Does Geolocation IP Detection have any unpatched vulnerabilities?

No. All known vulnerabilities in Geolocation IP Detection have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Geolocation IP Detection compatible with WordPress 6.8.5?

According to WordPress.org data, Geolocation IP Detection 5.6.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Geolocation IP Detection compatible with PHP 7.2.5+?

Geolocation IP Detection requires PHP 7.2.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Geolocation IP Detection updated?

Geolocation IP Detection was last updated on Oct 29, 2025. Frequent updates are generally a positive security signal.

What is Geolocation IP Detection's security score?

Geolocation IP Detection has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Geolocation IP Detection Security & Risk Analysis

wordpress.org/plugins/geoip-detect

Provides geographic information detected by an IP adress.

20K active installs v5.6.1 PHP 7.2.5+ WP 5.0+ Updated Oct 29, 2025

geoipgeolocationipstacklocatormaxmind

A · Safe

CVEs total1

Unpatched0

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Geolocation IP Detection Safe to Use in 2026?

Generally Safe

Score 99/100

Geolocation IP Detection has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2025Updated 5mo ago

Risk Assessment

The geoip-detect plugin v5.6.1 presents a mixed security posture. While it demonstrates good practices in several areas, such as the absence of critical or high-severity taint flows and a low percentage of improperly escaped outputs, there are notable concerns. The presence of unprotected AJAX handlers is a significant risk, as it allows unauthenticated access to plugin functionality, potentially leading to vulnerabilities if not properly secured. Furthermore, the plugin utilizes raw SQL queries without prepared statements, which can expose it to SQL injection risks. The vulnerability history, particularly a past medium-severity Cross-Site Scripting (XSS) vulnerability, suggests that input sanitization and output escaping, while generally good, might not be consistently applied across all potential attack vectors. The plugin's overall security is adequate but requires attention to its unprotected entry points and raw SQL usage to mitigate known risks and prevent future exploits.

Key Concerns

Unprotected AJAX handlers
Raw SQL queries without prepared statements

Vulnerabilities

Geolocation IP Detection Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-57993medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Geolocation IP Detection <= 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 5.6.0 (39d)

Code Analysis

Analyzed Mar 16, 2026

Geolocation IP Detection Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

90 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

74% escaped121 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

geoip_detect_option_page (admin-ui.php:135)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Geolocation IP Detection Attack Surface

Entry Points15

Unprotected2

AJAX Handlers 2

authwp_ajax_geoip_detect2_get_info_from_current_ipajax.php:73

noprivwp_ajax_geoip_detect2_get_info_from_current_ipajax.php:74

Shortcodes 13

[geoip_detect2_current_flag] shortcodes\flags.php:102

[geoip_detect2_text_input] shortcodes\input.php:82

[geoip_detect2_input] shortcodes\input.php:83

[geoip_detect2] shortcodes\main.php:94

[geoip_detect2_get_client_ip] shortcodes\other.php:44

[geoip_detect2_get_external_ip_adress] shortcodes\other.php:52

[geoip_detect2_get_current_source_description] shortcodes\other.php:59

[geoip_detect2_user_info] shortcodes\other.php:68

[geoip_detect2_enqueue_javascript] shortcodes\other.php:74

[geoip_detect2_countries_select] shortcodes\select.php:173

[geoip_detect2_countries] shortcodes\select.php:174

[geoip_detect2_show_if] shortcodes\show_if.php:126

[geoip_detect2_hide_if] shortcodes\show_if.php:127

WordPress Hooks 28

actionadmin_menuadmin-ui.php:32

actionwp_enqueue_scriptsajax.php:111

actionwp_enqueue_scriptsajax.php:151

actionall_admin_noticescheck_compatibility.php:109

actionplugins_loadedcheck_compatibility.php:129

actionall_admin_noticescheck_requirements.php:48

actionall_admin_noticescheck_requirements.php:86

actiongeoipdetectupdatedata-sources\auto.php:107

actionplugins_loadeddata-sources\auto.php:108

filtergeoip_detect_source_get_status_HTML_maxminddata-sources\manual.php:286

filterbody_classfilter.php:27

filtergeoip_detect2_localesfilter.php:68

filtergeoip_detect2_localesfilter.php:96

filtergeoip_detect2_record_datageoip-detect-lib.php:276

filtergeoip_detect2_record_datageoip-detect-lib.php:306

actionplugins_loadedgeoip-detect.php:59

actionplugins_loadedinit.php:28

actionall_admin_noticesinit.php:57

actionall_admin_noticesinit.php:67

actionadmin_initinit.php:71

actionadmin_initinit.php:167

actionadmin_initinit.php:201

actionwpcf7_initshortcodes\cf7.php:5

filterwpcf7_special_mail_tagsshortcodes\cf7.php:218

filterwpforms_smart_tagsshortcodes\wpforms.php:19

filterwpforms_smart_tag_processshortcodes\wpforms.php:39

actiongeoipdetectupdateupdater.php:64

actionplugins_loadedupgrade-plugin.php:117

Scheduled Events 3

geoipdetectupdate

Maintenance & Trust

Geolocation IP Detection Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 29, 2025

PHP min version7.2.5

Downloads560K

Community Trust

Rating94/100

Number of ratings59

Active installs20K

Alternatives

Geolocation IP Detection Alternatives

Preenchimento Automatico CEP Brasil

preenchimento-automatico-cep-brasil

Preenchimento automático dos campos de endereço a partir de um CEP

100 No CVEs

Select Estados e Cidades Brasil

select-estados-e-cidades-brasil

100

O Plugin Select Estados Cidades Brasil preenche automaticamente com estados e cidades Brasileiros.

50 No CVEs

If-So Geolocation

if-so-geolocation

100

All-in-one geolocation. Personalized content, geolocation Dynamic Keyword Insertion shortcodes, Rediects, and more. No coding required!

1K No CVEs

WP Cloudflare GeoIP Redirect

wp-cloudflare-geoip-redirect

Easily setup redirect for visitors/users from selected countries to specific URL utilizing Cloudflare IP Geolocation.

100 No CVEs

DM Visitor Location Notification

dm-visitor-location-notification

100

DM VLN allows you to display notifications when new visitors access the page with location details and stats with top 10 countries for that page.

0 No CVEs

Developer Profile

Geolocation IP Detection Developer Profile

Benjamin Pick

1 plugin · 20K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

39 days

View full developer profile

Detection Fingerprints

How We Detect Geolocation IP Detection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/geoip-detect/dist/js/base.min.js/wp-content/plugins/geoip-detect/dist/js/minimal.min.js/wp-content/plugins/geoip-detect/dist/js/full.min.js/wp-content/plugins/geoip-detect/dist/css/geoip-detect.min.css

Script Paths

/wp-content/plugins/geoip-detect/dist/js/base.min.js/wp-content/plugins/geoip-detect/dist/js/minimal.min.js/wp-content/plugins/geoip-detect/dist/js/full.min.js

Version Parameters

geoip-detect/dist/css/geoip-detect.min.css?ver=geoip-detect/dist/js/base.min.js?ver=geoip-detect/dist/js/minimal.min.js?ver=geoip-detect/dist/js/full.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

geoip-detect-country-geoip-detect-region-geoip-detect-city-geoip-detect-country-name-geoip-detect-region-name-geoip-detect-city-name-geoip-detect-continent-code-geoip-detect-continent-name-+101 more

HTML Comments

+106 more

Data Attributes

data-geoip-detect-geoip-detect-countrygeoip-detect-regiongeoip-detect-citygeoip-detect-country-namegeoip-detect-region-name+57 more

JS Globals

geoip_detect_basegeoip_detect_full

REST Endpoints

/wp-json/geoip-detect/v1/info

Shortcode Output

[geoip_detectgeoip_detect_countrygeoip_detect_regiongeoip_detect_city

FAQ