WP-Safety

Maps Plugin using Google Maps for WordPress – WP Google Map Security & Risk Analysis

wordpress.org/plugins/gmap-embed

Google Map plugin for WordPress is very Simple, light-weight and Easy to use Google Custom Map with markers in Posts, Pages, Sidebar as shortcode.

10K active installs v1.9.6 PHP 5.3+ WP 2.9+ Updated Jan 26, 2026
google-mapsmapmap-markersmapsstore-locator
97
A · Safe
CVEs total6
Unpatched0
Last CVEJan 24, 2025
Plugin page Download
Safety Verdict

Is Maps Plugin using Google Maps for WordPress – WP Google Map Safe to Use in 2026?

Generally Safe

Score 97/100

Maps Plugin using Google Maps for WordPress – WP Google Map has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jan 24, 2025Updated 2mo ago
Risk Assessment

The gmap-embed plugin v1.9.6 presents a mixed security posture. While it demonstrates good practices in areas like output escaping (95% properly) and the use of prepared statements for SQL queries (77%), significant concerns arise from its attack surface. Specifically, two of its four AJAX handlers lack authentication checks, creating potential entry points for unauthorized actions. Furthermore, the taint analysis reveals six high-severity flows with unsanitized paths, indicating potential vulnerabilities if user-supplied input is not handled correctly before being processed or used in sensitive operations. The plugin's history of six known CVEs, all classified as medium severity and covering common types like XSS, CSRF, and privilege escalation, suggests a recurring pattern of security weaknesses that require diligent patching. While there are currently no unpatched CVEs and good capability check usage, the presence of these historical issues coupled with the identified taint flows and unprotected AJAX handlers warrants careful attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • History of medium severity CVEs
Vulnerabilities
6

Maps Plugin using Google Maps for WordPress – WP Google Map Security Vulnerabilities

CVEs by Year

3 CVEs in 2021
2021
1 CVE in 2022
2022
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2024-13208medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Markers

Jan 24, 2025 Patched in 1.9.4 (34d)
CVE-2024-13306medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 24, 2025 Patched in 1.9.4 (34d)
CVE-2021-25081medium · 6.5Cross-Site Request Forgery (CSRF)

WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery

Jan 27, 2022 Patched in 1.8.4 (726d)
CVE-2021-45729medium · 5.4Improper Privilege Management

WP Google Map <= 1.8.0 - Missing Authorization

Dec 8, 2021 Patched in 1.8.1 (775d)
CVE-2021-25011medium · 5.7Missing Authorization

WP Google Map <= 1.8.0 - Subscriber+ Arbitrary Post Deletion and Plugin Settings Update

Dec 8, 2021 Patched in 1.8.1 (776d)
CVE-2021-24502medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Google Map <= 1.7.6 - Admin+ Stored Cross-Site Scripting

Jul 1, 2021 Patched in 1.7.7 (936d)
Code Analysis
Analyzed Mar 16, 2026

Maps Plugin using Google Maps for WordPress – WP Google Map Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
34 prepared
Unescaped Output
90
1585 escaped
Nonce Checks
26
Capability Checks
22
File Operations
0
External Requests
5
Bundled Libraries
3

Bundled Libraries

TinyMCEDataTablesSelect2

SQL Query Safety

77% prepared44 total queries

Output Escaping

95% escaped1675 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

21 flows6 with unsanitized paths
<markers-settings> (admin\includes\markers-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Maps Plugin using Google Maps for WordPress – WP Google Map Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 4

authwp_ajax_wgm_import_previewincludes\Classes\Bootstrap.php:179
noprivwp_ajax_wpgmapembed_p_get_markers_by_map_idincludes\Classes\Bootstrap.php:188
authwp_ajax_wgm_import_previewincludes\Traits\ImportExport.php:17
authwp_ajax_wgm_importincludes\Traits\ImportExport.php:18

Shortcodes 1

[gmap-embed] public\includes\shortcodes.php:38
WordPress Hooks 37
actionswitch_themeappsero\src\Insights.php:142
actionswitch_themeappsero\src\Insights.php:143
actionadmin_footerappsero\src\Insights.php:160
actionadmin_noticesappsero\src\Insights.php:177
actionadmin_initappsero\src\Insights.php:180
filtercron_schedulesappsero\src\Insights.php:186
actionadmin_menuappsero\src\License.php:232
actionafter_switch_themeappsero\src\License.php:858
actionswitch_themeappsero\src\License.php:859
filterplugins_apiappsero\src\Updater.php:57
actioninitincludes\Classes\Bootstrap.php:85
actionplugins_loadedincludes\Classes\Bootstrap.php:86
actionwidgets_initincludes\Classes\Bootstrap.php:87
actionactivated_pluginincludes\Classes\Bootstrap.php:88
actionwp_enqueue_scriptsincludes\Classes\Bootstrap.php:89
actionadmin_enqueue_scriptsincludes\Classes\Bootstrap.php:90
actionadmin_menuincludes\Classes\Bootstrap.php:91
actionadmin_initincludes\Classes\Bootstrap.php:92
actionadmin_initincludes\Classes\Bootstrap.php:93
actionadmin_noticesincludes\Classes\Bootstrap.php:94
filterplugin_action_links_gmap-embed/srm_gmap_embed.phpincludes\Classes\Bootstrap.php:95
actionmedia_buttonsincludes\Classes\Bootstrap.php:96
actionadmin_footerincludes\Classes\Bootstrap.php:97
actionwp_headincludes\Classes\Bootstrap.php:99
actionadmin_headincludes\Classes\Bootstrap.php:100
filterscript_loader_tagincludes\Classes\Bootstrap.php:102
actionadmin_post_wgm_save_api_keyincludes\Classes\Bootstrap.php:107
actionadmin_post_wgm_save_licenseincludes\Classes\Bootstrap.php:108
filterscript_loader_tagincludes\Classes\Bootstrap.php:112
actionadmin_initincludes\Classes\Bootstrap.php:116
actionwidgets_initincludes\Classes\srmgmap_widget.php:33
actionadmin_post_wgm_exportincludes\Traits\ImportExport.php:13
actionadmin_post_wgm_importincludes\Traits\ImportExport.php:14
actiongmap_embed_review_already_didincludes\Traits\InitActions.php:35
actiongmap_embed_review_laterincludes\Traits\InitActions.php:36
filtermce_external_pluginssrm_gmap_embed.php:37
filterinitsrm_gmap_embed.php:40
Maintenance & Trust

Maps Plugin using Google Maps for WordPress – WP Google Map Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 26, 2026
PHP min version5.3
Downloads927K

Community Trust

Rating98/100
Number of ratings169
Active installs10K
Alternatives

Maps Plugin using Google Maps for WordPress – WP Google Map Alternatives

Easy Map – Store Locator, Google Maps, OpenStreetMap, Leaflet Map

Easy Map – Store Locator, Google Maps, OpenStreetMap, Leaflet Map

easy-map

A
100

Create interactive maps with store locator, markers, drawings & multiple locations. Supports OpenStreetMap and Google Maps. No API key needed.

50 No CVEs
WP Go Maps (formerly WP Google Maps)

WP Go Maps (formerly WP Google Maps)

wp-google-maps

A
86

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor &hellip;

300K 22 CVEs
WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

wp-google-map-plugin

A
88

WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.

60K 20 CVEs
WP Store Locator

WP Store Locator

wp-store-locator

A
98

An easy to use location management system that enables users to search for nearby physical stores.

50K 1 CVE
MapPress Maps for WordPress

MapPress Maps for WordPress

mappress-google-maps-for-wordpress

A
94

MapPress is the easiest way to add unlimited interactive Google and Leaflet maps to WordPress.

30K 14 CVEs
Developer Profile

Maps Plugin using Google Maps for WordPress – WP Google Map Developer Profile

Saidur Rahman Milon

1 plugin · 10K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
547 days
View full developer profile
Detection Fingerprints

How We Detect Maps Plugin using Google Maps for WordPress – WP Google Map

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gmap-embed/admin/assets/css/bootstrap.min.css/wp-content/plugins/gmap-embed/admin/assets/css/datepicker.css/wp-content/plugins/gmap-embed/admin/assets/css/gmap-embed.css/wp-content/plugins/gmap-embed/admin/assets/css/gmap-embed-admin.css/wp-content/plugins/gmap-embed/admin/assets/css/jquery-ui.css/wp-content/plugins/gmap-embed/admin/assets/css/map-styles.css/wp-content/plugins/gmap-embed/admin/assets/css/select2.min.css/wp-content/plugins/gmap-embed/admin/assets/js/bootstrap.min.js+10 more
Version Parameters
gmap-embed/admin/assets/css/bootstrap.min.css?ver=gmap-embed/admin/assets/css/datepicker.css?ver=gmap-embed/admin/assets/css/gmap-embed.css?ver=gmap-embed/admin/assets/css/gmap-embed-admin.css?ver=gmap-embed/admin/assets/css/jquery-ui.css?ver=gmap-embed/admin/assets/css/map-styles.css?ver=gmap-embed/admin/assets/css/select2.min.css?ver=gmap-embed/admin/assets/js/bootstrap.min.js?ver=gmap-embed/admin/assets/js/gmap-embed.js?ver=gmap-embed/admin/assets/js/gmap-embed-admin.js?ver=gmap-embed/admin/assets/js/gmap-embed-frontend.js?ver=gmap-embed/admin/assets/js/gmap-embed-marker-validation.js?ver=gmap-embed/admin/assets/js/google-maps-api.js?ver=gmap-embed/admin/assets/js/jquery-ui.min.js?ver=gmap-embed/admin/assets/js/select2.min.js?ver=gmap-embed/admin/assets/js/tinymce_keyup_event.js?ver=gmap-embed/assets/css/frontend.css?ver=gmap-embed/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
gmap-embedwp-google-map-wrapwp-google-map-frontend
HTML Comments
WP Google Map plugin allows creating Google Map with marker or location with a responsive interface. Marker supports text, images, links, videos, and custom icons. Simply, Just put the shortcode on the page, post, or widget to display the map anywhere.Tinymce plugin initializationAdded function for tinymce initializationInitialize the plugin tracker+11 more
Data Attributes
data-plugin-name="WP Google Map"data-plugin-version="1.9.6"data-plugin-slug="gmap-embed"
JS Globals
WGM_PLUGIN_VERSIONWGM_PLUGIN_DEV_VERSIONWGM_PLUGIN_PATHWGM_PLUGIN_URLWGM_ICONS_DIRWGM_ICONS+1 more
Shortcode Output
[gmap-embed]
FAQ

Frequently Asked Questions about Maps Plugin using Google Maps for WordPress – WP Google Map