Does Mapster WP Maps have any unpatched vulnerabilities?

No. All known vulnerabilities in Mapster WP Maps have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mapster WP Maps compatible with WordPress 6.8.5?

According to WordPress.org data, Mapster WP Maps 1.21.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Mapster WP Maps updated?

Mapster WP Maps was last updated on Sep 17, 2025. Frequent updates are generally a positive security signal.

What is Mapster WP Maps's security score?

Mapster WP Maps has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mapster WP Maps Security & Risk Analysis

wordpress.org/plugins/mapster-wp-maps

Mapster WP Maps is the smoothest, easiest way to make maps for your site. No API keys required.

3K active installs v1.21.0 PHP + WP 5.0.0+ Updated Sep 17, 2025

gisinteractive-mapmapboxmaplibremaps

A · Safe

CVEs total4

Unpatched0

Last CVESep 25, 2025

Plugin page Download

Safety Verdict

Is Mapster WP Maps Safe to Use in 2026?

Generally Safe

Score 95/100

Mapster WP Maps has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Sep 25, 2025Updated 6mo ago

Risk Assessment

The "mapster-wp-maps" v1.21.0 plugin presents a mixed security posture. On the positive side, it demonstrates a strong commitment to secure database interactions, with 100% of its SQL queries utilizing prepared statements. The presence of 20 nonce checks and 25 capability checks indicates a reasonable effort to protect against common WordPress attack vectors. Furthermore, the absence of currently unpatched CVEs and no critical or high severity vulnerabilities in its history is encouraging.

However, several concerns warrant attention. A significant attack surface exists with 7 AJAX handlers lacking authentication checks, creating potential entry points for unauthorized actions. The static analysis also revealed 8 flows with unsanitized paths, which, although not classified as critical or high severity in the taint analysis, still pose a risk for potential vulnerabilities if not properly handled. The output escaping, while extensive, is only properly implemented in 68% of cases, leaving room for potential cross-site scripting (XSS) vulnerabilities. The history of 4 CVEs, including a past high severity authorization issue, suggests a pattern of past security weaknesses that, while addressed, indicate a need for continued vigilance.

In conclusion, while "mapster-wp-maps" has made strides in secure coding practices, particularly with database queries, the presence of unprotected AJAX endpoints and partially sanitized outputs are notable weaknesses. The plugin's vulnerability history, though currently clean, indicates a past susceptibility to common web vulnerabilities. A balanced approach of addressing the identified code weaknesses and continued monitoring of future updates is recommended.

Key Concerns

7 AJAX handlers without auth checks
8 flows with unsanitized paths
Output escaping properly in 68% of cases
Past high severity authorization vulnerability
Bundled Freemius v1.0 library

Vulnerabilities

Mapster WP Maps Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-9044medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mapster WP Maps <= 1.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 25, 2025 Patched in 1.21.0 (1d)

CVE-2024-10592medium · 6.4Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Mapster WP Maps <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 15, 2024 Patched in 1.7.0 (1d)

CVE-2024-9235high · 8.8Improper Authorization

Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options Update

Oct 24, 2024 Patched in 1.6.0 (1d)

CVE-2024-21744medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mapster WP Maps <= 1.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 5, 2024 Patched in 1.2.39 (20d)

Code Analysis

Analyzed Mar 16, 2026

Mapster WP Maps Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

284

616 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn @unserialize( trim( $data ), array( 'allowed_classes' => false ) ); //phpcs:ignore -- allowedincludes\acf\includes\acf-helper-functions.php:654

Bundled Libraries

Freemius1.0Select2

SQL Query Safety

100% prepared24 total queries

Output Escaping

68% escaped900 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

13 flows8 with unsanitized paths

submit (includes\acf\includes\admin\tools\class-acf-admin-tool-import.php:142)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Mapster WP Maps Attack Surface

Entry Points34

Unprotected7

AJAX Handlers 24

authwp_ajax_acf/link_field_groupsincludes\acf\includes\admin\admin-internal-post-type.php:47

authwp_ajax_acf/field_group/render_field_settingsincludes\acf\includes\admin\post-types\admin-field-group.php:44

authwp_ajax_acf/field_group/render_location_ruleincludes\acf\includes\admin\post-types\admin-field-group.php:45

authwp_ajax_acf/field_group/move_fieldincludes\acf\includes\admin\post-types\admin-field-group.php:46

authwp_ajax_acf/fields/oembed/searchincludes\acf\includes\fields\class-acf-field-oembed.php:38

noprivwp_ajax_acf/fields/oembed/searchincludes\acf\includes\fields\class-acf-field-oembed.php:39

authwp_ajax_acf/fields/page_link/queryincludes\acf\includes\fields\class-acf-field-page_link.php:36

noprivwp_ajax_acf/fields/page_link/queryincludes\acf\includes\fields\class-acf-field-page_link.php:37

authwp_ajax_acf/fields/post_object/queryincludes\acf\includes\fields\class-acf-field-post_object.php:31

noprivwp_ajax_acf/fields/post_object/queryincludes\acf\includes\fields\class-acf-field-post_object.php:32

authwp_ajax_acf/fields/relationship/queryincludes\acf\includes\fields\class-acf-field-relationship.php:35

noprivwp_ajax_acf/fields/relationship/queryincludes\acf\includes\fields\class-acf-field-relationship.php:36

authwp_ajax_acf/fields/select/queryincludes\acf\includes\fields\class-acf-field-select.php:34

noprivwp_ajax_acf/fields/select/queryincludes\acf\includes\fields\class-acf-field-select.php:35

authwp_ajax_acf/fields/taxonomy/queryincludes\acf\includes\fields\class-acf-field-taxonomy.php:42

noprivwp_ajax_acf/fields/taxonomy/queryincludes\acf\includes\fields\class-acf-field-taxonomy.php:43

authwp_ajax_acf/fields/taxonomy/add_termincludes\acf\includes\fields\class-acf-field-taxonomy.php:44

authwp_ajax_acf/fields/user/queryincludes\acf\includes\fields\class-acf-field-user.php:35

noprivwp_ajax_acf/fields/user/queryincludes\acf\includes\fields\class-acf-field-user.php:36

authwp_ajax_query-attachmentsincludes\acf\includes\media.php:32

authwp_ajax_acf/validate_save_postincludes\acf\includes\validation.php:28

noprivwp_ajax_acf/validate_save_postincludes\acf\includes\validation.php:29

authwp_ajax_acf_photo_gallery_edit_saveincludes\acf-photo-gallery-field\includes\acf_photo_gallery_edit_save.php:49

authwp_ajax_acf_photo_gallery_remove_photoincludes\acf-photo-gallery-field\includes\acf_photo_gallery_remove_photo.php:33

REST API Routes 8

GET/wp-json/mapster-wp-mapsset-tutorial-optionadmin\api\class-mapster-wordpress-maps-api.php:5

POST/wp-json/mapster-wp-mapsduplicateadmin\api\class-mapster-wordpress-maps-api.php:23

POST/wp-json/mapster-wp-mapsimport-geojsonadmin\api\class-mapster-wordpress-maps-api.php:71

POST/wp-json/mapster-wp-mapsimport-gl-jsadmin\api\class-mapster-wordpress-maps-api.php:147

GET/wp-json/mapster-wp-mapscategoryadmin\api\class-mapster-wordpress-maps-api.php:255

GET/wp-json/mapster-wp-mapsfeaturesadmin\api\class-mapster-wordpress-maps-api.php:291

GET/wp-json/mapster-wp-mapsfeatureadmin\api\class-mapster-wordpress-maps-api.php:386

GET/wp-json/mapster-wp-mapsmapadmin\api\class-mapster-wordpress-maps-api.php:404

Shortcodes 2

[acf] includes\acf\includes\api\api-template.php:1124

[mapster_wp_map] public\class-mapster-wordpress-maps-public.php:100

WordPress Hooks 345

filteracf/settings/urladmin\class-mapster-wordpress-maps-admin.php:61

filteracf/settings/show_adminadmin\class-mapster-wordpress-maps-admin.php:67

actionacf/include_fieldsadmin\includes\acf-map-fields.php:4

actioninitincludes\acf\acf.php:255

actioninitincludes\acf\acf.php:256

actioninitincludes\acf\acf.php:257

actionactivated_pluginincludes\acf\acf.php:258

actionpre_current_active_pluginsincludes\acf\acf.php:259

filterposts_whereincludes\acf\acf.php:262

filterwpml_get_home_urlincludes\acf\acf.php:817

filtertrp_home_urlincludes\acf\acf.php:818

actionacf/fields/select/query/key=_acf_bidirectional_targetincludes\acf\includes\acf-bidirectional-functions.php:203

actionacf/validate_fieldincludes\acf\includes\acf-field-functions.php:334

filterwp_unique_post_slugincludes\acf\includes\acf-field-functions.php:1101

actionwp_untrash_post_statusincludes\acf\includes\acf-field-functions.php:1266

actionacf/save_postincludes\acf\includes\acf-form-functions.php:171

filterwp_kses_allowed_htmlincludes\acf\includes\acf-input-functions.php:105

actionswitch_blogincludes\acf\includes\acf-utility-functions.php:104

actionacf/get_invalid_field_valueincludes\acf\includes\acf-value-functions.php:397

actioncurrent_screenincludes\acf\includes\admin\admin-internal-post-type-list.php:70

actionadmin_footerincludes\acf\includes\admin\admin-internal-post-type-list.php:71

actiontrashed_postincludes\acf\includes\admin\admin-internal-post-type-list.php:74

actionuntrashed_postincludes\acf\includes\admin\admin-internal-post-type-list.php:75

actiondeleted_postincludes\acf\includes\admin\admin-internal-post-type-list.php:76

actionadmin_enqueue_scriptsincludes\acf\includes\admin\admin-internal-post-type-list.php:159

actionadmin_body_classincludes\acf\includes\admin\admin-internal-post-type-list.php:160

filterdisplay_post_statesincludes\acf\includes\admin\admin-internal-post-type-list.php:164

actionadmin_footerincludes\acf\includes\admin\admin-internal-post-type-list.php:166

filterpage_row_actionsincludes\acf\includes\admin\admin-internal-post-type-list.php:169

actionadmin_footerincludes\acf\includes\admin\admin-internal-post-type-list.php:174

actioncurrent_screenincludes\acf\includes\admin\admin-internal-post-type.php:45

filteruse_block_editor_for_post_typeincludes\acf\includes\admin\admin-internal-post-type.php:48

actionadmin_body_classincludes\acf\includes\admin\admin-internal-post-type.php:93

filterpost_updated_messagesincludes\acf\includes\admin\admin-internal-post-type.php:94

actionacf/input/admin_enqueue_scriptsincludes\acf\includes\admin\admin-internal-post-type.php:95

actionacf/input/admin_headincludes\acf\includes\admin\admin-internal-post-type.php:96

actionacf/input/form_dataincludes\acf\includes\admin\admin-internal-post-type.php:97

actionacf/input/admin_footerincludes\acf\includes\admin\admin-internal-post-type.php:98

filteracf/input/admin_l10nincludes\acf\includes\admin\admin-internal-post-type.php:100

actionadmin_noticesincludes\acf\includes\admin\admin-notices.php:125

actionadmin_menuincludes\acf\includes\admin\admin-options-pages-preview.php:16

actionadmin_body_classincludes\acf\includes\admin\admin-options-pages-preview.php:38

actionadmin_menuincludes\acf\includes\admin\admin-tools.php:34

actionadmin_body_classincludes\acf\includes\admin\admin-tools.php:127

actionadmin_menuincludes\acf\includes\admin\admin-upgrade.php:33

actionnetwork_admin_menuincludes\acf\includes\admin\admin-upgrade.php:35

actionadmin_noticesincludes\acf\includes\admin\admin-upgrade.php:56

actionnetwork_admin_noticesincludes\acf\includes\admin\admin-upgrade.php:86

actionswitch_blogincludes\acf\includes\admin\admin-upgrade.php:143

actionadmin_body_classincludes\acf\includes\admin\admin-upgrade.php:168

actionadmin_body_classincludes\acf\includes\admin\admin-upgrade.php:190

actionadmin_menuincludes\acf\includes\admin\admin.php:17

actionadmin_enqueue_scriptsincludes\acf\includes\admin\admin.php:18

actionadmin_body_classincludes\acf\includes\admin\admin.php:19

actioncurrent_screenincludes\acf\includes\admin\admin.php:20

actionadmin_noticesincludes\acf\includes\admin\admin.php:21

actionadmin_noticesincludes\acf\includes\admin\admin.php:22

actionadmin_initincludes\acf\includes\admin\admin.php:23

actionadmin_initincludes\acf\includes\admin\admin.php:24

filterparent_fileincludes\acf\includes\admin\admin.php:25

filtersubmenu_fileincludes\acf\includes\admin\admin.php:26

actionin_admin_headerincludes\acf\includes\admin\admin.php:103

filteradmin_footer_textincludes\acf\includes\admin\admin.php:104

filterupdate_footerincludes\acf\includes\admin\admin.php:105

actionpost_submitbox_misc_actionsincludes\acf\includes\admin\post-types\admin-field-group.php:183

actionedit_form_after_titleincludes\acf\includes\admin\post-types\admin-field-group.php:184

filterscreen_settingsincludes\acf\includes\admin\post-types\admin-field-group.php:187

filterget_user_option_screen_layout_acf-field-groupincludes\acf\includes\admin\post-types\admin-field-group.php:188

actionadmin_menuincludes\acf\includes\admin\post-types\admin-field-groups.php:40

actionload-edit.phpincludes\acf\includes\admin\post-types\admin-field-groups.php:41

actionpost_classincludes\acf\includes\admin\post-types\admin-field-groups.php:42

actionpost_submitbox_misc_actionsincludes\acf\includes\admin\post-types\admin-post-type.php:161

actionedit_form_after_titleincludes\acf\includes\admin\post-types\admin-post-type.php:162

filterscreen_settingsincludes\acf\includes\admin\post-types\admin-post-type.php:165

filterget_user_option_screen_layout_acf-post-typeincludes\acf\includes\admin\post-types\admin-post-type.php:166

filterget_user_option_metaboxhidden_acf-post-typeincludes\acf\includes\admin\post-types\admin-post-type.php:167

filterget_user_option_closedpostboxes_acf-post-typeincludes\acf\includes\admin\post-types\admin-post-type.php:168

filterget_user_option_closedpostboxes_acf-post-typeincludes\acf\includes\admin\post-types\admin-post-type.php:169

actionadmin_menuincludes\acf\includes\admin\post-types\admin-post-types.php:44

actionadmin_menuincludes\acf\includes\admin\post-types\admin-taxonomies.php:43

actionpost_submitbox_misc_actionsincludes\acf\includes\admin\post-types\admin-taxonomy.php:163

actionedit_form_after_titleincludes\acf\includes\admin\post-types\admin-taxonomy.php:164

filterscreen_settingsincludes\acf\includes\admin\post-types\admin-taxonomy.php:167

filterget_user_option_screen_layout_acf-taxonomyincludes\acf\includes\admin\post-types\admin-taxonomy.php:168

filterget_user_option_metaboxhidden_acf-taxonomyincludes\acf\includes\admin\post-types\admin-taxonomy.php:169

filterget_user_option_closedpostboxes_acf-taxonomyincludes\acf\includes\admin\post-types\admin-taxonomy.php:170

filterget_user_option_closedpostboxes_acf-taxonomyincludes\acf\includes\admin\post-types\admin-taxonomy.php:171

filteruser_search_columnsincludes\acf\includes\ajax\class-acf-ajax-query-users.php:64

filterposts_orderbyincludes\acf\includes\api\api-helpers.php:1300

filteracf/settings/uploaderincludes\acf\includes\api\api-helpers.php:3035

filteracf/settings/enable_meta_box_cb_editincludes\acf\includes\api\api-helpers.php:4009

actionacf/removed_unsafe_htmlincludes\acf\includes\api\api-template.php:180

filteracf/prevent_access_to_unknown_fieldsincludes\acf\includes\api\api-template.php:1066

filterterms_clausesincludes\acf\includes\api\api-term.php:187

actioninitincludes\acf\includes\assets.php:45

actionadmin_enqueue_scriptsincludes\acf\includes\assets.php:180

actionadmin_print_scriptsincludes\acf\includes\assets.php:181

actionadmin_print_footer_scriptsincludes\acf\includes\assets.php:182

actionadmin_footerincludes\acf\includes\assets.php:311

filterwp_unique_post_slugincludes\acf\includes\class-acf-internal-post-type.php:75

actionwp_untrash_post_statusincludes\acf\includes\class-acf-internal-post-type.php:76

filteracf/validate_fieldincludes\acf\includes\compatibility.php:25

filteracf/validate_field/type=textareaincludes\acf\includes\compatibility.php:26

filteracf/validate_field/type=relationshipincludes\acf\includes\compatibility.php:27

filteracf/validate_field/type=post_objectincludes\acf\includes\compatibility.php:28

filteracf/validate_field/type=page_linkincludes\acf\includes\compatibility.php:29

filteracf/validate_field/type=imageincludes\acf\includes\compatibility.php:30

filteracf/validate_field/type=fileincludes\acf\includes\compatibility.php:31

filteracf/validate_field/type=wysiwygincludes\acf\includes\compatibility.php:32

filteracf/validate_field/type=date_pickerincludes\acf\includes\compatibility.php:33

filteracf/validate_field/type=taxonomyincludes\acf\includes\compatibility.php:34

filteracf/validate_field/type=date_time_pickerincludes\acf\includes\compatibility.php:35

filteracf/validate_field/type=userincludes\acf\includes\compatibility.php:36

filteracf/validate_field_groupincludes\acf\includes\compatibility.php:37

filteracf/field_wrapper_attributesincludes\acf\includes\compatibility.php:40

filteracf/location/validate_rule/type=post_taxonomyincludes\acf\includes\compatibility.php:43

filteracf/location/validate_rule/type=post_categoryincludes\acf\includes\compatibility.php:44

actionacf/initincludes\acf\includes\compatibility.php:47

filterget_media_item_argsincludes\acf\includes\fields\class-acf-field-file.php:36

filterget_media_item_argsincludes\acf\includes\fields\class-acf-field-image.php:41

filteracf/conditional_logic/choicesincludes\acf\includes\fields\class-acf-field-page_link.php:38

filteracf/conditional_logic/choicesincludes\acf\includes\fields\class-acf-field-post_object.php:33

filteracf/conditional_logic/choicesincludes\acf\includes\fields\class-acf-field-relationship.php:32

filteracf/conditional_logic/choicesincludes\acf\includes\fields\class-acf-field-taxonomy.php:45

actionacf/save_postincludes\acf\includes\fields\class-acf-field-taxonomy.php:48

filteracf/conditional_logic/choicesincludes\acf\includes\fields\class-acf-field-user.php:32

actionacf/ajax/query_users/initincludes\acf\includes\fields\class-acf-field-user.php:379

filteracf/ajax/query_users/argsincludes\acf\includes\fields\class-acf-field-user.php:380

filteracf/ajax/query_users/resultincludes\acf\includes\fields\class-acf-field-user.php:381

filteracf/ajax/query_users/search_columnsincludes\acf\includes\fields\class-acf-field-user.php:382

actionacf/enqueue_uploaderincludes\acf\includes\fields\class-acf-field-wysiwyg.php:42

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:62

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:64

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:65

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:66

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:67

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:69

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:70

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:74

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:75

filteracf_the_editor_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:218

filteracf_the_contentincludes\acf\includes\fields\class-acf-field-wysiwyg.php:398

actionacf/input/admin_enqueue_scriptsincludes\acf\includes\fields\class-acf-field.php:70

actionacf/input/admin_headincludes\acf\includes\fields\class-acf-field.php:71

actionacf/input/form_dataincludes\acf\includes\fields\class-acf-field.php:72

filteracf/input/admin_l10nincludes\acf\includes\fields\class-acf-field.php:73

actionacf/input/admin_footerincludes\acf\includes\fields\class-acf-field.php:74

actionacf/field_group/admin_enqueue_scriptsincludes\acf\includes\fields\class-acf-field.php:77

actionacf/field_group/admin_headincludes\acf\includes\fields\class-acf-field.php:78

actionacf/field_group/admin_footerincludes\acf\includes\fields\class-acf-field.php:79

actionadmin_enqueue_scriptsincludes\acf\includes\forms\form-attachment.php:30

filterattachment_fields_to_editincludes\acf\includes\forms\form-attachment.php:33

filterattachment_fields_to_saveincludes\acf\includes\forms\form-attachment.php:36

actionadmin_footerincludes\acf\includes\forms\form-attachment.php:67

actionadmin_enqueue_scriptsincludes\acf\includes\forms\form-comment.php:30

filtercomment_form_field_commentincludes\acf\includes\forms\form-comment.php:33

actionedit_commentincludes\acf\includes\forms\form-comment.php:38

actioncomment_postincludes\acf\includes\forms\form-comment.php:39

actionadmin_footerincludes\acf\includes\forms\form-comment.php:90

actionadd_meta_boxes_commentincludes\acf\includes\forms\form-comment.php:91

actioncustomize_controls_initincludes\acf\includes\forms\form-customizer.php:30

actioncustomize_preview_initincludes\acf\includes\forms\form-customizer.php:31

actioncustomize_saveincludes\acf\includes\forms\form-customizer.php:32

filterwidget_update_callbackincludes\acf\includes\forms\form-customizer.php:35

actionacf/input/admin_footerincludes\acf\includes\forms\form-customizer.php:60

filteracf/pre_load_valueincludes\acf\includes\forms\form-customizer.php:214

filteracf/pre_load_referenceincludes\acf\includes\forms\form-customizer.php:215

actionacf/validate_save_postincludes\acf\includes\forms\form-front.php:29

filteracf/pre_save_postincludes\acf\includes\forms\form-front.php:30

actionenqueue_block_editor_assetsincludes\acf\includes\forms\form-gutenberg.php:25

actionacf/validate_save_postincludes\acf\includes\forms\form-gutenberg.php:28

actionadd_meta_boxesincludes\acf\includes\forms\form-gutenberg.php:45

actionblock_editor_meta_box_hidden_fieldsincludes\acf\includes\forms\form-gutenberg.php:48

filterfilter_block_editor_meta_boxesincludes\acf\includes\forms\form-gutenberg.php:51

actionadmin_enqueue_scriptsincludes\acf\includes\forms\form-nav-menu.php:24

actionwp_update_nav_menuincludes\acf\includes\forms\form-nav-menu.php:25

actionacf/validate_save_postincludes\acf\includes\forms\form-nav-menu.php:26

actionwp_nav_menu_item_custom_fieldsincludes\acf\includes\forms\form-nav-menu.php:27

filterwp_get_nav_menu_itemsincludes\acf\includes\forms\form-nav-menu.php:30

filterwp_edit_nav_menu_walkerincludes\acf\includes\forms\form-nav-menu.php:31

actionadmin_footerincludes\acf\includes\forms\form-nav-menu.php:57

actionload-post.phpincludes\acf\includes\forms\form-post.php:28

actionload-post-new.phpincludes\acf\includes\forms\form-post.php:29

filterwp_insert_post_empty_contentincludes\acf\includes\forms\form-post.php:32

actionsave_postincludes\acf\includes\forms\form-post.php:33

actionadd_meta_boxesincludes\acf\includes\forms\form-post.php:73

actionedit_form_after_titleincludes\acf\includes\forms\form-post.php:157

actionadmin_enqueue_scriptsincludes\acf\includes\forms\form-taxonomy.php:32

actioncreate_termincludes\acf\includes\forms\form-taxonomy.php:35

actionedit_termincludes\acf\includes\forms\form-taxonomy.php:36

actiondelete_termincludes\acf\includes\forms\form-taxonomy.php:39

actionadmin_footerincludes\acf\includes\forms\form-taxonomy.php:94

actionadmin_enqueue_scriptsincludes\acf\includes\forms\form-user.php:28

actionlogin_form_registerincludes\acf\includes\forms\form-user.php:29

actionshow_user_profileincludes\acf\includes\forms\form-user.php:32

actionedit_user_profileincludes\acf\includes\forms\form-user.php:33

actionuser_new_formincludes\acf\includes\forms\form-user.php:34

actionregister_formincludes\acf\includes\forms\form-user.php:35

actionuser_registerincludes\acf\includes\forms\form-user.php:38

actionprofile_updateincludes\acf\includes\forms\form-user.php:39

filterregistration_errorsincludes\acf\includes\forms\form-user.php:42

filteracf/pre_load_valueincludes\acf\includes\forms\form-user.php:185

actionacf/input/admin_footerincludes\acf\includes\forms\form-user.php:250

actionadmin_enqueue_scriptsincludes\acf\includes\forms\form-widget.php:35

actionin_widget_formincludes\acf\includes\forms\form-widget.php:36

actionacf/validate_save_postincludes\acf\includes\forms\form-widget.php:37

filterwidget_update_callbackincludes\acf\includes\forms\form-widget.php:40

actionacf/input/admin_footerincludes\acf\includes\forms\form-widget.php:69

filteracf/get_cache_keyincludes\acf\includes\l10n.php:147

filteracf/load_field_groupsincludes\acf\includes\local-fields.php:652

filteracf/load_post_typesincludes\acf\includes\local-fields.php:653

filteracf/load_taxonomiesincludes\acf\includes\local-fields.php:654

filteracf/load_ui_options_pagesincludes\acf\includes\local-fields.php:655

filteracf/is_field_keyincludes\acf\includes\local-fields.php:674

filteracf/is_field_group_keyincludes\acf\includes\local-fields.php:707

filteracf/is_post_type_keyincludes\acf\includes\local-fields.php:708

filteracf/is_taxonomy_keyincludes\acf\includes\local-fields.php:709

actionacf/include_fieldsincludes\acf\includes\local-fields.php:734

actionacf/update_field_groupincludes\acf\includes\local-json.php:35

actionacf/untrash_field_groupincludes\acf\includes\local-json.php:36

actionacf/trash_field_groupincludes\acf\includes\local-json.php:37

actionacf/delete_field_groupincludes\acf\includes\local-json.php:38

actionacf/update_post_typeincludes\acf\includes\local-json.php:39

actionacf/untrash_post_typeincludes\acf\includes\local-json.php:40

actionacf/trash_post_typeincludes\acf\includes\local-json.php:41

actionacf/delete_post_typeincludes\acf\includes\local-json.php:42

actionacf/update_taxonomyincludes\acf\includes\local-json.php:43

actionacf/untrash_taxonomyincludes\acf\includes\local-json.php:44

actionacf/trash_taxonomyincludes\acf\includes\local-json.php:45

actionacf/delete_taxonomyincludes\acf\includes\local-json.php:46

actionacf/include_fieldsincludes\acf\includes\local-json.php:49

actionacf/include_post_typesincludes\acf\includes\local-json.php:50

actionacf/include_taxonomiesincludes\acf\includes\local-json.php:51

filteracf/pre_load_post_idincludes\acf\includes\local-meta.php:31

filteracf/pre_load_metaincludes\acf\includes\local-meta.php:32

filteracf/pre_load_metadataincludes\acf\includes\local-meta.php:33

filteracf/pre_update_metadataincludes\acf\includes\local-meta.php:103

actionacf/enqueue_scriptsincludes\acf\includes\media.php:23

actionacf/save_postincludes\acf\includes\media.php:26

filterwp_handle_upload_prefilterincludes\acf\includes\media.php:29

filterimage_size_names_chooseincludes\acf\includes\media.php:121

filterwp_prepare_attachment_for_jsincludes\acf\includes\media.php:173

filterimage_size_names_chooseincludes\acf\includes\media.php:174

filterwp_prepare_attachment_for_jsincludes\acf\includes\media.php:176

filteracf/pre_update_field_groupincludes\acf\includes\post-types\class-acf-field-group.php:72

actionacf/initincludes\acf\includes\post-types\class-acf-post-type.php:75

filterenter_title_hereincludes\acf\includes\post-types\class-acf-post-type.php:76

actionacf/initincludes\acf\includes\post-types\class-acf-taxonomy.php:75

filterrest_pre_dispatchincludes\acf\includes\rest-api\class-acf-rest-api.php:22

actionrest_api_initincludes\acf\includes\rest-api\class-acf-rest-api.php:23

filterrest_prepare_userincludes\acf\includes\rest-api\class-acf-rest-embed-links.php:39

actionwp_restore_post_revisionincludes\acf\includes\revisions.php:18

filter_wp_post_revision_fieldsincludes\acf\includes\revisions.php:19

filter_wp_post_revision_fieldsincludes\acf\includes\revisions.php:20

filteracf/validate_post_idincludes\acf\includes\revisions.php:21

action_wp_put_post_revisionincludes\acf\includes\revisions.php:25

filterwp_save_post_revision_post_has_changedincludes\acf\includes\revisions.php:26

filterwp_post_revision_meta_keysincludes\acf\includes\revisions.php:27

filterwp_save_post_revision_check_for_changesincludes\acf\includes\revisions.php:31

filtertabify_posttypesincludes\acf\includes\third-party.php:26

actiontabify_add_meta_boxesincludes\acf\includes\third-party.php:27

filterpts_allowed_pagesincludes\acf\includes\third-party.php:32

filteracf/get_post_typesincludes\acf\includes\third-party.php:37

actiondoing_dark_modeincludes\acf\includes\third-party.php:42

actionwp_upgradeincludes\acf\includes\upgrades.php:450

actionacf/validate_save_postincludes\acf\includes\validation.php:30

actionacf/verify_ajaxincludes\acf\includes\wpml.php:39

filterget_translatable_documentsincludes\acf\includes\wpml.php:42

actionacf/upgrade_500_field_groupincludes\acf\includes\wpml.php:48

actionicl_make_duplicateincludes\acf\includes\wpml.php:49

filteracf/settings/save_jsonincludes\acf\includes\wpml.php:52

filteracf/settings/load_jsonincludes\acf\includes\wpml.php:53

actionacf/initincludes\acf\src\Blocks\Bindings.php:27

actiondebug_informationincludes\acf\src\Site_Health\Site_Health.php:31

actionacf_update_site_health_dataincludes\acf\src\Site_Health\Site_Health.php:32

actionacf/first_activatedincludes\acf\src\Site_Health\Site_Health.php:39

actionacf/activated_proincludes\acf\src\Site_Health\Site_Health.php:40

filteracf/pre_update_field_groupincludes\acf\src\Site_Health\Site_Health.php:41

filteracf/pre_update_post_typeincludes\acf\src\Site_Health\Site_Health.php:42

filteracf/pre_update_taxonomyincludes\acf\src\Site_Health\Site_Health.php:43

filteracf/pre_update_ui_options_pageincludes\acf\src\Site_Health\Site_Health.php:44

actionacf/include_field_typesincludes\acf-code-field\acf-code-field.php:30

actionacf/register_fieldsincludes\acf-code-field\acf-code-field.php:39

actionadmin_noticesincludes\acf-code-field\acf-code-field.php:42

actionacf/include_field_typesincludes\acf-mapster-map\acf-mapster-map.php:52

actionacf/register_fieldsincludes\acf-mapster-map\acf-mapster-map.php:53

filterimage_resize_dimensionsincludes\acf-photo-gallery-field\aq_resizer.php:76

filteracf_photo_gallery_image_fieldsincludes\acf-photo-gallery-field\includes\acf_photo_gallery_image_fields.php:34

actionsave_postincludes\acf-photo-gallery-field\includes\acf_photo_gallery_save.php:37

actionsave_postincludes\acf-photo-gallery-field\includes\acf_photo_gallery_save.php:39

actionprofile_updateincludes\acf-photo-gallery-field\includes\acf_photo_gallery_save.php:41

filterimage_resize_dimensionsincludes\acf-photo-gallery-field\includes\aq_resizer.php:76

actionadmin_enqueue_scriptsincludes\acf-photo-gallery-field\navz-photo-gallery.php:46

actionacf/include_field_typesincludes\acf-photo-gallery-field\navz-photo-gallery.php:47

actionacf/register_fieldsincludes\acf-photo-gallery-field\navz-photo-gallery.php:48

filteracf_photo_gallery_caption_from_attachmentincludes\acf-photo-gallery-field\navz-photo-gallery.php:49

filterrest_prepare_pageincludes\acf-photo-gallery-field\navz-photo-gallery.php:50

actionelementor/dynamic_tags/register_tagsincludes\acf-photo-gallery-field\navz-photo-gallery.php:51

actionplugins_loadedincludes\class-mapster-wordpress-maps.php:134

actionplugins_loadedincludes\class-mapster-wordpress-maps.php:146

actioninitincludes\class-mapster-wordpress-maps.php:147

actioninitincludes\class-mapster-wordpress-maps.php:148

actioninitincludes\class-mapster-wordpress-maps.php:149

actioninitincludes\class-mapster-wordpress-maps.php:150

actionadd_meta_boxesincludes\class-mapster-wordpress-maps.php:151

filtermanage_mapster-wp-map_posts_columnsincludes\class-mapster-wordpress-maps.php:152

actionmanage_mapster-wp-map_posts_custom_columnincludes\class-mapster-wordpress-maps.php:153

filtermanage_mapster-wp-location_posts_columnsincludes\class-mapster-wordpress-maps.php:160

filtermanage_mapster-wp-line_posts_columnsincludes\class-mapster-wordpress-maps.php:161

filtermanage_mapster-wp-polygon_posts_columnsincludes\class-mapster-wordpress-maps.php:162

actionmanage_mapster-wp-location_posts_custom_columnincludes\class-mapster-wordpress-maps.php:163

actionmanage_mapster-wp-line_posts_custom_columnincludes\class-mapster-wordpress-maps.php:170

actionmanage_mapster-wp-polygon_posts_custom_columnincludes\class-mapster-wordpress-maps.php:177

filteracf/validate_value/key=field_616a145a4f1ebincludes\class-mapster-wordpress-maps.php:184

filteracf/validate_value/key=field_6169fddd6e650includes\class-mapster-wordpress-maps.php:191

filteracf/validate_value/key=field_61ca465c6f329includes\class-mapster-wordpress-maps.php:198

filteracf/update_value/key=field_616a02f694f0bincludes\class-mapster-wordpress-maps.php:205

filteracf/update_value/key=field_616a031894f0dincludes\class-mapster-wordpress-maps.php:212

filteracf/update_value/key=field_616a0739c7606includes\class-mapster-wordpress-maps.php:219

filteruse_block_editor_for_post_typeincludes\class-mapster-wordpress-maps.php:226

filterpost_row_actionsincludes\class-mapster-wordpress-maps.php:233

actionadmin_enqueue_scriptsincludes\class-mapster-wordpress-maps.php:240

actionadmin_enqueue_scriptsincludes\class-mapster-wordpress-maps.php:241

actionadmin_menuincludes\class-mapster-wordpress-maps.php:242

actionadmin_initincludes\class-mapster-wordpress-maps.php:243

actionrest_api_initincludes\class-mapster-wordpress-maps.php:245

actionrest_api_initincludes\class-mapster-wordpress-maps.php:246

actionrest_api_initincludes\class-mapster-wordpress-maps.php:247

actionrest_api_initincludes\class-mapster-wordpress-maps.php:248

actionrest_api_initincludes\class-mapster-wordpress-maps.php:249

actionrest_api_initincludes\class-mapster-wordpress-maps.php:250

actionrest_api_initincludes\class-mapster-wordpress-maps.php:251

actionrest_api_initincludes\class-mapster-wordpress-maps.php:253

actionin_admin_headerincludes\class-mapster-wordpress-maps.php:255

actionadmin_noticesincludes\class-mapster-wordpress-maps.php:256

filteracf/input/meta_box_priorityincludes\class-mapster-wordpress-maps.php:257

filteracf/settings/remove_wp_meta_boxincludes\class-mapster-wordpress-maps.php:264

actionwp_enqueue_scriptsincludes\class-mapster-wordpress-maps.php:276

actionwp_enqueue_scriptsincludes\class-mapster-wordpress-maps.php:277

actioninitincludes\class-mapster-wordpress-maps.php:278

filterthe_contentincludes\class-mapster-wordpress-maps.php:279

actiongform_field_standard_settingsincludes\gravity-mapster-map\gravity-mapster-map.php:187

actiongform_editor_jsincludes\gravity-mapster-map\gravity-mapster-map.php:208

filtergform_tooltipsincludes\gravity-mapster-map\gravity-mapster-map.php:214

filteris_submenu_visiblemapster-wordpress-maps.php:95

Scheduled Events 1

acf_update_site_health_data

Maintenance & Trust

Mapster WP Maps Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 17, 2025

PHP min version

Downloads70K

Community Trust

Rating96/100

Number of ratings51

Active installs3K

Alternatives

Mapster WP Maps Alternatives

WP Mapbox GL JS Maps

wp-mapbox-gl-js

NOTE: This plugin has been deprecated and is no longer supported. Please see our latest plugin, Mapster WP Maps, for a more up-to-date and maintained …

1K 1 unpatched

Open User Map

open-user-map

Engage your visitors with an interactive map – let them add markers instantly or create a custom map showcasing your favorite spots.

10K 3 CVEs

SimpleMaps

interactive-maps

Easily add an interactive map of the world, US, or many other countries to your WordPress site.

600 1 CVE

Interactive US Map

interactive-us-map

Interactive US Regional Map WordPress plugin with an easy to use map dashboard.

400 1 unpatched

Embed Webmap

embed-webmap

Embed a public webmap from ArcGIS Online into WordPress with a shortcode.

300 No CVEs

Developer Profile

Mapster WP Maps Developer Profile

mapster

1 plugin · 3K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Mapster WP Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mapster-wp-maps/css/styles.css/wp-content/plugins/mapster-wp-maps/js/scripts.js/wp-content/plugins/mapster-wp-maps/assets/css/mapster.css/wp-content/plugins/mapster-wp-maps/assets/js/mapster.js/wp-content/plugins/mapster-wp-maps/admin/css/admin.css/wp-content/plugins/mapster-wp-maps/admin/js/admin.js

Script Paths

/wp-content/plugins/mapster-wp-maps/js/scripts.js/wp-content/plugins/mapster-wp-maps/assets/js/mapster.js/wp-content/plugins/mapster-wp-maps/admin/js/admin.js

Version Parameters

mapster-wp-maps/css/styles.css?ver=mapster-wp-maps/js/scripts.js?ver=mapster-wp-maps/assets/css/mapster.css?ver=mapster-wp-maps/assets/js/mapster.js?ver=mapster-wp-maps/admin/css/admin.css?ver=mapster-wp-maps/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

mapster-map-wrappermapster-canvasmapster-info-windowmapster-marker

HTML Comments

Data Attributes

data-mapster-iddata-mapster-latdata-mapster-lngdata-mapster-zoom

JS Globals

mapsterMapsMapster

REST Endpoints

/wp-json/mapster-wp-maps/v1/maps

Shortcode Output

[mapster_map id=

FAQ

Mapster WP Maps Security & Risk Analysis

Is Mapster WP Maps Safe to Use in 2026?

Generally Safe

Key Concerns

Mapster WP Maps Security Vulnerabilities

CVEs by Year

Severity Breakdown

Mapster WP Maps Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Mapster WP Maps Attack Surface

AJAX Handlers 24

REST API Routes 8

Shortcodes 2

Scheduled Events 1

Mapster WP Maps Maintenance & Trust

Maintenance Signals

Community Trust

Mapster WP Maps Alternatives

WP Mapbox GL JS Maps

Open User Map

SimpleMaps

Interactive US Map

Embed Webmap

Mapster WP Maps Developer Profile

How We Detect Mapster WP Maps

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Mapster WP Maps