Does MapifyLite (by MapifyPro) have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MapifyLite (by MapifyPro) compatible with WordPress 6.9.4?

According to WordPress.org data, MapifyLite (by MapifyPro) 5.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is MapifyLite (by MapifyPro) updated?

MapifyLite (by MapifyPro) was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is MapifyLite (by MapifyPro)'s security score?

MapifyLite (by MapifyPro) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MapifyLite (by MapifyPro) Security & Risk Analysis

wordpress.org/plugins/mapifylite

MapifyLite is an elite plugin for WordPress that implements fully-customized maps on your site.

300 active installs v5.1.1 PHP + WP 4.8.15+ Updated Dec 11, 2025

custom-mappinggoogle-maps-customizationmaps

A · Safe

CVEs total1

Unpatched0

Last CVEMar 24, 2021

Plugin page Download

Safety Verdict

Is MapifyLite (by MapifyPro) Safe to Use in 2026?

Generally Safe

Score 100/100

MapifyLite (by MapifyPro) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Mar 24, 2021Updated 5mo ago

Risk Assessment

The mapifylite plugin, version 5.1.1, demonstrates a mixed security posture. On the positive side, it effectively uses prepared statements for all SQL queries and has no reported critical or high-severity vulnerabilities. The absence of file operations and the limited external HTTP requests are also good indicators. However, several areas raise concerns. The presence of an unprotected AJAX handler significantly expands the attack surface without proper authentication, which is a critical oversight. Furthermore, nearly half of the output escaping is not properly handled, suggesting a potential for Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the unsanitized taint flows. The plugin's vulnerability history, though currently clear of unpatched issues, includes a past medium-severity XSS vulnerability, which aligns with the observed output escaping issues and highlights a recurring weakness.

Key Concerns

Unprotected AJAX handler
Significant unescaped output
Unsanitized taint flows found
Bundled Select2 library

Vulnerabilities

1 published

MapifyLite (by MapifyPro) Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-2ba55591-f4f3-4e90-9358-ca9c7ca01b09-mapifylitemedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MapifyLite and MapifyPro <= 3.3 - Authenticated Stored Cross-Site Scripting

Mar 24, 2021 Patched in 4.0.0 (1035d)

Version History

MapifyLite (by MapifyPro) Release Timeline

v5.1.1Current

v5.1.0

v5.0.1

v4.3.4

v4.3.3

v4.3.1

v4.3.0

v4.2.9

v4.2.8

v4.1.0

v4.0.0

Code Analysis

Analyzed Mar 16, 2026

MapifyLite (by MapifyPro) Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

53 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared7 total queries

Output Escaping

49% escaped108 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths

<map-settings> (modules\map-settings\map-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

MapifyLite (by MapifyPro) Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 3

authwp_ajax_mapifypro_installer_actionmapifypro-installer\mapifypro-installer.php:36

authwp_ajax_mpfy_review_save_selected_user_actionmodules\review-notification.php:115

authwp_ajax_mpfy_get_map_settingsmodules\service-map-settings.php:17

Shortcodes 1

[custom-mapping] core.php:84

WordPress Hooks 48

actioninitcore.php:6

actionwpcore.php:18

actionwp_footercore.php:28

actionadmin_enqueue_scriptscore.php:78

filtertemplate_includecore.php:155

filtertemplate_includecore.php:168

actionsave_postcore.php:180

actionadded_post_metacore.php:191

actionupdated_post_metacore.php:192

actionadmin_menumapifypro-installer\mapifypro-installer.php:34

actionadmin_enqueue_scriptsmapifypro-installer\mapifypro-installer.php:35

actionadmin_action_activate_mapfypromapifypro-installer\mapifypro-installer.php:37

actionadmin_action_activate_mapfypro_apimapifypro-installer\mapifypro-installer.php:38

actionadmin_noticesmapify_lite.php:52

actionafter_plugin_rowmapify_lite.php:97

actionadmin_menumodules\admin-menu-grouping.php:9

actionadmin_menumodules\admin-menu-grouping.php:14

actionadmin_menumodules\admin-menu-grouping.php:31

actionparent_filemodules\admin-menu-grouping.php:47

actionacf/settings/urlmodules\class-mapify-acf.php:32

actionacf/settings/show_adminmodules\class-mapify-acf.php:33

filtercomment_post_redirectmodules\comments.php:17

filtermpfy_map_modesmodules\image-mode\image-mode.php:4

filtermpfy_map_settings_servicemodules\image-mode\image-mode.php:12

filtermpfy_map_get_tilesetmodules\image-mode\image-mode.php:22

filtermpfy_map_location_custom_fieldsmodules\location-external-url.php:14

filtermpfy_pin_trigger_settingsmodules\location-external-url.php:30

actionpublish_map-locationmodules\locations-limit.php:68

actionadmin_initmodules\locations-limit.php:87

actionadmin_noticesmodules\locations-limit.php:127

filtermpfy_map_location_popup_enabledmodules\map-location-popup.php:2

actionadmin_enqueue_scriptsmodules\map-settings\map-settings.php:2

actionadmin_menumodules\map-settings\map-settings.php:17

actioninitmodules\map-settings\map-settings.php:33

actionwp_headmodules\og-meta.php:8

actionwp_headmodules\og-meta.php:44

actionmpfy_flush_rewrite_rulesmodules\plugin-activation.php:23

actionadmin_noticesmodules\review-notification.php:62

actionadmin_enqueue_scriptsmodules\review-notification.php:74

actionadmin_noticesmodules\updater.php:11

actionadmin_menumodules\updater.php:14

actionadmin_noticesmodules\updater.php:32

actionadmin_enqueue_scriptsmodules\upsell\upsell.php:6

actionadmin_noticesmodules\upsell\upsell.php:11

actionwpmodules\wpthumb.php:10

filtermpfy_get_thumbmodules\wpthumb.php:21

filtercomments_templatetemplates\single-map-location.post.php:49

filtercomment_formtemplates\single-map-location.post.php:50

Maintenance & Trust

MapifyLite (by MapifyPro) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version

Downloads15K

Community Trust

Rating88/100

Number of ratings5

Active installs300

Alternatives

MapifyLite (by MapifyPro) Alternatives

WP Go Maps (formerly WP Google Maps)

wp-google-maps

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor …

300K 23 CVEs

Hotjar

hotjar

The fast & visual way to understand your users.

70K 1 CVE

iframe

[iframe src="http://www.youtube.com/embed/7_nAZQt9qu0" width="100%" height="500"] shortcode

70K 6 CVEs

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

wp-google-map-plugin

WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.

60K 23 CVEs

WP Store Locator

wp-store-locator

An easy to use location management system that enables users to search for nearby physical stores.

50K 2 CVEs

Developer Profile

MapifyLite (by MapifyPro) Developer Profile

mapifypro

1 plugin · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

1035 days

View full developer profile

Detection Fingerprints

How We Detect MapifyLite (by MapifyPro)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mapifylite/assets/vendor/leaflet-1.7.1/leaflet.css/wp-content/plugins/mapifylite/assets/vendor/leaflet/markercluster/MarkerCluster.css/wp-content/plugins/mapifylite/assets/vendor/leaflet/markercluster/MarkerCluster.Default.css/wp-content/plugins/mapifylite/assets/vendor/leaflet/locatecontrol/L.Control.Locate.min.css/wp-content/plugins/mapifylite/assets/map.css/wp-content/plugins/mapifylite/assets/vendor/slick/slick.css/wp-content/plugins/mapifylite/assets/vendor/slick/slick-theme.css/wp-content/plugins/mapifylite/assets/popup.css+9 more

Script Paths

//fonts.googleapis.com/css?family=Montserrat

Version Parameters

mapifylite/assets/map.css?ver=mapifylite/assets/popup.css?ver=mapifylite/assets/js/dist/bundle.js?ver=

HTML / DOM Fingerprints

CSS Classes

mapify-plugin-list-promotionmpfy-or-textmpfy-closest-pin

Data Attributes

data-mapifypro-map-id

JS Globals

mapify_script_settings

FAQ