Does GPXconnect have any unpatched vulnerabilities?

No. All known vulnerabilities in GPXconnect have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GPXconnect compatible with WordPress 3.5.2?

According to WordPress.org data, GPXconnect 1.0 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is GPXconnect updated?

GPXconnect was last updated on Mar 16, 2013. Frequent updates are generally a positive security signal.

What is GPXconnect's security score?

GPXconnect has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GPXconnect Security & Risk Analysis

wordpress.org/plugins/gpxconnect

Download GPX data to Garmin GPS devices.

10 active installs v1.0 PHP + WP 3.0+ Updated Mar 16, 2013

geogpsgpxmapsnavigation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GPXconnect Safe to Use in 2026?

Generally Safe

Score 85/100

GPXconnect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The gpxconnect v1.0 plugin exhibits a generally good security posture based on the static analysis provided. It boasts zero known CVEs, no critical or high severity taint flows, and a limited attack surface with only one entry point (a shortcode). Furthermore, all SQL queries are prepared, indicating a defense against SQL injection. The absence of file operations and external HTTP requests also reduces potential attack vectors.

However, a significant concern lies in the output escaping. With 5 total outputs and 0% properly escaped, this presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed by the shortcode that originates from user input or other dynamic sources could be exploited by an attacker to inject malicious scripts. The plugin also lacks nonce checks and has only one capability check associated with its shortcode, suggesting potential authorization bypass issues if the shortcode handles sensitive operations or displays sensitive data.

In conclusion, while the plugin demonstrates strengths in areas like SQL security and a small attack surface, the complete lack of output escaping is a critical weakness that overshadows these positives. This needs immediate attention to prevent XSS attacks. The limited authorization checks on the shortcode also warrant further investigation depending on its functionality.

Key Concerns

All outputs are unescaped
Shortcode lacks nonce checks
Only one capability check for shortcode

Vulnerabilities

None known

GPXconnect Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

GPXconnect Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped5 total outputs

Attack Surface

GPXconnect Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[gpxconnect] gpxconnect.php:49

WordPress Hooks 4

actionwp_enqueue_scriptsgpxconnect.php:40

actionwp_headgpxconnect.php:41

actionadmin_menugpxconnect.php:42

actionadmin_initgpxconnect.php:43

Maintenance & Trust

GPXconnect Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedMar 16, 2013

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

GPXconnect Alternatives

WP GPX Maps

wp-gpx-maps

Draws a GPX track with altitude graph. You can also display your nextgen gallery images in the map.

4K 3 CVEs

Images with GPS on GoogleMaps

images-with-gps-data-and-gpx-on-maps

Images with GPS on Google Maps displays your photos on a Google Maps map using GPS or without GPS Geotags.

40 No CVEs

Basic Google Maps Placemarks

basic-google-maps-placemarks

Embeds a Google Map into your site and lets you add map markers with custom icons and information windows.

3K No CVEs

Extensions for Leaflet Map

extensions-leaflet-map

Extends the WordPress Plugin Leaflet Map with Leaflet Plugins and other functions.

2K 3 CVEs

Geo Mashup

geo-mashup

Include Google and OpenStreetMap maps in posts and pages, and map posts, pages, and other objects on global maps. Make WordPress into a GeoCMS.

2K 6 CVEs

Developer Profile

GPXconnect Developer Profile

davidkeen

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GPXconnect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gpxconnect/js/garmin/device/GarminDeviceDisplay.js

Script Paths

prototypegarmin-device-display

HTML / DOM Fingerprints

JS Globals

Garmin.DeviceDisplaygpxFileNameload

Shortcode Output

<div id="garminDisplay"> </div><script type='text/javascript'>var gpxFileName = ''; load();</script><textarea id='dataString' style='display:none'>

FAQ