Does Geolocator have any unpatched vulnerabilities?

Yes — Geolocator currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Geolocator compatible with WordPress 4.9.29?

According to WordPress.org data, Geolocator 1.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Geolocator updated?

Geolocator was last updated on Nov 27, 2017. Frequent updates are generally a positive security signal.

What is Geolocator's security score?

Geolocator has a WP-Safety security score of 59/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Geolocator Security & Risk Analysis

wordpress.org/plugins/geolocator

Get website visitor's location based on IP address and show/hide specific content depending on country.

50 active installs v1.1 PHP + WP 4.1.1+ Updated Nov 27, 2017

geolocatorip-based-locationip-locationshow-for-countryuser-country

C · Use Caution

CVEs total1

Unpatched1

Last CVENov 18, 2024

Plugin page Download

Safety Verdict

Is Geolocator Safe to Use in 2026?

Use With Caution

Score 59/100

Geolocator has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Nov 18, 2024Updated 8yr ago

Risk Assessment

The geolocator plugin v1.1 presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its vulnerability history and static analysis findings. The presence of a critical unpatched CVE related to deserialization of untrusted data is a major red flag, indicating a recurring and severe security flaw. Furthermore, the static analysis reveals the use of the dangerous `unserialize` function, which directly correlates with the type of historical vulnerability. Although the plugin boasts a low attack surface with no unprotected entry points, the single critical vulnerability and the potential for deserialization exploits overshadow these positives.

Key Concerns

Unpatched critical CVE
Critical taint flow found
Use of unserialize function
Zero nonce checks
Zero capability checks

Vulnerabilities

Geolocator Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2024-52443critical · 9.8Deserialization of Untrusted Data

Geolocator <= 1.1 - Unauthenticated PHP Object Injection

Nov 18, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Geolocator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$location = unserialize( stripslashes( $_COOKIE['geolocator_location'] ) );classes\class.location.php:37

Output Escaping

80% escaped25 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

getLocation (classes\class.location.php:33)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Geolocator Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[geolocator] classes\class.shortcodes.php:34

[geolocator_show] classes\class.shortcodes.php:35

[geolocator_hide] classes\class.shortcodes.php:36

WordPress Hooks 12

actionpre_get_postsclasses\class.posts.php:40

actionwpclasses\class.posts.php:41

actionadd_meta_boxesclasses\class.posts.php:45

actionsave_postclasses\class.posts.php:50

filterget_previous_post_joinclasses\class.posts.php:55

filterget_next_post_joinclasses\class.posts.php:56

filterget_previous_post_whereclasses\class.posts.php:57

filterget_next_post_whereclasses\class.posts.php:58

actioninitgeolocator.php:122

actionwidgets_initgeolocator.php:123

actionadmin_menuincludes\settings.php:3

actionadmin_initincludes\settings.php:42

Maintenance & Trust

Geolocator Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 27, 2017

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings4

Active installs50

Alternatives

Geolocator Alternatives

User Location and IP

user-location-and-ip

100

User Location and IP is a free shortcode based Wordpress plugin that displays real-time information about your users, including their IP address, loca …

400 1 CVE

Ipgp User Country Flag

ipgp-user-country-flag

This plugin will allow you to show a flag of your visitors country. When a user goes to your website he will see a flag of its own country, based on t …

30 No CVEs

Foxlis Geo

foxlis-geo

100

Free! Get visitor's geo-location by ip-address. Redirect visitor by his city or country with smart options.

10 No CVEs

Developer Profile

Geolocator Developer Profile

masikonis

2 plugins · 60 total installs

trust score

Avg Security Score

80/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Geolocator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/geolocator/vendor/autoload.php/wp-content/plugins/geolocator/classes/class.utilities.php/wp-content/plugins/geolocator/classes/class.location.php/wp-content/plugins/geolocator/classes/class.shortcodes.php/wp-content/plugins/geolocator/classes/class.posts.php/wp-content/plugins/geolocator/includes/widget.php/wp-content/plugins/geolocator/includes/settings.php/wp-content/plugins/geolocator/languages

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-geolocator-countrydata-geolocator-country-namedata-geolocator-latitudedata-geolocator-longitude

JS Globals

geolocator_options

Shortcode Output

[geolocator][geolocator_show][geolocator_hide]

FAQ