WP-Safety

Foxlis Geo Security & Risk Analysis

wordpress.org/plugins/foxlis-geo

Free! Get visitor's geo-location by ip-address. Redirect visitor by his city or country with smart options.

10 active installs v2.8.0 PHP 5.6+ WP 5.6+ Updated Unknown
cityfoxlisgeoip-locationlocation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Foxlis Geo Safe to Use in 2026?

Generally Safe

Score 100/100

Foxlis Geo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The foxlis-geo plugin v2.8.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of proper output escaping. The absence of known historical vulnerabilities (CVEs) is also a strong indicator of careful development. However, significant security concerns are present due to the plugin's attack surface. It exposes two REST API routes that lack permission callbacks, meaning any authenticated user could potentially interact with them, creating an unauthorized access vector. Furthermore, the presence of the `unserialize` function, especially without clear sanitization or validation of the data being deserialized, is a critical risk. If the data passed to `unserialize` can be controlled by an attacker, it could lead to Remote Code Execution (RCE) vulnerabilities.

Key Concerns

  • REST API routes without permission callbacks
  • Use of the unserialize() function
Vulnerabilities
None known

Foxlis Geo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Foxlis Geo Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
24
91 escaped
Nonce Checks
0
Capability Checks
4
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$sessionData = unserialize($_SESSION['foxlis_geo_data']);src\Foxlis\Geo\Services\FoxlisGeoService.php:135

Output Escaping

79% escaped115 total outputs
Attack Surface
2 unprotected

Foxlis Geo Attack Surface

Entry Points2
Unprotected2

REST API Routes 2

GET/wp-json/foxlis-geo/v1/redirect/foxlis-geo-api.php:4
GET/wp-json/foxlis-geo/v1/data/foxlis-geo-api.php:14
WordPress Hooks 10
actionrest_api_initfoxlis-geo-api.php:3
actionadmin_initfoxlis-geo-development.php:47
actionadmin_initfoxlis-geo-filter.php:47
actionadmin_initfoxlis-geo-options.php:122
actioninitfoxlis-geo-redirect.php:14
actionadmin_initfoxlis-geo-redirect.php:59
actionadmin_enqueue_scriptsfoxlis-geo-redirect.php:220
actionwp_enqueue_scriptsfoxlis-geo.php:134
actionadmin_menufoxlis-geo.php:226
actioninitfoxlis-geo.php:237
Maintenance & Trust

Foxlis Geo Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedUnknown
PHP min version5.6
Downloads3K

Community Trust

Rating20/100
Number of ratings1
Active installs10
Alternatives

Foxlis Geo Alternatives

Geo Redirect

Geo Redirect

geo-targetly-geo-redirect

A
100

Redirect visitors based on geolocation (country, state, city, lat/lng/radius)

1K No CVEs
Geolocator

Geolocator

geolocator

C
59

Get website visitor's location based on IP address and show/hide specific content depending on country.

50 1 unpatched
Geo Targetly Geo Block

Geo Targetly Geo Block

geo-targetly-geo-block

A
100

Block users from your website based on their location using Geo Targetly’s API.

10 No CVEs
Geo Targetly Geo Location

Geo Targetly Geo Location

geo-targetly-geo-location

A
100

Get visitor country, state, city, latitude and longitude using our IP geolocation API. Customize your website with location-based personalization.

10 No CVEs
IHS Geo Location

IHS Geo Location

ihs-geo-location

A
100

This plugin detects your location and makes certain classes available to you which you can apply to the div elements or use shortcodes in your theme t …

10 No CVEs
Developer Profile

Foxlis Geo Developer Profile

foxlis

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Foxlis Geo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/foxlis-geo/client/css/redirect.css/wp-content/plugins/foxlis-geo/client/js/redirect.js
Script Paths
/wp-content/plugins/foxlis-geo/client/js/redirect.js
Version Parameters
foxlis-geo/client/css/redirect.css?ver=foxlis-geo/client/js/redirect.js?ver=

HTML / DOM Fingerprints

CSS Classes
foxlis-geo-redirect-client
JS Globals
foxlis_geo_redirect_client_js
FAQ

Frequently Asked Questions about Foxlis Geo