Does gMapTip have any unpatched vulnerabilities?

No. All known vulnerabilities in gMapTip have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is gMapTip compatible with WordPress 2.9.2?

According to WordPress.org data, gMapTip 1.5 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is gMapTip updated?

gMapTip was last updated on Unknown. Frequent updates are generally a positive security signal.

What is gMapTip's security score?

gMapTip has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

gMapTip Security & Risk Analysis

wordpress.org/plugins/gmaptip

Add Google Maps Tooltips to your Posts & Pages.

10 active installs v1.5 PHP + WP 2.8+ Updated Unknown

googlegoogle-mapsmapmapstooltip

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is gMapTip Safe to Use in 2026?

Generally Safe

Score 100/100

gMapTip has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "gmaptip" v1.5 plugin exhibits a strong security posture regarding common attack vectors. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code shows adherence to secure coding practices by exclusively using prepared statements for SQL queries and indicating no known vulnerabilities in its history. This suggests a well-maintained and secure plugin.

However, a significant concern arises from the static analysis revealing that 0% of the 12 identified output operations are properly escaped. This presents a substantial risk of cross-site scripting (XSS) vulnerabilities, where malicious code could be injected into the WordPress site through the plugin's output. While the plugin has no known historical vulnerabilities, this lack of output escaping is a critical oversight that attackers could exploit. The presence of the Select2 library, while not inherently a vulnerability, warrants attention for potential outdated versions if not actively managed.

In conclusion, "gmaptip" v1.5 benefits from a limited attack surface and secure database interaction. The paramount weakness is the complete lack of output escaping, which overshadows its strengths and represents a critical security blind spot. Users should be aware of this potential for XSS, and developers should prioritize addressing this issue in future updates.

Key Concerns

Output escaping not implemented
Bundled Select2 library (potential for outdated)

Vulnerabilities

None known

gMapTip Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

gMapTip Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

0% escaped12 total outputs

Attack Surface

gMapTip Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

filtermce_external_pluginsgmaptip.php:359

filtermce_buttonsgmaptip.php:360

actioninitgmaptip.php:377

actionwp_headgmaptip.php:378

actionadmin_headgmaptip.php:379

actionadmin_enqueue_scriptsgmaptip.php:380

actionadmin_menugmaptip.php:381

actioninitgmaptip.php:382

filterthe_contentgmaptip.php:384

Maintenance & Trust

gMapTip Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedUnknown

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

gMapTip Alternatives

WP Go Maps (formerly WP Google Maps)

wp-google-maps

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor …

300K 23 CVEs

iframe

[iframe src="http://www.youtube.com/embed/7_nAZQt9qu0" width="100%" height="500"] shortcode

70K 6 CVEs

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

wp-google-map-plugin

WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.

60K 21 CVEs

WP Store Locator

wp-store-locator

An easy to use location management system that enables users to search for nearby physical stores.

50K 1 CVE

API KEY for Google Maps

api-key-for-google-maps

100

Retroactively add Google Maps API KEY to any theme or plugin.

40K 1 CVE

Developer Profile

gMapTip Developer Profile

Alexander Rauscha

3 plugins · 80 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect gMapTip

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gmaptip/cp/cp.css/wp-content/plugins/gmaptip/cp/cp.js/wp-content/plugins/gmaptip/gmaptip.js/wp-content/plugins/gmaptip/gmaptip_admin.js

Script Paths

http://maps.google.com/maps/api/js?sensor=falsehttp://www.google.com/uds/api?file=uds.js&v=1.0&http://code.google.com/apis/gears/gears_init.js

HTML / DOM Fingerprints

CSS Classes

gmt_linkgmt_Info

HTML Comments

Data Attributes

class="gmt_link"id="gmt_tip"class="gmt_Info"id="gmt_map"class="gmt_colorp"

JS Globals

GMT_PLUGIN_URLGMT_VERSION

Shortcode Output

<a href="JavaScript:void(null);" class="gmt_link" ><span style="display:none"></span></a>

FAQ