WP-Safety

Maps by G Security & Risk Analysis

wordpress.org/plugins/leaflet-address-map

Display addresses on beautiful, interactive maps using OpenStreetMap. An open-source alternative to Google Maps that requires no API key.

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Jan 22, 2026
addresslocationmapmapsopenstreetmap
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Maps by G Safe to Use in 2026?

Generally Safe

Score 100/100

Maps by G has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "leaflet-address-map" v1.0.0 plugin exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The code demonstrates excellent practices in handling SQL queries with prepared statements and properly escaping all output, which are crucial for preventing common web vulnerabilities like SQL injection and XSS. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its security profile.

However, there are a few areas of concern that warrant attention. The plugin has a single shortcode as an entry point, and importantly, it lacks any nonces or capability checks associated with it. While there are no AJAX handlers or REST API routes that are unprotected, the shortcode itself could potentially be a vector for certain types of attacks if not carefully handled within its implementation (though the static analysis doesn't reveal specific issues in this regard).

The complete lack of recorded vulnerabilities, including CVEs, is a strong indicator of diligent security practices or potentially limited historical scrutiny. This is a significant strength. Despite the absence of explicit security checks on the shortcode, the overall analysis suggests a well-written plugin with a good foundation. Future development should consider adding nonces or capability checks to the shortcode for enhanced security, even if no immediate vulnerabilities are apparent.

Key Concerns

  • Shortcode without nonce check
  • Shortcode without capability check
Vulnerabilities
None known

Maps by G Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Maps by G Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
19 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped19 total outputs
Attack Surface

Maps by G Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[mbyg_map] free-maps-by-g.php:319
WordPress Hooks 7
actionwp_headfree-maps-by-g.php:42
actionwp_enqueue_scriptsfree-maps-by-g.php:82
actionadmin_enqueue_scriptsfree-maps-by-g.php:148
filterwidget_textfree-maps-by-g.php:324
filterthe_excerptfree-maps-by-g.php:329
actioninitfree-maps-by-g.php:361
actionadmin_menufree-maps-by-g.php:392
Maintenance & Trust

Maps by G Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 22, 2026
PHP min version7.4
Downloads88

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Maps by G Alternatives

GoMaps Address Autocomplete for Checkout

GoMaps Address Autocomplete for Checkout

gomaps-address-autocomplete-for-checkout

A
100

GoMaps Address Autocomplete enhances checkout address fields using real-time, fast and privacy-respecting location suggestions. Built for WooCommerce.

0 No CVEs
WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

wp-google-map-plugin

A
88

WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.

60K 21 CVEs
Easy Google Maps

Easy Google Maps

google-maps-easy

A
96

Google Maps with markers, locations and clusterization, KML layers and filters. Custom Google map markers with text, images, videos, links.

20K 7 CVEs
Store Locator WordPress

Store Locator WordPress

agile-store-locator

A
89

Agile Store Locator is a premium store finder plugin designed to offer you immediate access to all the best stores in your local area.

10K 8 CVEs
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

leaflet-maps-marker

A
94

The most comprehensive & user-friendly mapping solution for WordPress

10K 6 CVEs
Developer Profile

Maps by G Developer Profile

Gurbhagat Singh

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Maps by G

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/leaflet-address-map/assets/vendor/leaflet/leaflet.css/wp-content/plugins/leaflet-address-map/assets/css/mbyg-styles.css/wp-content/plugins/leaflet-address-map/assets/js/mbyg-lazy.js/wp-content/plugins/leaflet-address-map/assets/vendor/leaflet/leaflet.js/wp-content/plugins/leaflet-address-map/assets/css/mbyg-admin.css/wp-content/plugins/leaflet-address-map/assets/js/mbyg-admin.js
Script Paths
/wp-content/plugins/leaflet-address-map/assets/js/mbyg-lazy.js/wp-content/plugins/leaflet-address-map/assets/js/mbyg-admin.js
Version Parameters
leaflet-address-map/assets/css/mbyg-styles.css?ver=leaflet-address-map/assets/js/mbyg-lazy.js?ver=leaflet-address-map/assets/css/mbyg-admin.css?ver=leaflet-address-map/assets/js/mbyg-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mbyg-map-container
HTML Comments
<!-- Maps by G WordPress Plugin --><!-- End Maps by G WordPress Plugin -->
Data Attributes
data-providerdata-zoomdata-heightdata-widthdata-titledata-zoomcontrol+1 more
JS Globals
mbygAdminData
Shortcode Output
[mbyg_map]
FAQ

Frequently Asked Questions about Maps by G