Does If-So Geolocation have any unpatched vulnerabilities?

No. All known vulnerabilities in If-So Geolocation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is If-So Geolocation compatible with WordPress 6.9.4?

According to WordPress.org data, If-So Geolocation 1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is If-So Geolocation updated?

If-So Geolocation was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is If-So Geolocation's security score?

If-So Geolocation has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

If-So Geolocation Security & Risk Analysis

wordpress.org/plugins/if-so-geolocation

All-in-one geolocation. Personalized content, geolocation Dynamic Keyword Insertion shortcodes, Rediects, and more. No coding required!

1K active installs v1.5 PHP + WP 4.0.1+ Updated Dec 11, 2025

geoipgeolocationgeolocation-redirectgeotargetinglocation-based-content

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is If-So Geolocation Safe to Use in 2026?

Generally Safe

Score 100/100

If-So Geolocation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "if-so-geolocation" v1.5 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs and a history free of vulnerabilities is a positive indicator. The code analysis reveals good practices such as 100% prepared SQL statements and a high rate of output escaping (82%). The limited attack surface, with only one shortcode as an entry point and no unprotected AJAX handlers or REST API routes, further contributes to its security. However, there are areas for improvement. The plugin lacks nonce checks entirely, which is a significant concern for any user-facing functionality, especially if the shortcode interacts with user-submitted data or triggers actions on the frontend that could be manipulated. While the taint analysis shows no unsanitized paths, the absence of nonce checks could still allow for cross-site request forgery (CSRF) attacks if the shortcode's output is not handled carefully.

Key Concerns

Missing nonce checks
Limited output escaping (18% not escaped)

Vulnerabilities

None known

If-So Geolocation Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

If-So Geolocation Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

82% escaped45 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<geo_analysis_tool_page_display> (admin\markup\geo_analysis_tool_page_display.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

If-So Geolocation Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ifso_get_browser_location] ifso-geolocation.class.php:40

WordPress Hooks 14

actioninitifso-geolocation.class.php:25

actionifso_extra_sumbenu_itemsifso-geolocation.class.php:27

filterifso_dki_types_extensionifso-geolocation.class.php:31

filterifso_geo_page_display_extra_tabsifso-geolocation.class.php:33

actionadmin_enqueue_scriptsifso-geolocation.class.php:34

filterifso_location_data_overrideifso-geolocation.class.php:36

filterifso_location_data_overrideifso-geolocation.class.php:37

filterifso_exclude_from_geoifso-geolocation.class.php:38

actionwp_enqueue_scriptsifso-geolocation.class.php:39

actionwp_footerifso-geolocation.class.php:41

actionplugins_loadedifso-geolocation.php:24

actionadmin_noticesifso-geolocation.php:31

actionpre_get_postsincludes\ifso-geolocation-post-excluder.class.php:35

actiontemplate_redirectincludes\ifso-geolocation-post-excluder.class.php:46

Maintenance & Trust

If-So Geolocation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version

Downloads20K

Community Trust

Rating100/100

Number of ratings4

Active installs1K

Alternatives

If-So Geolocation Alternatives

Geolocation IP Detection

geoip-detect

Provides geographic information detected by an IP adress.

20K 1 CVE

belingoGeo

belingogeo

The plugin adds the ability to select cities, unique pages are created with a unique url for each city. This allows you to uniqueize content.

1K 1 CVE

GeoTargeting Lite – WordPress Geolocation

geotargeting

GeoTargeting for WordPress will let you country-target your content based on users IP's and Geocountry Ip database

1K No CVEs

WT GeoTargeting

wt-geotargeting

Гибкая настройка геотаргетинга.

1K No CVEs

Preenchimento Automatico CEP Brasil

preenchimento-automatico-cep-brasil

Preenchimento automático dos campos de endereço a partir de um CEP

100 No CVEs

Developer Profile

If-So Geolocation Developer Profile

If-So Dynamic Content

3 plugins · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

66 days

View full developer profile

Detection Fingerprints

How We Detect If-So Geolocation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/if-so-geolocation/admin/assets/css/location-override-generator.css/wp-content/plugins/if-so-geolocation/admin/assets/js/sortable.min.js/wp-content/plugins/if-so-geolocation/admin/assets/js/drag-table.js/wp-content/plugins/if-so-geolocation/admin/assets/js/template-editor.js/wp-content/plugins/if-so-geolocation/admin/assets/js/location-override-generator.js/wp-content/plugins/if-so-geolocation/assets/img/flags/

Script Paths

/wp-content/plugins/if-so-geolocation/admin/assets/js/sortable.min.js/wp-content/plugins/if-so-geolocation/admin/assets/js/drag-table.js/wp-content/plugins/if-so-geolocation/admin/assets/js/template-editor.js/wp-content/plugins/if-so-geolocation/admin/assets/js/location-override-generator.js

Version Parameters

/wp-content/plugins/if-so-geolocation/admin/assets/css/location-override-generator.css?ver=/wp-content/plugins/if-so-geolocation/admin/assets/js/sortable.min.js?ver=/wp-content/plugins/if-so-geolocation/admin/assets/js/drag-table.js?ver=/wp-content/plugins/if-so-geolocation/admin/assets/js/template-editor.js?ver=/wp-content/plugins/if-so-geolocation/admin/assets/js/location-override-generator.js?ver=

HTML / DOM Fingerprints

CSS Classes

ifso-special-errorifso-country-flag

HTML Comments

Data Attributes

data-countrycodedata-postiddata-geotypedata-geoactionid

JS Globals

ifso_geo_override_cookie_nameifso_browser_location_cookie_nameifso_request_browser_location_cookie_name

Shortcode Output

[ifso_get_browser_location]

FAQ