Does belingoGeo have any unpatched vulnerabilities?

No. All known vulnerabilities in belingoGeo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is belingoGeo compatible with WordPress 6.8.5?

According to WordPress.org data, belingoGeo 1.13.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is belingoGeo updated?

belingoGeo was last updated on Jan 22, 2026. Frequent updates are generally a positive security signal.

What is belingoGeo's security score?

belingoGeo has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

belingoGeo Security & Risk Analysis

wordpress.org/plugins/belingogeo

The plugin adds the ability to select cities, unique pages are created with a unique url for each city. This allows you to uniqueize content.

1K active installs v1.13.2 PHP + WP 5.0.0+ Updated Jan 22, 2026

geo-targetgeo-targetinggeolocationgeotargetingtargeted-content

A · Safe

CVEs total1

Unpatched0

Last CVEMay 9, 2025

Download

Safety Verdict

Is belingoGeo Safe to Use in 2026?

Generally Safe

Score 98/100

belingoGeo has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 9, 2025Updated 2mo ago

Risk Assessment

The 'belingogeo' plugin version 1.13.2 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no known unpatched vulnerabilities at this time. The absence of external HTTP requests and critical/high severity taint flows are also encouraging signs. However, significant concerns arise from the considerable attack surface, with 15 out of 33 entry points lacking authentication checks, specifically 15 AJAX handlers. This large number of unprotected AJAX endpoints is a primary risk, potentially allowing unauthorized actions.

Furthermore, the static analysis reveals that 35% of output operations are not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is involved in these outputs. The presence of two unsanitized path flows in the taint analysis, while not critical or high severity, warrants attention as they could indicate potential path traversal issues, especially given the plugin's history of a high-severity 'Path Traversal' vulnerability. The plugin's reliance on Select2, if not kept updated, could also introduce risks, though no specific version is provided for assessment.

In conclusion, while 'belingogeo' has made strides in secure coding with its SQL handling and has a clean vulnerability history currently, the numerous unprotected AJAX handlers and unescaped output present tangible risks. The historical path traversal vulnerability, coupled with unsanitized path flows in the current analysis, suggests a need for rigorous auditing of input validation and output sanitization, particularly for the unprotected entry points.

Key Concerns

Unprotected AJAX handlers
Unescaped output percentage
Unsanitized paths in taint flows
Missing nonce checks on AJAX
Historical high severity vulnerability

Vulnerabilities

belingoGeo Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-47603high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

belingoGeo <= 1.12.0 - Unauthenticated Arbitrary File Download

May 9, 2025 Patched in 1.12.1 (77d)

Code Analysis

Analyzed Mar 16, 2026

belingoGeo Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

111 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

65% escaped171 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

belingogeo_download_example (includes\admin\settings.php:20)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

15 unprotected

belingoGeo Attack Surface

Entry Points33

Unprotected15

AJAX Handlers 15

authwp_ajax_getcitiescallbackincludes\admin\functions.php:383

authwp_ajax_getpostscallbackincludes\admin\functions.php:410

authwp_ajax_getpagescallbackincludes\admin\functions.php:435

authwp_ajax_gettermscallbackincludes\admin\functions.php:454

authwp_ajax_gettagscallbackincludes\admin\functions.php:471

noprivwp_ajax_load_citiesincludes\ajax-functions.php:3

authwp_ajax_load_citiesincludes\ajax-functions.php:4

noprivwp_ajax_show_city_questionincludes\ajax-functions.php:34

authwp_ajax_show_city_questionincludes\ajax-functions.php:35

noprivwp_ajax_get_widget_cityincludes\ajax-functions.php:90

authwp_ajax_get_widget_cityincludes\ajax-functions.php:91

noprivwp_ajax_write_city_cookieincludes\ajax-functions.php:126

authwp_ajax_write_city_cookieincludes\ajax-functions.php:127

noprivwp_ajax_write_nogeo_cookieincludes\ajax-functions.php:179

authwp_ajax_write_nogeo_cookieincludes\ajax-functions.php:180

Shortcodes 18

[belingogeo_city_field] includes\shortcodes.php:3

[belingogeo_city_content] includes\shortcodes.php:46

[belingogeo_select_city] includes\shortcodes.php:106

[belingogeo_popup_select_city] includes\shortcodes.php:132

[belingogeo_selector] includes\shortcodes.php:149

[belingogeo_region_field] includes\shortcodes.php:172

[belingogeo_region_content] includes\shortcodes.php:212

[city] includes\shortcodes.php:278

[widget_city] includes\shortcodes.php:283

[city_field] includes\shortcodes.php:288

[city_content] includes\shortcodes.php:293

[city_padej1] includes\shortcodes.php:298

[city_padej2] includes\shortcodes.php:303

[city_padej3] includes\shortcodes.php:308

[city_phone] includes\shortcodes.php:313

[city_address] includes\shortcodes.php:318

[cities_addon_contacts] includes\shortcodes.php:323

[select_city] includes\shortcodes.php:357

WordPress Hooks 55

filterquery_varsbelingoGeo.php:18

actiontemplate_redirectbelingoGeo.php:41

actioninitbelingoGeo.php:85

actioninitincludes\admin\functions.php:3

actionadmin_initincludes\admin\functions.php:66

actionsave_postincludes\admin\functions.php:251

actionsave_postincludes\admin\functions.php:326

filterwp_unique_term_slugincludes\admin\functions.php:336

filterposts_whereincludes\admin\functions.php:374

actionbg_regions_add_form_fieldsincludes\admin\functions.php:488

actionbg_regions_edit_form_fieldsincludes\admin\functions.php:502

actioncreated_bg_regionsincludes\admin\functions.php:523

actionedited_bg_regionsincludes\admin\functions.php:524

actionadmin_enqueue_scriptsincludes\admin\functions.php:545

actionadmin_menuincludes\admin\settings.php:4

actionadmin_initincludes\admin\settings.php:19

actionadmin_noticesincludes\admin\settings.php:184

actionadmin_initincludes\admin\settings.php:759

filterthe_titleincludes\hooks.php:3

filterwp_titleincludes\hooks.php:4

filterredirect_canonicalincludes\hooks.php:15

actionwp_enqueue_scriptsincludes\hooks.php:43

actionwp_enqueue_scriptsincludes\hooks.php:77

actionwp_footerincludes\hooks.php:89

filterrewrite_rules_arrayincludes\hooks.php:100

filterpage_linkincludes\hooks.php:221

filterpost_linkincludes\hooks.php:222

filterterm_linkincludes\hooks.php:223

filterpost_type_linkincludes\hooks.php:224

filtermonth_linkincludes\hooks.php:225

filteryear_linkincludes\hooks.php:226

actionadmin_footer-edit.phpincludes\hooks.php:228

filterpost_row_actionsincludes\hooks.php:240

actionpre_trash_postincludes\hooks.php:251

filterpre_delete_postincludes\hooks.php:252

filterdisplay_post_statesincludes\hooks.php:262

actioninitincludes\hooks.php:273

filterwpseo_sitemap_indexincludes\sitemaps.php:40

filterwoocommerce_get_breadcrumbintegrations\woocommerce.php:3

filterwpseo_metadescintegrations\yoast.php:3

filterwpseo_metakeywordsintegrations\yoast.php:4

filterwpseo_titleintegrations\yoast.php:5

filterwpseo_opengraph_site_nameintegrations\yoast.php:6

filterwpseo_opengraph_descintegrations\yoast.php:7

filterwpseo_opengraph_titleintegrations\yoast.php:8

filterwpseo_twitter_descriptionintegrations\yoast.php:9

filterwpseo_twitter_titleintegrations\yoast.php:10

filterwpseo_prev_rel_linkintegrations\yoast.php:22

filterwpseo_next_rel_linkintegrations\yoast.php:23

filterwpseo_opengraph_urlintegrations\yoast.php:24

filterwpseo_canonicalintegrations\yoast.php:25

filterwpseo_schema_breadcrumbintegrations\yoast.php:41

filterwpseo_schema_webpageintegrations\yoast.php:49

filterwpseo_breadcrumb_linksintegrations\yoast.php:86

filterwpseo_sitemap_urlintegrations\yoast.php:139

Maintenance & Trust

belingoGeo Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 22, 2026

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings13

Active installs1K

Alternatives

belingoGeo Alternatives

IP2Location Variables

ip2location-variables

Library helps you to create location based website or content easily by integrating geolocation solution to your site. It supports both IPv4 and IPv6 …

100 1 CVE

GeoTargeting Lite – WordPress Geolocation

geotargeting

GeoTargeting for WordPress will let you country-target your content based on users IP's and Geocountry Ip database

1K No CVEs

IP2Location Tags

ip2location-tags

100

Displays visitor’s geolocation information, geo-targeting and customize the page content for different countries based on users location.

200 No CVEs

Geo Content

geo-targetly-geo-content

Change content based on visitor geolocation (country, state, city, lat/lng/radius)

100 1 CVE

If-So Geolocation

if-so-geolocation

100

All-in-one geolocation. Personalized content, geolocation Dynamic Keyword Insertion shortcodes, Rediects, and more. No coding required!

1K No CVEs

Developer Profile

belingoGeo Developer Profile

Belingo

3 plugins · 1K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

77 days

View full developer profile

Detection Fingerprints

How We Detect belingoGeo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/belingogeo/assets/js/belingogeo-front.js/wp-content/plugins/belingogeo/assets/css/belingogeo.css

Script Paths

/wp-content/plugins/belingogeo/assets/js/belingogeo-front.js

Version Parameters

belingogeo/assets/css/belingogeo.css?ver=belingogeo/assets/js/belingogeo-front.js?ver=

HTML / DOM Fingerprints

CSS Classes

belingogeo-popup

HTML Comments

Data Attributes

data-belingogeo-city-iddata-belingogeo-city-namedata-belingogeo-city-urldata-belingogeo-city-slug

JS Globals

belingogeo_ajax_url

Shortcode Output

[belingogeo_city_list][belingogeo_geo_select_city]

FAQ