Delivery Area with Google Maps Security & Risk Analysis

wordpress.org/plugins/delivery-area-with-google-maps

This plugin allows you create delivery areas in Google Maps and by a shortcode put it in everywhere.

50 active installs v1.3.1 PHP 5.6+ WP 4.9.0+ Updated Nov 3, 2019
areadeliverydelivery-areagoogle-mapspolygon
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Delivery Area with Google Maps Safe to Use in 2026?

Generally Safe

Score 85/100

Delivery Area with Google Maps has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The plugin "delivery-area-with-google-maps" v1.3.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and not making external HTTP requests or performing file operations. The absence of known CVEs and a clean vulnerability history further suggests a generally well-maintained codebase.

However, significant concerns arise from the static analysis. The plugin has a substantial attack surface composed of 5 entry points, with a worrying 4 of them lacking any authentication checks. This means that potentially sensitive actions or data retrieval could be accessed by unauthenticated users. Additionally, the low percentage of properly escaped output (38%) indicates a high risk of cross-site scripting (XSS) vulnerabilities. The lack of nonce checks on AJAX handlers compounds the risk posed by the unprotected AJAX endpoints.

Given the lack of past vulnerabilities, it's possible that these issues have gone unnoticed or unexploited. However, the combination of unprotected entry points and insufficient output sanitization presents a clear and present danger. The plugin's strengths in SQL handling and avoiding other risky operations are overshadowed by these critical weaknesses in authentication and output escaping.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping rate
  • Missing nonce checks on AJAX
  • Large attack surface without auth
Vulnerabilities
None known

Delivery Area with Google Maps Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Delivery Area with Google Maps Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Delivery Area with Google Maps Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
8 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

38% escaped21 total outputs
Attack Surface
4 unprotected

Delivery Area with Google Maps Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_areamaps_jsadmin\class-areamaps-admin.php:32
noprivwp_ajax_areamaps_jsadmin\class-areamaps-admin.php:33
authwp_ajax_frontmap_jspublic\class-areamaps-public.php:8
noprivwp_ajax_frontmap_jspublic\class-areamaps-public.php:9

Shortcodes 1

[areamaps] public\class-areamaps-public.php:6
WordPress Hooks 12
filterplugin_row_metaadmin\class-areamaps-admin.php:25
actionadmin_enqueue_scriptsadmin\class-areamaps-admin.php:29
actionadd_meta_boxesadmin\class-areamaps-admin.php:36
actionsave_post_areamapsadmin\class-areamaps-admin.php:37
filtermanage_areamaps_posts_columnsadmin\class-areamaps-admin.php:40
actionmanage_areamaps_posts_custom_columnadmin\class-areamaps-admin.php:41
actionadmin_menuadmin\class-areamaps-settings.php:8
actionadmin_initadmin\class-areamaps-settings.php:9
actionplugins_loadedadmin\class-areamaps-settings.php:10
actionadmin_noticesadmin\class-areamaps-settings.php:17
actioninitincludes\class-areamaps-cpt.php:5
actionplugins_loadedincludes\class-areamaps.php:55
Maintenance & Trust

Delivery Area with Google Maps Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedNov 3, 2019
PHP min version5.6
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs50
Developer Profile

Delivery Area with Google Maps Developer Profile

gonzalesc

2 plugins · 350 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Delivery Area with Google Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/delivery-area-with-google-maps/admin/css/style.css/wp-content/plugins/delivery-area-with-google-maps/admin/js/admin-maps.js/wp-content/plugins/delivery-area-with-google-maps/includes/js/frontend-maps.js/wp-content/plugins/delivery-area-with-google-maps/admin/assets/js/areamap_js.php
Script Paths
//maps.googleapis.com/maps/api/js?key=admin-ajax.php?action=areamaps_js&id=
Version Parameters
delivery-area-with-google-maps/admin/css/style.css?ver=delivery-area-with-google-maps/admin/js/admin-maps.js?ver=delivery-area-with-google-maps/includes/js/frontend-maps.js?ver=

HTML / DOM Fingerprints

CSS Classes
areamaps_metabox_mapareamaps_shortcode_wrapperdelivery-area-maps
HTML Comments
<!-- AREAMAPS ADMIN CONTENT --><!-- AREA MAPS SETTINGS FORM -->
Data Attributes
data-areamaps-iddata-areamaps-latdata-areamaps-lngdata-areamaps-zoomdata-areamaps-lcolor
JS Globals
areamaps_ajax_urlareamaps_post_idareamaps_settingsAreaGM_frontend
Shortcode Output
[areamaps id=
FAQ

Frequently Asked Questions about Delivery Area with Google Maps