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 15, 2026
Plugin page Download
Safety Verdict

Is Basic Google Maps Placemarks Safe to Use in 2026?

Generally Safe

Score 99/100

Basic Google Maps Placemarks has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 15, 2026Updated 1mo ago
Risk Assessment

The plugin 'basic-google-maps-placemarks' version 1.10.7 exhibits a generally good security posture based on the static analysis and vulnerability history. The plugin has no known vulnerabilities (CVEs) and demonstrates a commitment to security by implementing capability checks on its entry points and performing external HTTP requests with caution. The attack surface is minimal, with no unprotected AJAX handlers or REST API routes.

However, there are areas for improvement. The analysis reveals that 0% of SQL queries use prepared statements, which is a significant concern. While there are no critical or high-severity taint flows identified, the presence of 4 flows with unsanitized paths indicates a potential risk that could be exploited if malicious data is introduced. Furthermore, the output escaping is only at 52%, meaning a substantial portion of the plugin's output is not properly sanitized, posing a risk of Cross-Site Scripting (XSS) vulnerabilities.

Overall, the plugin's lack of historical vulnerabilities is a positive sign. However, the identified coding practices, particularly the absence of prepared statements for SQL and the moderate output escaping, represent tangible risks that should be addressed to further harden its security.

Key Concerns

  • SQL queries not using prepared statements
  • Low percentage of properly escaped output
  • Unsanitized paths in taint flows
Vulnerabilities
1 published

Basic Google Maps Placemarks Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-3581medium · 5.3Missing Authorization

Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update

Apr 15, 2026 Patched in 1.10.8 (1d)
Version History

Basic Google Maps Placemarks Release Timeline

v1.10.8Current
v1.10.71 CVE
CVE-2026-3581
v1.10.61 CVE
CVE-2026-3581
v1.10.51 CVE
CVE-2026-3581
v1.10.41 CVE
CVE-2026-3581
v1.10.31 CVE
CVE-2026-3581
v1.10.21 CVE
CVE-2026-3581
v1.10.11 CVE
CVE-2026-3581
v1.101 CVE
CVE-2026-3581
v1.10-rc11 CVE
CVE-2026-3581
v1.10-rc21 CVE
CVE-2026-3581
v1.10-rc31 CVE
CVE-2026-3581
v1.10-rc41 CVE
CVE-2026-3581
v1.9.3-rc11 CVE
CVE-2026-3581
v1.9.3-rc21 CVE
CVE-2026-3581
v1.9.21 CVE
CVE-2026-3581
v1.9.11 CVE
CVE-2026-3581
v1.91 CVE
CVE-2026-3581
v1.9-alpha11 CVE
CVE-2026-3581
v1.9-rc11 CVE
CVE-2026-3581
Code Analysis
Analyzed Mar 16, 2026

Basic Google Maps Placemarks Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
24
26 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

52% escaped50 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
saveCustomFields (core.php:855)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Basic Google Maps Placemarks Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[bgmp-map] core.php:49
[bgmp-list] core.php:50
WordPress Hooks 20
actionadmin_noticesbasic-google-maps-placemarks.php:92
actioninitcore.php:33
actioninitcore.php:34
actioninitcore.php:35
actioninitcore.php:36
actionafter_setup_themecore.php:37
actionadmin_initcore.php:38
actionwpcore.php:39
actionadmin_enqueue_scriptscore.php:40
actionwp_headcore.php:41
actionadmin_noticescore.php:42
actionsave_postcore.php:43
actionwpmu_new_blogcore.php:44
actionshutdowncore.php:45
filterparse_querycore.php:47
actioninitsettings.php:26
actioninitsettings.php:27
actionadmin_menusettings.php:28
actionadmin_initsettings.php:29
filterplugin_action_links_basic-google-maps-placemarks/basic-google-maps-placemarks.phpsettings.php:31
Maintenance & Trust

Basic Google Maps Placemarks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 31, 2026
PHP min version
Downloads206K

Community Trust

Rating88/100
Number of ratings51
Active installs3K
Alternatives

Basic Google Maps Placemarks Alternatives

WP Go Maps (formerly WP Google Maps)

WP Go Maps (formerly WP Google Maps)

wp-google-maps

A
86

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor &hellip;

300K 23 CVEs
Easy Google Maps

Easy Google Maps

google-maps-easy

A
97

Google Maps with markers, locations and clusterization, KML layers and filters. Custom Google map markers with text, images, videos, links.

20K 7 CVEs
Maps Plugin using Google Maps for WordPress – WP Google Map

Maps Plugin using Google Maps for WordPress – WP Google Map

gmap-embed

A
97

Google Map plugin for WordPress is very Simple, light-weight and Easy to use Google Custom Map with markers in Posts, Pages, Sidebar as shortcode.

10K 6 CVEs
CodePeople Post Map for Google Maps

CodePeople Post Map for Google Maps

codepeople-post-map

A
100

CodePeople Post Map lets you geotag posts and seamlessly integrate your blog with Google Maps for a smooth, location-aware experience.

3K 1 CVE
Pronamic Google Maps

Pronamic Google Maps

pronamic-google-maps

A
98

This plugin makes it easy to add Google Maps to your WordPress post, pages or other custom post types.

1K 2 CVEs
Developer Profile

Basic Google Maps Placemarks Developer Profile

Ian Dunn

9 plugins · 5K total installs

92
trust score
Avg Security Score
88/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Basic Google Maps Placemarks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/basic-google-maps-placemarks/css/style.css/wp-content/plugins/basic-google-maps-placemarks/css/marker.css/wp-content/plugins/basic-google-maps-placemarks/js/bgmp.js/wp-content/plugins/basic-google-maps-placemarks/js/bgmp-admin.js/wp-content/plugins/basic-google-maps-placemarks/js/bgmp-map.js/wp-content/plugins/basic-google-maps-placemarks/js/bgmp-list.js
Script Paths
/wp-content/plugins/basic-google-maps-placemarks/js/bgmp.js/wp-content/plugins/basic-google-maps-placemarks/js/bgmp-admin.js/wp-content/plugins/basic-google-maps-placemarks/js/bgmp-map.js/wp-content/plugins/basic-google-maps-placemarks/js/bgmp-list.js
Version Parameters
basic-google-maps-placemarks/css/style.css?ver=basic-google-maps-placemarks/css/marker.css?ver=basic-google-maps-placemarks/js/bgmp.js?ver=basic-google-maps-placemarks/js/bgmp-admin.js?ver=basic-google-maps-placemarks/js/bgmp-map.js?ver=basic-google-maps-placemarks/js/bgmp-list.js?ver=

HTML / DOM Fingerprints

CSS Classes
bgmp_mapbgmp_listbgmp-marker-icon-upload-previewbgmp-map-settings-wrapperbgmp-map-optionsbgmp-placemark-edit-form
HTML Comments
<!-- The following snippet of code must be placed in the head of your HTML document --><!-- The following snippet of code must be placed in the body of your HTML document --><!-- Shortcode: [bgmp-map] --><!-- Shortcode: [bgmp-list] -->
Data Attributes
data-bgmp-marker-iddata-bgmp-map-iddata-bgmp-map-options
JS Globals
bgmp_settingsbgmp_map_optionsbgmp_placemark_options
Shortcode Output
[bgmp-map][bgmp-list]
FAQ

Frequently Asked Questions about Basic Google Maps Placemarks