GPS 2 Photos Security & Risk Analysis
wordpress.org/plugins/gps-2-photosView, add, and edit EXIF GPS coordinates for your photos by selecting a location on a map, searching for it or typing in the coordinates.
Is GPS 2 Photos Safe to Use in 2026?
Generally Safe
Score 100/100GPS 2 Photos has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "gps-2-photos" plugin v1.0.0 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the static analysis shows no dangerous functions, a low rate of unescaped output, and a healthy percentage of SQL queries using prepared statements, the absence of authentication checks on all identified AJAX entry points is a major vulnerability. This means that any unauthenticated user could potentially trigger these AJAX actions, leading to unintended consequences or exploitation.
The taint analysis did reveal one flow with unsanitized paths, but it was not categorized as critical or high severity. This suggests a potential for path traversal or similar vulnerabilities, though its impact may be limited. The plugin's vulnerability history is clean, with no known CVEs. This is a positive indicator, but it doesn't negate the immediate risks presented by the unprotected entry points. The lack of past vulnerabilities could be due to the plugin's age, obscurity, or simply good luck.
In conclusion, while the "gps-2-photos" plugin has some good practices, particularly in its handling of SQL and output escaping, the unprotected AJAX handlers present a critical security weakness. The single unsanitized path flow adds another layer of concern. Given the high number of unprotected entry points, immediate attention is required to implement proper authentication and authorization checks on these AJAX handlers to mitigate the risk of unauthorized access and potential exploitation.
Key Concerns
- AJAX handlers without auth checks
- Flows with unsanitized paths
GPS 2 Photos Security Vulnerabilities
GPS 2 Photos Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
GPS 2 Photos Attack Surface
AJAX Handlers 4
WordPress Hooks 7
Maintenance & Trust
GPS 2 Photos Maintenance & Trust
Maintenance Signals
Community Trust
GPS 2 Photos Alternatives
Geolocation
geolocation
Lightweight display the location information of your post in a map (GDPR comliant). Ideal for travelbloggers or anyone who would like to show the loca …
Geo2 Maps Add-on for NextGEN Gallery
nextgen-gallery-geo
NGG Geo2 Maps Add-on displays maps with photos, galleries, or albums using EXIF GPS data or geocoding. Requires NextGEN Gallery.
Google Maps Photo Gallery
google-maps-photo-gallery
The shortcode for gallery on Google Maps with geotagged photos.
Smartphone Location Lookup
smartphone-location-lookup
This plugins displays a location based map on your sidebar. It tells visitors to your blog exactly where YOU are!
Photo Map Embed
photo-map-embed
Short Description: Turn EXIF GPS into an interactive map. Gutenberg block and shortcode. Edit pin titles; embed in seconds. No image uploads.
GPS 2 Photos Developer Profile
2 plugins · 90 total installs
How We Detect GPS 2 Photos
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/gps-2-photos/assets/css/styles.css/wp-content/plugins/gps-2-photos/assets/js/scripts.js/wp-content/plugins/gps-2-photos/assets/js/scripts.jsgps-2-photos/assets/css/styles.css?ver=gps-2-photos/assets/js/scripts.js?ver=HTML / DOM Fingerprints
gps2photos_map_container<!-- GPS 2 Photos - map start --><!-- GPS 2 Photos - map end --><!-- GPS 2 Photos - Add GPS to Media -->data-map-providerdata-azure-keydata-pin-icon-typedata-pin-colordata-pin-secondary-colordata-search-pin-color+1 moregps2photos_options/wp-json/gps-2-photos/v1/get-coordinates/wp-json/gps-2-photos/v1/save-coordinates[gps_photos_map]