Does Firefly Map – Interactive City Mapping with Firefly Effect have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Firefly Map – Interactive City Mapping with Firefly Effect compatible with WordPress 6.8.5?

According to WordPress.org data, Firefly Map – Interactive City Mapping with Firefly Effect 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Firefly Map – Interactive City Mapping with Firefly Effect compatible with PHP 7.2+?

Firefly Map – Interactive City Mapping with Firefly Effect requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Firefly Map – Interactive City Mapping with Firefly Effect Security & Risk Analysis

wordpress.org/plugins/firefly-map

An interactive Leaflet-based map plugin with animated firefly city markers, multilingual support, and backend city management.

0 active installs v1.0 PHP 7.2+ WP 5.5+ Updated Sep 3, 2025

animated-mapfireflyinteractive-mapleafletmap

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Firefly Map – Interactive City Mapping with Firefly Effect Safe to Use in 2026?

Generally Safe

Score 100/100

Firefly Map – Interactive City Mapping with Firefly Effect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The firefly-map v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in output escaping, with 92% of outputs properly handled. Furthermore, the absence of any recorded vulnerabilities (CVEs) or critical taint analysis findings suggests a relatively mature development process. The plugin also correctly implements nonce and capability checks for a portion of its entry points.

However, a significant concern lies in its attack surface. Out of six identified entry points, a concerning five are AJAX handlers that lack authentication checks. This presents a substantial risk of unauthorized execution of plugin functionalities, potentially leading to various exploits depending on the actions performed by these AJAX handlers. While SQL queries are present, the 33% not using prepared statements, though not ideal, is a less immediate concern compared to the unprotected AJAX endpoints.

In conclusion, while the lack of historical vulnerabilities and good output escaping are strengths, the plugin's security is considerably weakened by the large number of unprotected AJAX handlers. This creates a wide attack vector that needs immediate attention. The presence of some non-prepared SQL queries adds a minor additional risk. The plugin's overall security is moderate, with a critical need to address the authentication shortcomings in its AJAX endpoints.

Key Concerns

5 AJAX handlers without auth checks
3 SQL queries not using prepared statements

Vulnerabilities

None known

Firefly Map – Interactive City Mapping with Firefly Effect Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Firefly Map – Interactive City Mapping with Firefly Effect Release Timeline

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Firefly Map – Interactive City Mapping with Firefly Effect Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

61 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared6 total queries

Output Escaping

92% escaped66 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

firefly_map_admin_page (includes\admin-page.php:75)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Firefly Map – Interactive City Mapping with Firefly Effect Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_firefly_add_cityincludes\admin-page.php:30

authwp_ajax_firefly_map_update_cityincludes\admin-page.php:138

authwp_ajax_firefly_map_delete_cityincludes\admin-page.php:181

authwp_ajax_firefly_map_get_citiesincludes\admin-page.php:209

noprivwp_ajax_firefly_map_get_citiesincludes\admin-page.php:210

Shortcodes 1

[firefly_map] firefly-map.php:43

WordPress Hooks 3

actionadmin_enqueue_scriptsfirefly-map.php:29

actionadmin_noticesfirefly-map.php:66

actionadmin_menuincludes\admin-page.php:7

Maintenance & Trust

Firefly Map – Interactive City Mapping with Firefly Effect Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 3, 2025

PHP min version7.2

Downloads752

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Firefly Map – Interactive City Mapping with Firefly Effect Alternatives

Open User Map

open-user-map

Engage your visitors with an interactive map – let them add markers instantly or create a custom map showcasing your favorite spots.

10K 3 CVEs

Simple Map Locator

simple-map-locator

100

Interactive maps and markers on your posts and pages with simple shortcodes.

10 No CVEs

Sweet Map

sweet-map

100

🗺️ Interactive map with a visual marker editor. No API keys, no registration, completely free. Gutenberg block + shortcode.

0 No CVEs

MapGeo – Interactive Geo Maps

interactive-geo-maps

Create interactive vector maps of the world, continents, any country in the world and specific regions, including individual US state county maps.

40K 4 CVEs

Leaflet Map

leaflet-map

Interactive maps and markers on your posts and pages with simple shortcodes.

30K 4 CVEs

Developer Profile

Firefly Map – Interactive City Mapping with Firefly Effect Developer Profile

myjun

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Firefly Map – Interactive City Mapping with Firefly Effect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/firefly-map/assets/css/admin.css/wp-content/plugins/firefly-map/assets/js/admin.js/wp-content/plugins/firefly-map/assets/css/leaflet.css/wp-content/plugins/firefly-map/assets/js/leaflet.js/wp-content/plugins/firefly-map/assets/js/firefly-map-script.js/wp-content/plugins/firefly-map/assets/css/firefly-map-style.css

Script Paths

/wp-content/plugins/firefly-map/assets/js/admin.js/wp-content/plugins/firefly-map/assets/js/leaflet.js/wp-content/plugins/firefly-map/assets/js/firefly-map-script.js

Version Parameters

firefly-map/assets/css/admin.css?ver=firefly-map/assets/js/admin.js?ver=firefly-map/assets/css/leaflet.css?ver=firefly-map/assets/js/leaflet.js?ver=firefly-map/assets/js/firefly-map-script.js?ver=firefly-map/assets/css/firefly-map-style.css?ver=

HTML / DOM Fingerprints

CSS Classes

firefly-map

JS Globals

fireflyMapAdminfireflyMapData

REST Endpoints

admin-ajax.php?action=firefly_map_get_cities

Shortcode Output

<div id="firefly-map"

FAQ