WP-Safety

Map Me Security & Risk Analysis

wordpress.org/plugins/map-me

Easy and fast way to embed google map into your site. Choose between more than 20 beautiful map themes, add multiple locations, info windows and more.

300 active installs v2.0.3 PHP + WP 4.0.0+ Updated Nov 8, 2023
googlegoogle-mapslocatormapmaps
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Map Me Safe to Use in 2026?

Generally Safe

Score 85/100

Map Me has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "map-me" v2.0.3 plugin exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and a seemingly limited attack surface with no unprotected entry points. The code analysis also indicates no dangerous functions, no raw SQL queries, and no external HTTP requests, all positive security indicators. However, a significant concern arises from the complete lack of output escaping for all 38 identified output points. This suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the WordPress admin or on the frontend where the plugin's output is rendered. The plugin also performs a file operation, which, while not inherently risky, warrants attention if the operation involves user-controlled input and lacks proper sanitization. Taint analysis shows no flows, which is good, but this could also be due to the limited scope of the analysis or the plugin's code structure not presenting obvious taint paths. The absence of any recorded vulnerabilities in its history is a positive signal, but it should not overshadow the critical risk posed by the unescaped outputs.

Key Concerns

  • 38 outputs, 0% properly escaped (XSS risk)
  • 1 file operation (potential path traversal/arbitrary file read/write)
Vulnerabilities
None known

Map Me Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Map Me Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
38
0 escaped
Nonce Checks
3
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped38 total outputs
Attack Surface

Map Me Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[mm_map] map-me.php:269
WordPress Hooks 15
actioninitadmin\add_locations.php:7
actionmanage_mm_posts_columnsadmin\add_locations.php:49
actionmanage_mm_posts_custom_columnadmin\add_locations.php:62
actionadd_meta_boxesadmin\add_locations.php:302
actionsave_postadmin\add_locations.php:420
actioninitadmin\checker.php:111
actionadmin_menuadmin\help_menu_page.php:7
actionadmin_menuadmin\plugin_menu_page.php:24
actionadmin_initadmin\plugin_menu_page.php:93
actionadmin_initadmin\plugin_menu_page.php:164
actionadmin_initadmin\plugin_menu_page.php:259
actionwp_enqueue_scriptsmap-me.php:50
actionadmin_print_scripts-post-new.phpmap-me.php:60
actionadmin_print_scripts-post.phpmap-me.php:61
filterplugin_action_linksmap-me.php:63
Maintenance & Trust

Map Me Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedNov 8, 2023
PHP min version
Downloads30K

Community Trust

Rating90/100
Number of ratings11
Active installs300
Alternatives

Map Me Alternatives

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

wp-google-map-plugin

A
88

WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.

60K 20 CVEs
WP Store Locator

WP Store Locator

wp-store-locator

A
98

An easy to use location management system that enables users to search for nearby physical stores.

50K 1 CVE
MapPress Maps for WordPress

MapPress Maps for WordPress

mappress-google-maps-for-wordpress

A
94

MapPress is the easiest way to add unlimited interactive Google and Leaflet maps to WordPress.

30K 14 CVEs
Store Locator WordPress

Store Locator WordPress

agile-store-locator

A
89

Agile Store Locator is a premium store finder plugin designed to offer you immediate access to all the best stores in your local area.

10K 8 CVEs
Maps Plugin using Google Maps for WordPress – WP Google Map

Maps Plugin using Google Maps for WordPress – WP Google Map

gmap-embed

A
97

Google Map plugin for WordPress is very Simple, light-weight and Easy to use Google Custom Map with markers in Posts, Pages, Sidebar as shortcode.

10K 6 CVEs
Developer Profile

Map Me Developer Profile

Devnet

7 plugins · 6K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Map Me

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/map-me/assets/css/mm_styles.css/wp-content/plugins/map-me/assets/css/mm_custom_styles.css/wp-content/plugins/map-me/assets/js/init.js/wp-content/plugins/map-me/assets/js/map_styles.js/wp-content/plugins/map-me/assets/js/mm_custom_script.js
Script Paths
//maps.googleapis.com/maps/api/js//maps.googleapis.com/maps/api/js?key=
Version Parameters
map-me/assets/css/mm_styles.css?ver=map-me/assets/css/mm_custom_styles.css?ver=map-me/assets/js/init.js?ver=map-me/assets/js/map_styles.js?ver=map-me/assets/js/mm_custom_script.js?ver=

HTML / DOM Fingerprints

CSS Classes
mm_info_windowmm_location_url
Data Attributes
data-map-styledata-map-typedata-map-controlsdata-map-scrolldata-map-zoom
JS Globals
mm_optionsmap_optionslocations
FAQ

Frequently Asked Questions about Map Me