Map Block Leaflet Security & Risk Analysis
wordpress.org/plugins/map-block-leafletEmbed maps in content without needing to include an API key.
Is Map Block Leaflet Safe to Use in 2026?
Generally Safe
Score 99/100Map Block Leaflet has a strong security track record. Known vulnerabilities have been patched promptly.
The static analysis of map-block-leaflet v3.2.2 reveals a generally positive security posture, with no detected dangerous functions, file operations, external HTTP requests, or unescaped output. SQL queries are exclusively handled with prepared statements. The attack surface is reported as zero entry points, and taint analysis shows no flows with unsanitized paths, indicating robust handling of potential input vulnerabilities within the code's current state.
Despite the strong static analysis, the plugin has a history of one medium-severity Cross-Site Scripting (XSS) vulnerability, which was last patched on 2025-05-28. While there are no currently unpatched vulnerabilities, this past incident highlights a potential area of concern and suggests that developers should remain vigilant about input sanitization, especially in areas not covered by the current static analysis.
In conclusion, the plugin demonstrates good development practices in its current version, with no immediate critical or high risks identified in the code. However, the historical XSS vulnerability, even if patched, warrants a slight reduction in confidence due to the potential for similar issues to arise if not continually monitored. The lack of explicit capability or nonce checks, while not flagged as an issue in this specific analysis, could be a consideration for future hardening, particularly if any new entry points are introduced.
Key Concerns
- Past medium severity XSS vulnerability
- No nonce checks present
- No capability checks present
Map Block Leaflet Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Map Block Leaflet <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
Map Block Leaflet Code Analysis
Map Block Leaflet Attack Surface
WordPress Hooks 1
Maintenance & Trust
Map Block Leaflet Maintenance & Trust
Maintenance Signals
Community Trust
Map Block Leaflet Alternatives
Carto: Maps for WordPress
carto
Carto makes creating beautiful maps in WordPress and easy and quick task that not only gets the job done, but also does it in style!
Spectra Gutenberg Blocks – Website Builder for the Block Editor
ultimate-addons-for-gutenberg
Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
kadence-blocks
20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.
Page Builder: Pagelayer – Drag and Drop website builder
pagelayer
The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.
GenerateBlocks
generateblocks
A small collection of lightweight WordPress blocks that can accomplish nearly anything.
Map Block Leaflet Developer Profile
4 plugins · 1K total installs
How We Detect Map Block Leaflet
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/map-block-leaflet/build/leaflet-map-block/wp-content/plugins/map-block-leaflet/build/multi-marker/wp-content/plugins/map-block-leaflet/lib/leaflet.jsplugins_url($lib_style_path, __FILE__), array(), $lib_versionplugins_url($lib_script_path, __FILE__), array(), $lib_version, false