Does GeoSmart have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is GeoSmart compatible with WordPress 2.8.4?

According to WordPress.org data, GeoSmart 1.5.3 has been tested up to WordPress 2.8.4. Check the plugin's changelog for the latest compatibility information.

How often is GeoSmart updated?

GeoSmart was last updated on Oct 14, 2009. Frequent updates are generally a positive security signal.

What is GeoSmart's security score?

GeoSmart has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GeoSmart Security & Risk Analysis

wordpress.org/plugins/geosmart

Automatically adds city-precise location information of comment authors to comment metadata.

10 active installs v1.5.3 PHP + WP 2.8+ Updated Oct 14, 2009

commentcommentsgeolocationiplocation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GeoSmart Safe to Use in 2026?

Generally Safe

Score 85/100

GeoSmart has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The geosmart plugin v1.5 demonstrates several positive security practices, notably the exclusive use of prepared statements for all SQL queries, which significantly mitigates the risk of SQL injection vulnerabilities. Additionally, there are no recorded vulnerabilities (CVEs) for this plugin, suggesting a stable and well-maintained codebase in the past. The attack surface appears minimal with no direct entry points like AJAX handlers, REST API routes, or shortcodes that are unprotected. However, the static analysis reveals significant concerns. The extremely low percentage of properly escaped output (8%) is a major red flag, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the analysis found two taint flows with unsanitized paths, even though they are not categorized as critical or high severity. This, combined with zero capability checks and zero nonce checks, suggests that sensitive operations might be exposed to unauthorized users or that user-supplied data is not being properly validated before use. The presence of file operations and external HTTP requests, without explicit mention of validation or sanitization, also warrants caution.

Key Concerns

Low output escaping percentage
Taint flows with unsanitized paths
No capability checks
No nonce checks
File operation without context
External HTTP requests without context

Vulnerabilities

None known

GeoSmart Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

GeoSmart Release Timeline

v1.5.3Current

v1.5.2

v1.5.1

v1.5

v1.0.9.1

v1.0.9

v1.0.8

v1.0.4

v1.0.3

v1.0.2

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

GeoSmart Code Analysis

Dangerous Functions

Raw SQL Queries

13 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared13 total queries

Output Escaping

8% escaped53 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

displayAdmin (wp-geosmart.php:268)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

GeoSmart Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actionadmin_menuwp-geosmart.php:164

actionwp_headwp-geosmart.php:165

actioncomment_postwp-geosmart.php:166

actiondelete_commentwp-geosmart.php:167

actionwp_set_comment_statuswp-geosmart.php:168

actionwidgets_initwp-geosmart.php:169

actiongeosmart_database_cleanwp-geosmart.php:170

actioninitwp-geosmart.php:171

actioncomments_templatewp-geosmart.php:172

filterget_comment_authorwp-geosmart.php:174

filterplugin_action_linkswp-geosmart.php:175

filtercomments_templatewp-geosmart.php:177

actioninitwp-geosmart.php:178

Scheduled Events 1

geosmart_database_clean

Maintenance & Trust

GeoSmart Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.4

Last updatedOct 14, 2009

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

GeoSmart Alternatives

Geolocate Comments

geolocate-comments

100

Save and optionally display the geolocation of each commenter's IP address.

0 No CVEs

Geolocation IP Detection

geoip-detect

Provides geographic information detected by an IP adress.

20K 1 CVE

Subscribe to Comments

subscribe-to-comments

Subscribe to Comments allows commenters on an entry to subscribe to e-mail notifications for subsequent comments.

20K 3 CVEs

IP Location Block

ip-location-block

100

Easily block visitors by country, state or ISP provider. Also, protects your site from spam, login attempts, malicious access & more.

10K No CVEs

Remove IP

remove-ip

A simple plugin to not log IPs from comments.

5K No CVEs

Developer Profile

GeoSmart Developer Profile

samuelfolkes

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GeoSmart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/geosmart/geosmart.css/wp-content/plugins/geosmart/js/geosmart_map.js/wp-content/plugins/geosmart/js/geosmart.js/wp-content/plugins/geosmart/js/markerclusterer.js

Script Paths

/wp-content/plugins/geosmart/js/geosmart_map.js/wp-content/plugins/geosmart/js/geosmart.js/wp-content/plugins/geosmart/js/markerclusterer.js

Version Parameters

geosmart.css?ver=geosmart_map.js?ver=geosmart.js?ver=markerclusterer.js?ver=

HTML / DOM Fingerprints

CSS Classes

gs_widget_map

HTML Comments

Data Attributes

id="gs_widget_map_canvas_"data-widget-id=""

JS Globals

widgetInstancesgeosmart_mapmarkerClustererGeoSmart

FAQ