Geotagmapper Security & Risk Analysis
wordpress.org/plugins/geotagmapperGeotagmapper adds geographical identification metadata (latitude and longitude) to the HTML header.You only have to specify your address.
Is Geotagmapper Safe to Use in 2026?
Generally Safe
Score 85/100Geotagmapper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The geotagmapper v1.5.1 plugin exhibits a mixed security posture. On the positive side, there are no identified AJAX handlers, REST API routes, shortcodes, or cron events, indicating a very limited attack surface. Furthermore, all detected SQL queries utilize prepared statements, which is a strong security practice. The plugin's vulnerability history is also clean, with no recorded CVEs, suggesting a relatively secure past or limited scrutiny.
However, significant concerns arise from the static analysis. The fact that 100% of the detected outputs are not properly escaped presents a considerable risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the single file operation and external HTTP request, while not inherently problematic, represent potential vectors if not handled with extreme care and sanitization. The taint analysis reveals a flow with unsanitized paths, which, despite not being categorized as critical or high severity in this instance, points to potential weaknesses in how user-supplied data is handled in file operations or external requests.
While the absence of known vulnerabilities and a small attack surface are strengths, the lack of output escaping and the presence of an unsanitized path flow are serious weaknesses that could be exploited. This plugin requires careful review and potential remediation to address the identified output escaping and taint flow issues.
Key Concerns
- No output escaping detected
- Taint flow with unsanitized path
- Lack of capability checks
- No nonce checks
Geotagmapper Security Vulnerabilities
Geotagmapper Code Analysis
Output Escaping
Data Flow Analysis
Geotagmapper Attack Surface
WordPress Hooks 5
Maintenance & Trust
Geotagmapper Maintenance & Trust
Maintenance Signals
Community Trust
Geotagmapper Alternatives
HTML5 Maps
html5-maps
Nice looking interactive responsive and mobile-friendly HTML5 Maps incl. US, World and more, with an option to customize view and behavior of the maps
Basic Google Maps Placemarks
basic-google-maps-placemarks
Embeds a Google Map into your site and lets you add map markers with custom icons and information windows.
Geo Mashup
geo-mashup
Include Google and OpenStreetMap maps in posts and pages, and map posts, pages, and other objects on global maps. Make WordPress into a GeoCMS.
Event post
event-post
The only WordPress plugin using native posts as full calendar events with begin and end date, geolocation, color and weather.
Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce
map-location-picker-at-checkout-for-woocommerce
Allow customers to select delivery/pickup spots on Google Maps at Checkout. Create shipping workflows for smooth order handling and better pricing.
Geotagmapper Developer Profile
6 plugins · 1K total installs
How We Detect Geotagmapper
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/geotagmapper/css/geotagmapper.css/wp-content/plugins/geotagmapper/js/geotagmapper.jsgeotagmapperDetectgeotagmapper/css/geotagmapper.css?ver=geotagmapper/js/geotagmapper.js?ver=HTML / DOM Fingerprints
geotagmapper-mapgeotagmapper_map<!-- geotagmapper --><!-- /geotagmapper -->data-gtm-latitudedata-gtm-longitudegeotagmapperDetect[geotagmapper_map]