WP-Safety

DevVN Local Store Security & Risk Analysis

wordpress.org/plugins/devvn-local-store

DevVN Local Store help you add stores and search store on google maps.

2K active installs v1.1.0 PHP + WP 4.3+ Updated May 27, 2024
cua-hanggoogle-map-apilocal-storesearch-store
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is DevVN Local Store Safe to Use in 2026?

Generally Safe

Score 92/100

DevVN Local Store has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The devvn-local-store plugin version 1.1.0 presents a mixed security posture. While the absence of known CVEs and no critical taint flows are positive indicators, significant concerns arise from its attack surface and handling of sensitive operations. A notable weakness is the presence of 4 unprotected AJAX handlers, which represent direct entry points for potential attackers. Furthermore, the plugin exhibits poor SQL query hygiene, with 100% of its single SQL query lacking prepared statement usage, increasing the risk of SQL injection vulnerabilities. Although a good percentage of output is properly escaped, the raw SQL and unprotected AJAX handlers remain significant risks.

Considering the vulnerability history, the plugin has a clean slate with no recorded CVEs. This, coupled with the lack of critical taint analysis findings, might suggest a generally well-developed codebase or a lack of exposure to sophisticated attacks. However, the presence of unprotected AJAX handlers and unparameterized SQL queries are fundamental security flaws that do not require complex exploit chains. The plugin's strengths lie in its file operation, external HTTP request handling, and a decent rate of output escaping. However, the identified weaknesses in AJAX security and SQL practices warrant careful consideration, particularly for sites handling sensitive data.

Key Concerns

  • Unprotected AJAX handlers
  • Raw SQL without prepared statements
  • Unescaped output detected
Vulnerabilities
None known

DevVN Local Store Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

DevVN Local Store Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
19
73 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

79% escaped92 total outputs
Attack Surface
4 unprotected

DevVN Local Store Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_dvls_load_localstoresdevvn-local-store.php:116
noprivwp_ajax_dvls_load_localstoresdevvn-local-store.php:117
authwp_ajax_dvls_loadlastest_storedevvn-local-store.php:119
noprivwp_ajax_dvls_loadlastest_storedevvn-local-store.php:120

Shortcodes 1

[devvn_local_stores] devvn-local-store.php:114
WordPress Hooks 18
actionplugins_loadeddevvn-local-store.php:34
actioninitdevvn-local-store.php:90
actioninitdevvn-local-store.php:91
filtermanage_edit-local-store_columnsdevvn-local-store.php:93
actionmanage_local-store_posts_custom_columndevvn-local-store.php:94
actionadd_meta_boxes_local-storedevvn-local-store.php:99
filteradmin_footer_textdevvn-local-store.php:102
actionadd_meta_boxesdevvn-local-store.php:104
actionedit_form_after_titledevvn-local-store.php:105
actionsave_postdevvn-local-store.php:106
actionwp_enqueue_scriptsdevvn-local-store.php:108
actionadmin_enqueue_scriptsdevvn-local-store.php:109
actionadmin_menudevvn-local-store.php:111
actionadmin_initdevvn-local-store.php:112
actionsave_postdevvn-local-store.php:122
actionwp_insert_postdevvn-local-store.php:123
actionpublish_postdevvn-local-store.php:124
actionadmin_noticesdevvn-local-store.php:126
Maintenance & Trust

DevVN Local Store Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 27, 2024
PHP min version
Downloads13K

Community Trust

Rating100/100
Number of ratings5
Active installs2K
Alternatives

DevVN Local Store Alternatives

Really Simple Maps

Really Simple Maps

really-simple-maps

A
85

The easiest way to integrate google maps in your wordpress site. Just add the shortcode in any post or page and your map will be displayed!

10 No CVEs
Developer Profile

DevVN Local Store Developer Profile

Le Van Toan

8 plugins · 44K total installs

84
trust score
Avg Security Score
94/100
Avg Patch Time
85 days
View full developer profile
Detection Fingerprints

How We Detect DevVN Local Store

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/devvn-local-store/assets/css/devvn-localstore.css/wp-content/plugins/devvn-local-store/assets/js/devvn-localstore-jquery.js
Script Paths
https://maps.googleapis.com/maps/api/js
Version Parameters
devvn-local-store/assets/css/devvn-localstore.css?ver=devvn-local-store/assets/js/devvn-localstore-jquery.js?ver=

HTML / DOM Fingerprints

CSS Classes
devvn-localstore-wrapperdevvn-localstore-itemdevvn-localstore-item-thumbdevvn-localstore-item-contentdevvn-localstore-item-content-titledevvn-localstore-item-content-addressdevvn-localstore-item-content-phonedevvn-localstore-item-content-email+3 more
Data Attributes
data-latdata-lngdata-zoomdata-icon
JS Globals
dvls_data
Shortcode Output
[devvn_local_stores]
FAQ

Frequently Asked Questions about DevVN Local Store