Google Maps Retailers Security & Risk Analysis
wordpress.org/plugins/fusion-retailersPlugin to manage and output retailers by region on a Google Map.
Is Google Maps Retailers Safe to Use in 2026?
Generally Safe
Score 85/100Google Maps Retailers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "fusion-retailers" v1.0.1 plugin exhibits a mixed security posture. On the positive side, the plugin has a very small attack surface with only one shortcode and no direct AJAX handlers or REST API routes exposed. Crucially, the static analysis revealed no critical or high severity issues in taint analysis, and there is no known vulnerability history. This suggests a generally good effort in avoiding common, severe security pitfalls.
However, several concerning practices are evident in the code. The most significant is the complete lack of prepared statements for all three SQL queries. This is a major risk, as it leaves the plugin vulnerable to SQL injection attacks if user-supplied data is directly incorporated into these queries. Furthermore, none of the 10 observed output operations are properly escaped, meaning the plugin is susceptible to cross-site scripting (XSS) vulnerabilities. While nonce and capability checks are present, their limited number (2 and 1 respectively) in relation to the overall code signals might indicate incomplete security coverage.
In conclusion, while the absence of known CVEs and critical taint flows is a strong positive, the plugin's reliance on raw SQL queries and unescaped output presents substantial security risks. These are fundamental security best practices that, when ignored, can lead to severe compromise. The plugin's limited attack surface is its main defense, but the identified code vulnerabilities need immediate attention.
Key Concerns
- Raw SQL queries without prepared statements
- Unescaped output detected
Google Maps Retailers Security Vulnerabilities
Google Maps Retailers Code Analysis
SQL Query Safety
Output Escaping
Google Maps Retailers Attack Surface
Shortcodes 1
WordPress Hooks 6
Maintenance & Trust
Google Maps Retailers Maintenance & Trust
Maintenance Signals
Community Trust
Google Maps Retailers Alternatives
WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
wp-google-map-plugin
WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.
WP Store Locator
wp-store-locator
An easy to use location management system that enables users to search for nearby physical stores.
MapPress Maps for WordPress
mappress-google-maps-for-wordpress
MapPress is the easiest way to add unlimited interactive Google and Leaflet maps to WordPress.
Store Locator WordPress
agile-store-locator
Agile Store Locator is a premium store finder plugin designed to offer you immediate access to all the best stores in your local area.
Maps Plugin using Google Maps for WordPress – WP Google Map
gmap-embed
Google Map plugin for WordPress is very Simple, light-weight and Easy to use Google Custom Map with markers in Posts, Pages, Sidebar as shortcode.
Google Maps Retailers Developer Profile
2 plugins · 70 total installs
How We Detect Google Maps Retailers
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/fusion-retailers/js/fusion_color_picker.js/wp-content/plugins/fusion-retailers/js/fusion_maps.js/wp-content/plugins/fusion-retailers/css/fusion_retailers.csshttps://maps.googleapis.com/maps/api/js?sensor=falsefusion_maps/fusion_maps.js?ver=1.0.0HTML / DOM Fingerprints
fusion-color-pickersingle-state-settingsretailer-listfusion_retailers_mapname="states[name="fusion_update_settings_nonce"id="fusion_retailers_map"fusion_maps_vars<div id="fusion_retailers_map"></div>