WP-Safety

Extensions for Leaflet Map Security & Risk Analysis

wordpress.org/plugins/extensions-leaflet-map

Extends the WordPress Plugin Leaflet Map with Leaflet Plugins and other functions.

2K active installs v4.14 PHP 8.1+ WP 6.2+ Updated Mar 7, 2026
geojsongpxhoverleafletmarker
96
A · Safe
CVEs total3
Unpatched0
Last CVENov 23, 2025
Plugin page Download
Safety Verdict

Is Extensions for Leaflet Map Safe to Use in 2026?

Generally Safe

Score 96/100

Extensions for Leaflet Map has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 23, 2025Updated 28d ago
Risk Assessment

The "extensions-leaflet-map" plugin version 4.14 exhibits a generally positive security posture, with a good number of capability checks and nonces implemented. The absence of file operations and external HTTP requests are also encouraging signs. However, the static analysis reveals a significant number of SQL queries, with a considerable portion (40%) not utilizing prepared statements, which presents a risk of SQL injection if not handled meticulously within the application logic. Furthermore, while a high percentage of outputs are properly escaped, the remaining 27% could still be a vector for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of medium-severity XSS CVEs.

The vulnerability history shows a past pattern of medium-severity Cross-Site Scripting vulnerabilities, indicating that input sanitization and output escaping have been areas requiring attention. The absence of currently unpatched vulnerabilities is a positive development, but the historical trend warrants continued vigilance. While the plugin has a good foundation in terms of security checks, the potential for SQL injection and residual XSS risks due to incomplete escaping and historical patterns mean that careful auditing and ongoing monitoring are still recommended.

Key Concerns

  • SQL queries not using prepared statements
  • Unescaped output identified
  • History of medium severity XSS vulnerabilities
Vulnerabilities
3

Extensions for Leaflet Map Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-66093medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Extensions for Leaflet Map <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 23, 2025 Patched in 4.9 (9d)
CVE-2025-12369medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 3, 2025 Patched in 4.8 (1d)
CVE-2023-31074medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Extensions for Leaflet Map <= 3.4.1 - Reflected Cross-Site Scripting

Apr 24, 2023 Patched in 3.4.2 (274d)
Code Analysis
Analyzed Mar 16, 2026

Extensions for Leaflet Map Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
2 prepared
Unescaped Output
152
404 escaped
Nonce Checks
27
Capability Checks
70
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

40% prepared5 total queries

Output Escaping

73% escaped556 total outputs
Attack Surface

Extensions for Leaflet Map Attack Surface

Entry Points32
Unprotected0

Shortcodes 32

[choropleth] php\choropleth.php:87
[markerClusterGroup] php\clustergroup.php:119
[markerclustergroup] php\clustergroup.php:121
[elevation] php\elevation.php:1230
[extramarker] php\extramarker.php:223
[leaflet-extramarker] php\extramarker.php:224
[featured-map] php\featured-map.php:265
[leafext-meta] php\featured-map.php:281
[leaflet-featuregroup] php\featuregroup.php:167
[leaflet-optiongroup] php\featuregroup.php:168
[fullscreen] php\fullscreen.php:46
[geojsonmarker] php\geojsonmarker.php:215
[gestures] php\gesture.php:181
[hidemarkers] php\hidemarkers.php:45
[hover] php\hover.php:340
[hoverlap] php\hoverlap.php:72
[leaflet-directory] php\leaflet-directory.php:178
[leaflet-search] php\leaflet-search.php:181
[listmarker] php\listmarker.php:125
[cluster] php\markercluster.php:155
[elevation-track] php\multielevation.php:293
[elevation-tracks] php\multielevation.php:437
[multielevation] php\multielevation.php:438
[overviewmap] php\overview-map.php:693
[parentgroup] php\parentgroup.php:147
[leaflet-parentgroup] php\parentgroup.php:148
[placementstrategies] php\placementstrategies.php:134
[sgpx] php\sgpx.php:301
[targetmarker] php\targetmarker.php:182
[targetlink] php\targetmarker.php:183
[layerswitch] php\tileserver.php:427
[zoomhomemap] php\zoomhome.php:116
WordPress Hooks 44
actionadmin_initadmin\awesome.php:26
actionadmin_initadmin\deleting.php:17
actionadmin_initadmin\elevation\elevation.php:22
actionadmin_initadmin\elevation\multielevation.php:23
actionadmin_initadmin\elevation\owncolors.php:25
actionadmin_initadmin\elevation\owncolors.php:44
actionadmin_initadmin\elevation\owntheme.php:19
actionadmin_initadmin\elevation\sgpx.php:23
actionadmin_initadmin\elevation\sgpx.php:96
actionadmin_initadmin\elevation\waypoints.php:20
actionadmin_initadmin\filemgr\filemgr-settings.php:56
actionadmin_initadmin\filemgr\filemgr.php:22
filterwp_check_filetype_and_extadmin\filemgr\uploader.php:46
filterupload_mimesadmin\filemgr\uploader.php:69
filterupload_diradmin\filemgr\uploader.php:74
filterwp_handle_upload_prefilteradmin\filemgr\uploader.php:77
filterwp_handle_uploadadmin\filemgr\uploader.php:105
actionadmin_initadmin\gesture.php:21
actionadmin_initadmin\grouping\settings.php:28
actionadmin_initadmin\hover\settings.php:28
actionadmin_initadmin\marker\markercluster.php:35
actionadmin_initadmin\marker\placementstrategies.php:35
actionadmin_initadmin\overviewmap\featured-map.php:39
actionadmin_initadmin\overviewmap\overview-map.php:20
actionadmin_initadmin\tiles\layerswitch.php:17
actionadmin_initadmin\tiles\providers.php:36
actionadmin_initadmin\zoomhome.php:20
actionadmin_menuadmin.php:38
actionadmin_enqueue_scriptsadmin.php:244
filterload_textdomain_mofileextensions-leaflet-map.php:114
filterplugin_action_linksextensions-leaflet-map.php:148
filterpre_do_shortcode_tagphp\clustergroup.php:11
filterpre_do_shortcode_tagphp\enqueue-leafletplugins.php:549
filterthe_contentphp\enqueue-leafletplugins.php:571
filterpre_do_shortcode_tagphp\featuregroup.php:11
filterpre_do_shortcode_tagphp\gesture.php:150
filterthe_contentphp\managefiles.php:74
filterattachment_fields_to_editphp\managefiles.php:147
filterpre_do_shortcode_tagphp\multielevation.php:11
actionsave_postphp\overview-map.php:333
actionwp_enqueue_scriptsphp\sgpx.php:56
actioninitphp\sgpx.php:61
actioninitphp\sgpx.php:303
filterwp_enqueue_scriptsphp\sgpx.php:311
Maintenance & Trust

Extensions for Leaflet Map Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version8.1
Downloads80K

Community Trust

Rating100/100
Number of ratings23
Active installs2K
Alternatives

Extensions for Leaflet Map Alternatives

Easy Map – Store Locator, Google Maps, OpenStreetMap, Leaflet Map

Easy Map – Store Locator, Google Maps, OpenStreetMap, Leaflet Map

easy-map

A
100

Create interactive maps with store locator, markers, drawings & multiple locations. Supports OpenStreetMap and Google Maps. No API key needed.

50 No CVEs
Smart GEO GMap

Smart GEO GMap

smart-geo-gmap

A
92

Smart GEO GMap free plugin simplifies embedding a Google Map on your WordPress website using GeoJSON for encoding geographic data structures.

10 No CVEs
Brikshya Map

Brikshya Map

brikshya-map

A
85

Using this plugin user can add google map with multiple custom markers , Polylines, GeoJSON files.

0 No CVEs
WP Go Maps (formerly WP Google Maps)

WP Go Maps (formerly WP Google Maps)

wp-google-maps

A
86

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor &hellip;

300K 23 CVEs
Image Hover Effects – Elementor Addon

Image Hover Effects – Elementor Addon

image-hover-effects-addon-for-elementor

C
66

Add creative image hover effects to Elementor page builder. Easily customize title and content and effects with intuitive interface.

40K 1 unpatched
Developer Profile

Extensions for Leaflet Map Developer Profile

hupe13

4 plugins · 2K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
72 days
View full developer profile
Detection Fingerprints

How We Detect Extensions for Leaflet Map

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/extensions-leaflet-map/css/leaflet-search.css/wp-content/plugins/extensions-leaflet-map/css/leaflet-directory.css/wp-content/plugins/extensions-leaflet-map/css/overview-map.css/wp-content/plugins/extensions-leaflet-map/css/featured-map.css/wp-content/plugins/extensions-leaflet-map/js/leaflet-search.js/wp-content/plugins/extensions-leaflet-map/js/leaflet-directory.js/wp-content/plugins/extensions-leaflet-map/js/overview-map.js/wp-content/plugins/extensions-leaflet-map/js/featured-map.js+21 more
Script Paths
/wp-content/plugins/extensions-leaflet-map/js/leaflet-search.js/wp-content/plugins/extensions-leaflet-map/js/leaflet-directory.js/wp-content/plugins/extensions-leaflet-map/js/overview-map.js/wp-content/plugins/extensions-leaflet-map/js/featured-map.js/wp-content/plugins/extensions-leaflet-map/js/extramarker.js/wp-content/plugins/extensions-leaflet-map/js/geojsonmarker.js+19 more

HTML / DOM Fingerprints

CSS Classes
leaflet-search-resultsleaflet-directory-resultsleaflet-overviewleaflet-featured
HTML Comments
Direktzugriff auf diese Datei verhindern.Admin functions for elevation shortcodeBaue Abfrage der Params
Data Attributes
data-leafext-plugin-path
JS Globals
leafext_plugin_urlLEAFEXT_PLUGIN_URLleafext_eleparams
FAQ

Frequently Asked Questions about Extensions for Leaflet Map