Does Maps Widget for Google Maps have any unpatched vulnerabilities?

No. All known vulnerabilities in Maps Widget for Google Maps have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Maps Widget for Google Maps compatible with WordPress 6.9.4?

According to WordPress.org data, Maps Widget for Google Maps 4.27 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Maps Widget for Google Maps compatible with PHP 7.2+?

Maps Widget for Google Maps requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Maps Widget for Google Maps updated?

Maps Widget for Google Maps was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Maps Widget for Google Maps's security score?

Maps Widget for Google Maps has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Maps Widget for Google Maps Security & Risk Analysis

wordpress.org/plugins/google-maps-widget

Are your Google Maps slow? Try Map Widget for Google Maps. You'll have a fast Google Maps widget with a thumbnail & lightbox map in minutes!

30K active installs v4.27 PHP 7.2+ WP 4.0+ Updated Dec 3, 2025

google-mapgoogle-mapsgoogle-maps-widgetmapmap-widget

A · Safe

CVEs total2

Unpatched0

Last CVEApr 6, 2023

Plugin page Download

Safety Verdict

Is Maps Widget for Google Maps Safe to Use in 2026?

Generally Safe

Score 99/100

Maps Widget for Google Maps has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 6, 2023Updated 4mo ago

Risk Assessment

The google-maps-widget plugin version 4.27 exhibits a mixed security posture. On the positive side, it demonstrates good practices by having no SQL queries that are not prepared, no file operations, and no identified critical or high severity taint flows. The presence of nonce and capability checks on its AJAX handlers, although limited, is also a good sign. However, concerns arise from the output escaping, where 74% is properly escaped, leaving a significant portion (26%) potentially vulnerable to Cross-Site Scripting (XSS) if not handled with care. The plugin also makes 5 external HTTP requests, which could be a vector for supply chain attacks if the external services are compromised.

The vulnerability history reveals two medium severity CVEs, both related to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The fact that there are no currently unpatched vulnerabilities is reassuring, but the recurring nature of XSS and CSRF suggests that input sanitization and output encoding might require more robust implementation. The last vulnerability was in April 2023, indicating that while the plugin has been updated, past issues warrant continued vigilance. Overall, the plugin has strengths in its prepared SQL and lack of critical taint issues, but the output escaping and past vulnerability types highlight areas for improvement.

Key Concerns

Potential unescaped output
Bundled library (Select2) - potential for outdated version
Medium severity CVE history (2 instances)

Vulnerabilities

Maps Widget for Google Maps Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-1913medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Maps Widget for Google Maps <= 4.24 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 6, 2023 Patched in 4.25 (292d)

WF-0472804e-00cc-4c4c-97aa-86f433f65782-google-maps-widgetmedium · 4.3Cross-Site Request Forgery (CSRF)

Maps Widget for Google Maps <= 4.23 - Cross-Site Request Forgery via dismiss_notice

Mar 28, 2023 Patched in 4.24 (301d)

Code Analysis

Analyzed Mar 16, 2026

Maps Widget for Google Maps Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

192 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

74% escaped258 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

test_api_key_ajax (google-maps-widget.php:270)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Maps Widget for Google Maps Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_gmw_test_api_keygoogle-maps-widget.php:85

authwp_ajax_gmw_activategoogle-maps-widget.php:86

authwp_ajax_gmw_dismiss_pointergoogle-maps-widget.php:87

WordPress Hooks 21

filterplugin_row_metagoogle-maps-widget.php:75

actionadmin_enqueue_scriptsgoogle-maps-widget.php:78

actioncustomize_controls_enqueue_scriptsgoogle-maps-widget.php:79

actionadmin_footergoogle-maps-widget.php:82

actionadmin_action_gmw_dismiss_noticegoogle-maps-widget.php:90

actionadmin_menugoogle-maps-widget.php:93

actionadmin_initgoogle-maps-widget.php:96

actioncurrent_screengoogle-maps-widget.php:99

actionwp_enqueue_scriptsgoogle-maps-widget.php:102

actionwp_footergoogle-maps-widget.php:103

actionadmin_noticesgoogle-maps-widget.php:232

actionadmin_noticesgoogle-maps-widget.php:497

actionadmin_noticesgoogle-maps-widget.php:504

actionadmin_noticesgoogle-maps-widget.php:510

actionadmin_noticesgoogle-maps-widget.php:518

actionadmin_noticesgoogle-maps-widget.php:525

filtersafe_style_cssgoogle-maps-widget.php:1182

filtersafe_style_cssgoogle-maps-widget.php:1414

actioninitgoogle-maps-widget.php:1612

actionplugins_loadedgoogle-maps-widget.php:1613

actionwidgets_initgoogle-maps-widget.php:1614

Maintenance & Trust

Maps Widget for Google Maps Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version7.2

Downloads2.5M

Community Trust

Rating92/100

Number of ratings512

Active installs30K

Alternatives

Maps Widget for Google Maps Alternatives

Simple Google Maps Widget

simple-google-maps-widget

100

A simple yet cool and intuitive Google maps widget for your website

0 No CVEs

WP Go Maps (formerly WP Google Maps)

wp-google-maps

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor …

300K 22 CVEs

iframe

[iframe src="http://www.youtube.com/embed/7_nAZQt9qu0" width="100%" height="500"] shortcode

70K 6 CVEs

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

wp-google-map-plugin

WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.

60K 20 CVEs

WP Store Locator

wp-store-locator

An easy to use location management system that enables users to search for nearby physical stores.

50K 1 CVE

Developer Profile

Maps Widget for Google Maps Developer Profile

WebFactory

28 plugins · 3.5M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

699 days

View full developer profile

Detection Fingerprints

How We Detect Maps Widget for Google Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/google-maps-widget/js/frontend.js/wp-content/plugins/google-maps-widget/css/frontend.css

Script Paths

/wp-content/plugins/google-maps-widget/js/frontend.js/wp-content/plugins/google-maps-widget/js/admin.js/wp-content/plugins/google-maps-widget/js/admin.js

Version Parameters

google-maps-widget/js/frontend.js?ver=google-maps-widget/css/frontend.css?ver=google-maps-widget/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

gmw-map-wrappergmw-map-canvas

HTML Comments

Data Attributes

data-gmw-options

JS Globals

gmw_options

REST Endpoints

/wp-json/gmw/v1/settings

Shortcode Output

[google-maps-widget

FAQ