GeoRouter Security & Risk Analysis

wordpress.org/plugins/georouter

Web Doodle GeoRouter Plugin enables you auto-redirect website visitors using IP geolocation technology. Configure your routing by continent, country, …

0 active installs v1.0.1 PHP + WP + Updated Apr 28, 2021
auto-redirectgeo-ipgeographicredirectionregional-website
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is GeoRouter Safe to Use in 2026?

Generally Safe

Score 85/100

GeoRouter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The georouter plugin v1.0.1 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are all positive indicators. A high percentage of output escaping is also commendable, mitigating risks associated with cross-site scripting (XSS).

However, the analysis does raise some concerns. The complete lack of nonce checks and capability checks is a significant weakness. While the attack surface appears small (one shortcode), any dynamic behavior within that shortcode that isn't protected by nonces or capability checks could be vulnerable to unauthorized execution or manipulation. The absence of taint analysis data is also notable, as it prevents a deeper understanding of potential data flow vulnerabilities. The plugin's history of zero vulnerabilities could indicate good development practices or simply a lack of targeted analysis. Nevertheless, the current findings highlight a potential gap in authorization and validation mechanisms.

In conclusion, georouter v1.0.1 demonstrates a good foundation in secure coding practices, particularly regarding SQL injection and output sanitation. However, the lack of nonces and capability checks on its entry points represents a notable vulnerability that needs immediate attention to prevent potential unauthorized actions. The absence of taint analysis means that while no specific flows were identified as unsanitized, the possibility of such issues cannot be definitively ruled out.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
  • High percentage of unescaped output (11%)
Vulnerabilities
None known

GeoRouter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

GeoRouter Release Timeline

v1.0.1Current
v1.0.0
v0.0.2
v0.0.1
Code Analysis
Analyzed Apr 16, 2026

GeoRouter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
17 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

89% escaped19 total outputs
Attack Surface

GeoRouter Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[georouter-switcher] georouter.php:55
WordPress Hooks 4
actionplugins_loadedgeorouter.php:40
actionwp_enqueue_scriptsgeorouter.php:53
actionadmin_menuincludes/class-georouter-config.php:25
actionadmin_initincludes/class-georouter-config.php:26
Maintenance & Trust

GeoRouter Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedApr 28, 2021
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

GeoRouter Developer Profile

Ryan Soury

2 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect GeoRouter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/georouter/includes/class-georouter-config.php/wp-content/plugins/georouter/includes/class-georouter-util.php
Script Paths
https://georouter.services.webdoodle.com.au/

HTML / DOM Fingerprints

CSS Classes
wd-locale-select-containerwd-localewd-georouter
HTML Comments
<!-- WebDoodle Country Select --><!-- /WebDoodle Country Select -->
JS Globals
wp_georouter
Shortcode Output
<div class="wd-locale-select-container wd-locale wd-georouter"></div>
FAQ

Frequently Asked Questions about GeoRouter