Does Maps by BestWebSoft have any unpatched vulnerabilities?

No. All known vulnerabilities in Maps by BestWebSoft have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Maps by BestWebSoft compatible with WordPress 6.8.5?

According to WordPress.org data, Maps by BestWebSoft 1.4.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Maps by BestWebSoft updated?

Maps by BestWebSoft was last updated on Jun 6, 2025. Frequent updates are generally a positive security signal.

What is Maps by BestWebSoft's security score?

Maps by BestWebSoft has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Maps by BestWebSoft Security & Risk Analysis

wordpress.org/plugins/bws-google-maps

Add customized Google maps to WordPress posts, pages and widgets.

100 active installs v1.4.4 PHP + WP 5.6+ Updated Jun 6, 2025

add-custom-markersadd-google-mapsadd-mapsadd-new-mapaddress-marker

A · Safe

CVEs total1

Unpatched0

Last CVEApr 12, 2017

Plugin page Download

Safety Verdict

Is Maps by BestWebSoft Safe to Use in 2026?

Generally Safe

Score 100/100

Maps by BestWebSoft has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 12, 2017Updated 10mo ago

Risk Assessment

The bws-google-maps plugin v1.4.4 exhibits a generally strong security posture, primarily due to a high percentage of properly escaped output and a robust implementation of nonce and capability checks. The static analysis reveals no critical or high-severity taint flows, indicating that user-supplied input is being handled with reasonable care. The absence of unprotected entry points is also a positive sign.

However, the plugin is not entirely without concern. While the current version has no unpatched vulnerabilities, its history includes one medium severity Cross-Site Scripting (XSS) vulnerability from 2017. This suggests a past susceptibility to input manipulation that could lead to code execution or sensitive data exposure. The presence of SQL queries that are not consistently using prepared statements (50% not prepared) presents a potential risk for SQL injection, although the extent of this risk depends on the nature of the queries and the data they handle. The plugin also makes external HTTP requests, which could be a vector for various attacks if not handled securely.

In conclusion, bws-google-maps v1.4.4 demonstrates good security practices with strong output escaping and authentication mechanisms. The past XSS vulnerability serves as a reminder of potential risks, and the non-prepared SQL queries warrant careful review. The overall risk is moderate, with potential areas for improvement in consistent SQL sanitization and vigilance against past vulnerability types.

Key Concerns

SQL queries not using prepared statements (50%)
One past medium severity CVE

Vulnerabilities

Maps by BestWebSoft Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2017-18557medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Maps by BestWebSoft <= 1.3.5 - Reflected Cross-Site Scripting

Apr 12, 2017 Patched in 1.3.6 (2477d)

Code Analysis

Analyzed Mar 16, 2026

Maps by BestWebSoft Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

454 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared4 total queries

Output Escaping

91% escaped499 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

bws_add_menu_render (bws_menu\bws_menu.php:12)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Maps by BestWebSoft Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1452

authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:432

Shortcodes 1

[bws_googlemaps] bws-google-maps.php:997

WordPress Hooks 23

actionadmin_menubws-google-maps.php:983

actionplugins_loadedbws-google-maps.php:985

actioninitbws-google-maps.php:986

actionadmin_initbws-google-maps.php:987

actionadmin_enqueue_scriptsbws-google-maps.php:989

filterset-screen-optionbws-google-maps.php:991

actionwp_headbws-google-maps.php:993

actionwp_enqueue_scriptsbws-google-maps.php:994

actionwp_footerbws-google-maps.php:995

filterwidget_textbws-google-maps.php:998

filterbws_shortcode_button_contentbws-google-maps.php:1000

filterplugin_action_linksbws-google-maps.php:1002

filterplugin_row_metabws-google-maps.php:1003

actionadmin_noticesbws-google-maps.php:1005

filterload_textdomain_mofilebws_menu\bws_functions.php:37

filtermce_external_pluginsbws_menu\bws_functions.php:1081

filtermce_buttonsbws_menu\bws_functions.php:1082

actionadmin_initbws_menu\bws_functions.php:1357

actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1358

actionadmin_headbws_menu\bws_functions.php:1359

actionadmin_footerbws_menu\bws_functions.php:1360

actionadmin_noticesbws_menu\bws_functions.php:1362

actionwp_enqueue_scriptsbws_menu\bws_functions.php:1364

Maintenance & Trust

Maps by BestWebSoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 6, 2025

PHP min version

Downloads19K

Community Trust

Rating100/100

Number of ratings6

Active installs100

Alternatives

Maps by BestWebSoft Alternatives

No alternatives data available yet.

Developer Profile

Maps by BestWebSoft Developer Profile

bestweblayout

32 plugins · 17K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1944 days

View full developer profile

Detection Fingerprints

How We Detect Maps by BestWebSoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bws-google-maps/css/bws-google-maps.css/wp-content/plugins/bws-google-maps/css/frontend.css/wp-content/plugins/bws-google-maps/js/frontend.js/wp-content/plugins/bws-google-maps/js/bws-google-maps.js/wp-content/plugins/bws-google-maps/js/markerclusterer.js/wp-content/plugins/bws-google-maps/js/marker.js/wp-content/plugins/bws-google-maps/js/infobox.js

Script Paths

/wp-content/plugins/bws-google-maps/js/frontend.js/wp-content/plugins/bws-google-maps/js/bws-google-maps.js/wp-content/plugins/bws-google-maps/js/markerclusterer.js/wp-content/plugins/bws-google-maps/js/marker.js/wp-content/plugins/bws-google-maps/js/infobox.js

Version Parameters

/wp-content/plugins/bws-google-maps/css/bws-google-maps.css?ver=/wp-content/plugins/bws-google-maps/css/frontend.css?ver=/wp-content/plugins/bws-google-maps/js/frontend.js?ver=/wp-content/plugins/bws-google-maps/js/bws-google-maps.js?ver=/wp-content/plugins/bws-google-maps/js/markerclusterer.js?ver=/wp-content/plugins/bws-google-maps/js/marker.js?ver=/wp-content/plugins/bws-google-maps/js/infobox.js?ver=

HTML / DOM Fingerprints

CSS Classes

bws_google_maps_wrapper

Data Attributes

data-map-iddata-map-options

JS Globals

gglmps_frontend_data

Shortcode Output

[bws_google_maps]

FAQ