WP-Safety

Map for WooCommerce Security & Risk Analysis

wordpress.org/plugins/map-for-woocommerce

Integrate Google Maps with WooCommerce for easy location selection during checkout and in user account addresses to elevate the shopping experience.

10 active installs v1.0.0 PHP 8.0+ WP 6.0+ Updated Feb 26, 2024
checkoutgooglemapswoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Map for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Map for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The 'map-for-woocommerce' plugin v1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates strong practices by utilizing prepared statements for all SQL queries and ensuring all output is properly escaped. The absence of known vulnerabilities (CVEs) and bundled outdated libraries is also a significant strength, suggesting a well-maintained codebase regarding known external threats.

However, there are notable concerns identified in the static analysis. The presence of an AJAX handler without authentication checks represents a direct attack vector. While no critical or high severity taint flows were found, the analysis did identify three flows with unsanitized paths, indicating a potential for unexpected behavior or unintended data exposure under certain conditions. The single file operation and external HTTP request, while not inherently problematic, are entry points that warrant scrutiny in a broader context.

Overall, while the plugin benefits from a clean vulnerability history and good coding practices for SQL and output handling, the unprotected AJAX endpoint and unsanitized paths in taint flows introduce specific risks that need to be addressed. The lack of capability checks on the AJAX handler is a critical oversight, as it allows any user, regardless of their role, to interact with potentially sensitive functionality.

Key Concerns

  • Unprotected AJAX handler
  • Taint flows with unsanitized paths (3 flows)
  • No capability checks on entry points
Vulnerabilities
None known

Map for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Map for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
65 escaped
Nonce Checks
1
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped65 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
update_custom_marker_field (src\services\class-mwplg-admin-settings-service.php:63)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Map for WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_mwplg_maps_woocommerce_get_style_previewsrc\includes\class-mwplg-ajax.php:15
WordPress Hooks 25
actionactivated_pluginsrc\core\class-mwplg-appliaction.php:23
filterplugin_action_linkssrc\core\class-mwplg-appliaction.php:24
actionplugins_loadedsrc\core\class-mwplg-appliaction.php:26
actionadmin_noticessrc\core\class-mwplg-appliaction.php:128
actionadmin_enqueue_scriptssrc\includes\class-mwplg-adminarea.php:16
filterwoocommerce_settings_tabs_arraysrc\includes\class-mwplg-adminarea.php:17
actionwoocommerce_settings_tabs_maps_woocommercesrc\includes\class-mwplg-adminarea.php:18
actionwoocommerce_update_options_maps_woocommercesrc\includes\class-mwplg-adminarea.php:19
actionwp_enqueue_scriptssrc\includes\class-mwplg-frontend.php:16
actionadmin_enqueue_scriptssrc\includes\class-mwplg-frontend.php:17
actionadd_meta_boxessrc\includes\class-mwplg-hooks.php:15
actionwoocommerce_after_checkout_validationsrc\includes\class-mwplg-hooks.php:16
actionwoocommerce_after_save_address_validationsrc\includes\class-mwplg-hooks.php:17
actionwoocommerce_after_order_detailssrc\includes\class-mwplg-hooks.php:18
actionwoocommerce_new_ordersrc\includes\class-mwplg-hooks.php:19
actionwoocommerce_after_edit_address_form_billingsrc\includes\class-mwplg-hooks.php:20
actionwoocommerce_after_checkout_billing_formsrc\includes\class-mwplg-hooks.php:21
actionwoocommerce_after_edit_address_form_shippingsrc\includes\class-mwplg-hooks.php:22
actionwoocommerce_after_checkout_shipping_formsrc\includes\class-mwplg-hooks.php:23
actionshow_user_profilesrc\includes\class-mwplg-hooks.php:24
actionedit_user_profilesrc\includes\class-mwplg-hooks.php:25
filterwoocommerce_customer_meta_fieldssrc\includes\class-mwplg-hooks.php:26
actionuser_profile_update_errorssrc\includes\class-mwplg-hooks.php:27
actionpersonal_options_updatesrc\includes\class-mwplg-hooks.php:28
actionedit_user_profile_updatesrc\includes\class-mwplg-hooks.php:29
Maintenance & Trust

Map for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedFeb 26, 2024
PHP min version8.0
Downloads927

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Map for WooCommerce Alternatives

WooReer

WooReer

wcsdm

A
100

WooReer calculates shipping rates based on distance via Google Maps, Mapbox, DistanceMatrix.ai, Geoapify, or HERE.

2K No CVEs
Complete Image Sitemap

Complete Image Sitemap

complete-image-sitemap

A
85

The Complete Image Sitemap plugin will generate an XML Sitemap for all images, including Woocommerce products.

1K No CVEs
Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce

Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce

map-location-picker-at-checkout-for-woocommerce

A
100

Allow customers to select delivery/pickup spots on Google Maps at Checkout. Create shipping workflows for smooth order handling and better pricing.

1K 1 CVE
Checkout Address AutoFill For WooCommerce

Checkout Address AutoFill For WooCommerce

checkout-address-autofill-for-woocommerce

A
85

Checkout Address AutoFill For WooCommerce is a WooCommerce add-on which allows your user to autofill both Billing and Shipping address fields in the c …

400 No CVEs
reCaptcha for WooCommerce

reCaptcha for WooCommerce

advanced-google-recaptcha-for-woocommerce

A
100

Enable Google reCaptcha for WooCommerce Checkout, Login, Registration, and Reset Password Forms to protect your store against spam.

300 No CVEs
Developer Profile

Map for WooCommerce Developer Profile

Mohamed Endisha

6 plugins · 1K total installs

94
trust score
Avg Security Score
92/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Map for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/map-for-woocommerce/assets/css/plugin-settings.css/wp-content/plugins/map-for-woocommerce/assets/js/plugin-settings.js/wp-content/plugins/map-for-woocommerce/assets/js/preview-map-script.js/wp-content/plugins/map-for-woocommerce/assets/js/checkout-map-script.js/wp-content/plugins/map-for-woocommerce/assets/js/order-map-script.js/wp-content/plugins/map-for-woocommerce/assets/css/style.css
Script Paths
maps-woocommerce-plugin-settingsmaps-woocommercegoogle-maps-api
Version Parameters
map-for-woocommerce/assets/css/plugin-settings.css?ver=map-for-woocommerce/assets/js/plugin-settings.js?ver=map-for-woocommerce/assets/js/preview-map-script.js?ver=map-for-woocommerce/assets/js/checkout-map-script.js?ver=map-for-woocommerce/assets/js/order-map-script.js?ver=map-for-woocommerce/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
maps-woocommerce-map-previewmwplg-map-preview-wrappermwplg-map-wrapper
Data Attributes
data-mwplg-map-options
JS Globals
MapsWoocommerce
FAQ

Frequently Asked Questions about Map for WooCommerce