Phototools: geo2wp Security & Risk Analysis

wordpress.org/plugins/geo2wp

Geotools for WP, replaces and extends "GPS MAP Widget". Part of the phototools plugins

0 active installs v1.4 PHP 5.6+ WP 3.0.1+ Updated Dec 19, 2018
geophototoolstools
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Phototools: geo2wp Safe to Use in 2026?

Generally Safe

Score 85/100

Phototools: geo2wp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The geo2wp plugin version 1.4 exhibits a generally positive security posture based on the static analysis. The absence of dangerous functions, file operations, and external HTTP requests are strong indicators of secure coding practices. Crucially, all SQL queries are executed using prepared statements, which significantly mitigates the risk of SQL injection vulnerabilities. The presence of a nonce check on one of the entry points is also a positive sign, though its absence on other potential entry points warrants consideration.

However, a notable concern arises from the output escaping. With only 16% of 38 outputs being properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Malicious actors could potentially inject and execute JavaScript code in the user's browser through these unescaped outputs. The vulnerability history also shows no recorded issues, which is favorable, but it's important to note that this could also indicate limited security auditing or a lack of discovered vulnerabilities rather than absolute security.

In conclusion, while geo2wp demonstrates strengths in areas like SQL query handling and a lack of critical taint flows, the significant number of unescaped outputs presents a tangible and serious risk. This necessitates immediate attention to improve output sanitization to prevent potential XSS attacks. The absence of capability checks on the entry points, while not flagged as an immediate risk due to the limited attack surface and existing nonce check, could be a future area for hardening.

Key Concerns

  • Low percentage of properly escaped output
  • No capability checks on entry points
Vulnerabilities
None known

Phototools: geo2wp Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Phototools: geo2wp Release Timeline

v1.4Current
Code Analysis
Analyzed Apr 16, 2026

Phototools: geo2wp Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
32
6 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

16% escaped38 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
ajaxResetGeoHandler (geo2wp.php:196)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Phototools: geo2wp Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 1

authwp_ajax_resetGeoHandlergeo2wp.php:84

Shortcodes 2

[EXIF_locationmap] geo2wp.php:71
[EXIF_location] geo2wp.php:75
WordPress Hooks 19
actioninitgeo2wp.php:41
actionadmin_initgeo2wp.php:45
actionadmin_initgeo2wp.php:49
actionadd_attachmentgeo2wp.php:53
filterplugin_row_metageo2wp.php:57
actionadmin_menugeo2wp.php:62
actionadmin_initgeo2wp.php:66
actionadmin_menugeo2wp.php:79
filtermedia_row_actionsgeo2wp.php:88
actionbulk_actions-uploadgeo2wp.php:93
actionhandle_bulk_actions-uploadgeo2wp.php:97
actionwidgets_initgeo2wp.php:102
actionrss2_nsgeo2wp.php:106
actionrss_itemgeo2wp.php:110
actionrss2_itemgeo2wp.php:114
actionadmin_print_styles-edit.phpgeo2wp.php:327
actionadmin_print_styles-upload.phpgeo2wp.php:378
actionmanage_media_custom_columngeo2wp.php:382
filtermanage_media_columnsgeo2wp.php:386
Maintenance & Trust

Phototools: geo2wp Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedDec 19, 2018
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Phototools: geo2wp Developer Profile

jondor

8 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Phototools: geo2wp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/geo2wp/geo2wp-admin.css/wp-content/plugins/geo2wp/geo2wp.css/wp-content/plugins/geo2wp/geo2wp.js
Script Paths
/wp-content/plugins/geo2wp/geo2wp.js
Version Parameters
geo2wp/geo2wp-admin.css?ver=geo2wp/geo2wp.css?ver=geo2wp/geo2wp.js?ver=

HTML / DOM Fingerprints

CSS Classes
geo2wp-map-containergeo2wp-location-details
HTML Comments
<!-- EXIF Location Map --><!-- Geo2WP EXIF Location -->
Data Attributes
data-latdata-lngdata-zoomdata-marker-icon
JS Globals
geo2wp_options_data
Shortcode Output
<div class="geo2wp-map-container"<div class="geo2wp-location-details"
FAQ

Frequently Asked Questions about Phototools: geo2wp