WP-Safety

Interactive Image Map Plugin – Draw Attention Security & Risk Analysis

wordpress.org/plugins/draw-attention

Create interactive images with clickable hotspots, using modern image maps for WordPress. Perfect for floor plans, infographics, maps, and more.

20K active installs v2.1.2 PHP + WP 3.5.1+ Updated Feb 17, 2026
floor-planhotspotimage-mapimage-mapsinteractive-images
99
A · Safe
CVEs total2
Unpatched0
Last CVEOct 24, 2023
Plugin page Download
Safety Verdict

Is Interactive Image Map Plugin – Draw Attention Safe to Use in 2026?

Generally Safe

Score 99/100

Interactive Image Map Plugin – Draw Attention has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 24, 2023Updated 1mo ago
Risk Assessment

The 'draw-attention' plugin version 2.1.2 exhibits a generally positive security posture with no critical or high severity vulnerabilities identified in the static analysis or vulnerability history. The plugin demonstrates good security practices by implementing nonce and capability checks, and it has no unpatched CVEs. The absence of dangerous functions, file operations, and external HTTP requests is also encouraging.

However, there are areas for improvement. The relatively low percentage of properly escaped output (13%) suggests a potential risk of Cross-Site Scripting (XSS) vulnerabilities, even though no specific flows were identified in the taint analysis. Similarly, the 50% usage of prepared statements for SQL queries indicates that half of the SQL queries are executed without this crucial security measure, which could be exploited for SQL injection if not handled carefully elsewhere. The presence of two medium severity vulnerabilities in its history, specifically related to improper access control and missing authorization, warrants attention and suggests that while currently patched, these types of issues have occurred in the past.

Overall, 'draw-attention' v2.1.2 is reasonably secure due to the lack of critical immediate threats and a proactive approach to patching historical vulnerabilities. However, the plugin would benefit from a comprehensive review of its output escaping and a more consistent application of prepared statements to mitigate potential XSS and SQL injection risks.

Key Concerns

  • Low output escaping percentage (13%)
  • 50% of SQL queries not using prepared statements
  • 2 past medium vulnerabilities (Improper Access Control, Missing Authorization)
Vulnerabilities
2

Interactive Image Map Plugin – Draw Attention Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2023-46616medium · 6.3Improper Access Control

Draw Attention <= 2.0.15 - Improper Access Control via register_cpt

Oct 24, 2023 Patched in 2.0.16 (91d)
CVE-2023-2764medium · 4.3Missing Authorization

Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification

May 30, 2023 Patched in 2.0.12 (238d)
Code Analysis
Analyzed Mar 16, 2026

Interactive Image Map Plugin – Draw Attention Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
110
16 escaped
Nonce Checks
3
Capability Checks
8
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared2 total queries

Output Escaping

13% escaped126 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
output_import_export_page (public\includes\import-export.php:109)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Interactive Image Map Plugin – Draw Attention Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_hotspot_update_custom_fieldspublic\includes\custom_fields.php:31

Shortcodes 1

[drawattention] public\class-drawattention.php:97
WordPress Hooks 52
actionadmin_enqueue_scriptsadmin\class-drawattention-admin.php:79
actionadmin_enqueue_scriptsadmin\class-drawattention-admin.php:80
actionadmin_menuadmin\class-drawattention-admin.php:82
actionadmin_initadmin\class-drawattention-admin.php:83
actionwp_before_admin_bar_renderadmin\class-drawattention-admin.php:84
actionadmin_noticesadmin\class-drawattention-admin.php:86
actionadmin_enqueue_scriptsadmin\class-drawattention-admin.php:87
actionadmin_enqueue_scriptsadmin\class-drawattention-admin.php:88
actioncmb2_save_post_fieldsadmin\class-drawattention-admin.php:90
actioncurrent_screenadmin\class-drawattention-admin.php:91
actionadd_meta_boxesadmin\class-drawattention-admin.php:93
filtergutenberg_can_edit_post_typeadmin\class-drawattention-admin.php:106
actionadmin_initadmin\class-drawattention-admin.php:107
actionadmin_menuadmin\upsell-admin.php:8
actionadmin_initadmin\upsell-admin.php:13
actionplugins_loadeddraw-attention.php:58
actionplugins_loadeddraw-attention.php:84
actioninitdraw-attention.php:129
actionwp_enqueue_scriptsdraw-attention.php:130
actionadmin_enqueue_scriptsdraw-attention.php:131
filterda_descriptionpublic\class-drawattention.php:84
actioninitpublic\class-drawattention.php:87
actionwpmu_new_blogpublic\class-drawattention.php:90
actionwp_enqueue_scriptspublic\class-drawattention.php:93
actionwp_enqueue_scriptspublic\class-drawattention.php:94
actionadmin_noticespublic\class-drawattention.php:99
actionadd_meta_boxespublic\class-drawattention.php:101
actiontemplate_includepublic\class-drawattention.php:103
filterjetpack_photon_skip_imagepublic\class-drawattention.php:105
filtercmb2_meta_box_urlpublic\class-drawattention.php:107
actioninitpublic\class-drawattention.php:675
filterda_hotspot_area_group_detailspublic\includes\actions\action.php:6
actioninitpublic\includes\bb\bb.php:12
actionfl_builder_control_select-imgpublic\includes\bb\bb.php:29
actioninitpublic\includes\class-block-image.php:42
actioninitpublic\includes\cpt.php:8
actioninitpublic\includes\cpt.php:12
actioncmb2_render_text_numberpublic\includes\custom_fields.php:23
filtercmb2_sanitize_text_numberpublic\includes\custom_fields.php:24
actioncmb2_render_opacitypublic\includes\custom_fields.php:26
filtercmb2_sanitize_opacitypublic\includes\custom_fields.php:27
filtercmb2_override_meta_valuepublic\includes\custom_fields.php:30
filtercmb2_meta_boxespublic\includes\custom_fields.php:33
filtercmb2_meta_boxespublic\includes\custom_fields.php:34
filtercmb2_meta_boxespublic\includes\custom_fields.php:35
actionadmin_enqueue_scriptspublic\includes\da-newsletter.php:11
actionadmin_footerpublic\includes\da-newsletter.php:12
actionadd_meta_boxespublic\includes\da-newsletter.php:16
actiondo_meta_boxespublic\includes\da-newsletter.php:19
actionadmin_menupublic\includes\import-export.php:12
actionadd_meta_boxespublic\includes\themes.php:8
actionda_register_admin_scriptpublic\includes\themes.php:9
Maintenance & Trust

Interactive Image Map Plugin – Draw Attention Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedFeb 17, 2026
PHP min version
Downloads947K

Community Trust

Rating96/100
Number of ratings113
Active installs20K
Alternatives

Interactive Image Map Plugin – Draw Attention Alternatives

Vision – Interactive Image Map Builder

Vision – Interactive Image Map Builder

vision

A
98

Empower your site with interactive visuals! Our plugin seamlessly transforms static images into engaging media, enabling publishers and bloggers.

2K 3 CVEs
Interactive Image – Real Estate Visualizer & Image Map

Interactive Image – Real Estate Visualizer & Image Map

interactive-real-estate

A
100

⚡ Create interactive images with clickable zones on svg. Display floor plans, image maps, property details and 2D/3D photos. No coding required.

20 No CVEs
Image Map Connect – Display Posts as Image Hotspots

Image Map Connect – Display Posts as Image Hotspots

image-map-connect

A
92

Add any image to your WordPress posts, pages, or archives and make it interactive: display your existing and new posts as markers.

100 No CVEs
MarkerKit

MarkerKit

markerkit

A
100

A lightweight plugin to embed interactive images and maps from MarkerKit using a shortcode or Gutenberg block.

0 No CVEs
PicPoints

PicPoints

picpoints

A
100

Create interactive images with clickable hotspots for WordPress.

0 No CVEs
Developer Profile

Interactive Image Map Plugin – Draw Attention Developer Profile

NSquared

4 plugins · 85K total installs

83
trust score
Avg Security Score
93/100
Avg Patch Time
69 days
View full developer profile
Detection Fingerprints

How We Detect Interactive Image Map Plugin – Draw Attention

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/draw-attention/public/js/draw-attention-public.js/wp-content/plugins/draw-attention/public/css/draw-attention-public.css
Script Paths
/wp-content/plugins/draw-attention/public/js/draw-attention-public.js
Version Parameters
draw-attention/public/css/draw-attention-public.css?ver=draw-attention/public/js/draw-attention-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
da-hotspotda-hotspot-wrapperda-image-mapda-image-map-container
HTML Comments
<!-- draw-attention --><!-- End draw-attention --><!-- END MAIN CONTENT --><!-- DO NOT MODIFY THIS FILE -->
Data Attributes
data-draw-attention-iddata-draw-attention-image-iddata-draw-attention-hotspot-iddata-draw-attention-zoom-effectdata-draw-attention-hotspot-click-action
JS Globals
DrawAttentionPublicDrawAttentionAdmin
REST Endpoints
/wp-json/draw-attention/v1/hotspots
Shortcode Output
[draw-attention[da_image_map
FAQ

Frequently Asked Questions about Interactive Image Map Plugin – Draw Attention