
Extensions for Leaflet Map Security & Risk Analysis
wordpress.org/plugins/extensions-leaflet-mapExtends the WordPress Plugin Leaflet Map with Leaflet Plugins and other functions.
Is Extensions for Leaflet Map Safe to Use in 2026?
Generally Safe
Score 95/100Extensions for Leaflet Map has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The "extensions-leaflet-map" plugin version 4.14 exhibits a generally positive security posture, with a good number of capability checks and nonces implemented. The absence of file operations and external HTTP requests are also encouraging signs. However, the static analysis reveals a significant number of SQL queries, with a considerable portion (40%) not utilizing prepared statements, which presents a risk of SQL injection if not handled meticulously within the application logic. Furthermore, while a high percentage of outputs are properly escaped, the remaining 27% could still be a vector for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of medium-severity XSS CVEs.
The vulnerability history shows a past pattern of medium-severity Cross-Site Scripting vulnerabilities, indicating that input sanitization and output escaping have been areas requiring attention. The absence of currently unpatched vulnerabilities is a positive development, but the historical trend warrants continued vigilance. While the plugin has a good foundation in terms of security checks, the potential for SQL injection and residual XSS risks due to incomplete escaping and historical patterns mean that careful auditing and ongoing monitoring are still recommended.
Key Concerns
- SQL queries not using prepared statements
- Unescaped output identified
- History of medium severity XSS vulnerabilities
Extensions for Leaflet Map Security Vulnerabilities
CVEs by Year
Severity Breakdown
4 total CVEs
Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode
Extensions for Leaflet Map <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Extensions for Leaflet Map <= 3.4.1 - Reflected Cross-Site Scripting
Extensions for Leaflet Map Release Timeline
Extensions for Leaflet Map Code Analysis
SQL Query Safety
Output Escaping
Extensions for Leaflet Map Attack Surface
Shortcodes 32
WordPress Hooks 44
Maintenance & Trust
Extensions for Leaflet Map Maintenance & Trust
Maintenance Signals
Community Trust
Extensions for Leaflet Map Alternatives
GPX Viewer
gpx-viewer
Display GPX tracks with their elevation profile on OSM maps, edit them interactively
Waymark
waymark
Waymark adds powerful mapping features to WordPress that are easy to use. Create beautiful, interactive Maps customised to suit your needs.
Easy Map – Store Locator, Google Maps, OpenStreetMap, Leaflet Map
easy-map
Create interactive maps with store locator, markers, drawings & multiple locations. Supports OpenStreetMap and Google Maps. No API key needed.
Smart GEO GMap
smart-geo-gmap
Smart GEO GMap free plugin simplifies embedding a Google Map on your WordPress website using GeoJSON for encoding geographic data structures.
Brikshya Map
brikshya-map
Using this plugin user can add google map with multiple custom markers , Polylines, GeoJSON files.
Extensions for Leaflet Map Developer Profile
4 plugins · 2K total installs
How We Detect Extensions for Leaflet Map
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/extensions-leaflet-map/css/leaflet-search.css/wp-content/plugins/extensions-leaflet-map/css/leaflet-directory.css/wp-content/plugins/extensions-leaflet-map/css/overview-map.css/wp-content/plugins/extensions-leaflet-map/css/featured-map.css/wp-content/plugins/extensions-leaflet-map/js/leaflet-search.js/wp-content/plugins/extensions-leaflet-map/js/leaflet-directory.js/wp-content/plugins/extensions-leaflet-map/js/overview-map.js/wp-content/plugins/extensions-leaflet-map/js/featured-map.js+21 more/wp-content/plugins/extensions-leaflet-map/js/leaflet-search.js/wp-content/plugins/extensions-leaflet-map/js/leaflet-directory.js/wp-content/plugins/extensions-leaflet-map/js/overview-map.js/wp-content/plugins/extensions-leaflet-map/js/featured-map.js/wp-content/plugins/extensions-leaflet-map/js/extramarker.js/wp-content/plugins/extensions-leaflet-map/js/geojsonmarker.js+19 moreHTML / DOM Fingerprints
leaflet-search-resultsleaflet-directory-resultsleaflet-overviewleaflet-featuredDirektzugriff auf diese Datei verhindern.Admin functions for elevation shortcodeBaue Abfrage der Paramsdata-leafext-plugin-pathleafext_plugin_urlLEAFEXT_PLUGIN_URLleafext_eleparams