WP-Safety

MapSVG – Vector maps, Image maps, Google Maps Security & Risk Analysis

wordpress.org/plugins/mapsvg-lite-interactive-vector-maps

Create interactive vector maps, floor plans, and image maps. Support for Google Maps integration, custom markers, tooltips, and popups.

1K active installs v8.10.1 PHP 7.4+ WP 5.0+ Updated Mar 2, 2026
floorplangoogle-mapsimage-mapmapstore-locator
89
A · Safe
CVEs total7
Unpatched0
Last CVEDec 24, 2025
Plugin page Download
Safety Verdict

Is MapSVG – Vector maps, Image maps, Google Maps Safe to Use in 2026?

Generally Safe

Score 89/100

MapSVG – Vector maps, Image maps, Google Maps has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Dec 24, 2025Updated 1mo ago
Risk Assessment

The plugin "mapsvg-lite-interactive-vector-maps" v8.10.1 presents a mixed security posture. While it demonstrates good practices in output escaping and a significant portion of SQL queries utilizing prepared statements, several concerning factors are evident. The static analysis highlights a notable attack surface with one unprotected REST API route, indicating a potential entry point for unauthenticated attackers. Furthermore, the presence of a dangerous function like `unserialize` warrants careful scrutiny, as improper handling of serialized data can lead to remote code execution vulnerabilities. The taint analysis, though limited in scope, reveals flows with unsanitized paths, which could be exploited if not thoroughly addressed. The vulnerability history is particularly concerning, with a significant number of past CVEs including high-severity issues like Unrestricted File Upload, Cross-Site Scripting, Code Injection, Missing Authorization, and CSRF. While there are currently no unpatched CVEs, the recurring nature of these vulnerability types suggests potential systemic weaknesses in input validation and authorization mechanisms that could resurface.

Key Concerns

  • Unprotected REST API route
  • Dangerous function: unserialize
  • Flows with unsanitized paths
  • History of High severity CVEs (2)
  • History of Medium severity CVEs (5)
  • Lack of Nonce checks
Vulnerabilities
7

MapSVG – Vector maps, Image maps, Google Maps Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
6 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
5

7 total CVEs

CVE-2025-68562high · 8.8Unrestricted Upload of File with Dangerous Type

MapSVG <= 8.7.3 - Authenticated (Contributor+) Arbitrary File Upload

Dec 24, 2025 Patched in 8.7.4 (14d)
CVE-2025-62930medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MapSVG <= 8.7.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 6, 2025 Patched in 8.7.23 (59d)
CVE-2025-48120medium · 6.5Improper Control of Generation of Code ('Code Injection')

MapSVG Lite <= 8.6.9 - Unauthenticated Arbitrary Shortcode Execution

May 16, 2025 Patched in 8.6.10 (28d)
CVE-2025-32682high · 8.8Unrestricted Upload of File with Dangerous Type

MapSVG Lite <= 8.6.4 - Authenticated (Contributor+) Arbitrary File Upload

Apr 15, 2025 Patched in 8.6.5 (59d)
CVE-2025-32683medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MapSVG Lite <= 8.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 9, 2025 Patched in 8.6.7 (65d)
CVE-2025-32684medium · 4.3Missing Authorization

MapSVG Lite <= 8.6.4 - Missing Authorization

Apr 9, 2025 Patched in 8.6.5 (65d)
CVE-2019-1000003medium · 6.1Cross-Site Request Forgery (CSRF)

MapSVG Lite < 3.3.0 - Cross-Site Request Forgery

Jan 8, 2019 Patched in 3.3.0 (1841d)
Code Analysis
Analyzed Mar 16, 2026

MapSVG – Vector maps, Image maps, Google Maps Code Analysis

Dangerous Functions
1
Raw SQL Queries
58
42 prepared
Unescaped Output
10
80 escaped
Nonce Checks
0
Capability Checks
40
File Operations
5
External Requests
1
Bundled Libraries
3

Dangerous Functions Found

unserializeif (@unserialize($serialized_string) !== true && preg_match('/^[aOs]:/', $serialized_string)) {php\Domain\Map\MapsRepository.php:275

Bundled Libraries

TinyMCESelect2Guzzle

SQL Query Safety

42% prepared100 total queries

Output Escaping

89% escaped90 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
run (php\Router.php:24)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

MapSVG – Vector maps, Image maps, Google Maps Attack Surface

Entry Points2
Unprotected1

REST API Routes 1

GET/wp-json/mapsvg/v1/postsphp\Router.php:392

Shortcodes 1

[mapsvg] php\Front\Front.php:145
WordPress Hooks 35
actionadmin_menumapsvg.php:151
actionadmin_menuphp\Admin\Admin.php:21
actionadmin_enqueue_scriptsphp\Admin\Admin.php:22
filtertheme_page_templatesphp\Domain\Shortcode\ShortcodeHandler.php:39
filtertemplate_includephp\Domain\Shortcode\ShortcodeHandler.php:47
filterblank_slate_templatesphp\Domain\Shortcode\ShortcodeHandler.php:116
actionplugins_loadedphp\Domain\Shortcode\ShortcodeHandler.php:127
actiontemplate_redirectphp\Domain\Shortcode\ShortcodeHandler.php:162
actiontemplate_redirectphp\Domain\Shortcode\ShortcodeHandler.php:183
filtershortcode_atts_wpcf7php\Domain\Shortcode\ShortcodeHandler.php:195
filterthe_postsphp\Domain\Shortcode\ShortcodePage.php:34
filterscript_loader_tagphp\Front\Front.php:98
filterlitespeed_optimize_js_excludesphp\Front\Front.php:103
filterlitespeed_optm_js_defer_excphp\Front\Front.php:104
filterlitespeed_optm_gm_js_excphp\Front\Front.php:105
actioninitphp\Migrate\Migrations\8.6.10.php:10
actioninitphp\Migrate\Migrations\8.6.13.php:10
actioninitphp\Migrate\Migrations\8.6.7.php:28
actioncurrent_screenphp\PostEditorMapLoader\PostEditorMapLoader.php:55
actionadmin_enqueue_scriptsphp\PostEditorMapLoader\PostEditorMapLoader.php:63
actionadmin_enqueue_scriptsphp\PostEditorMapLoader\PostEditorMapLoader.php:66
actionadd_meta_boxesphp\PostEditorMapLoader\PostEditorMapLoader.php:67
actionsave_postphp\PostEditorMapLoader\PostEditorMapLoader.php:68
filtermce_external_pluginsphp\PostEditorMapLoader\PostEditorMapLoader.php:193
filtermce_buttonsphp\PostEditorMapLoader\PostEditorMapLoader.php:194
actionadd_meta_boxesphp\PostEditorMapLoader\PostEditorMapLoader.php:242
actionsave_postphp\PostEditorMapLoader\PostEditorMapLoader.php:243
actioninitphp\Router.php:28
actioninitphp\Router.php:29
filterquery_varsphp\Router.php:32
actionparse_requestphp\Router.php:35
actioninitphp\Router.php:51
actionparse_requestphp\Router.php:56
actionrest_api_initphp\Router.php:58
filterrest_pre_serve_requestphp\Router.php:92
Maintenance & Trust

MapSVG – Vector maps, Image maps, Google Maps Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 2, 2026
PHP min version7.4
Downloads59K

Community Trust

Rating88/100
Number of ratings27
Active installs1K
Alternatives

MapSVG – Vector maps, Image maps, Google Maps Alternatives

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

wp-google-map-plugin

A
88

WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.

60K 20 CVEs
WP Store Locator

WP Store Locator

wp-store-locator

A
98

An easy to use location management system that enables users to search for nearby physical stores.

50K 1 CVE
MapPress Maps for WordPress

MapPress Maps for WordPress

mappress-google-maps-for-wordpress

A
94

MapPress is the easiest way to add unlimited interactive Google and Leaflet maps to WordPress.

30K 14 CVEs
Store Locator WordPress

Store Locator WordPress

agile-store-locator

A
89

Agile Store Locator is a premium store finder plugin designed to offer you immediate access to all the best stores in your local area.

10K 8 CVEs
Maps Plugin using Google Maps for WordPress – WP Google Map

Maps Plugin using Google Maps for WordPress – WP Google Map

gmap-embed

A
97

Google Map plugin for WordPress is very Simple, light-weight and Easy to use Google Custom Map with markers in Posts, Pages, Sidebar as shortcode.

10K 6 CVEs
Developer Profile

MapSVG – Vector maps, Image maps, Google Maps Developer Profile

RomanCode

1 plugin · 1K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
304 days
View full developer profile
Detection Fingerprints

How We Detect MapSVG – Vector maps, Image maps, Google Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mapsvg-lite-interactive-vector-maps/css/style.css/wp-content/plugins/mapsvg-lite-interactive-vector-maps/css/admin.css/wp-content/plugins/mapsvg-lite-interactive-vector-maps/js/script.js/wp-content/plugins/mapsvg-lite-interactive-vector-maps/js/admin.js
Script Paths
/wp-content/plugins/mapsvg-lite-interactive-vector-maps/js/script.js/wp-content/plugins/mapsvg-lite-interactive-vector-maps/js/admin.js
Version Parameters
mapsvg-lite-interactive-vector-maps/css/style.css?ver=mapsvg-lite-interactive-vector-maps/css/admin.css?ver=mapsvg-lite-interactive-vector-maps/js/script.js?ver=mapsvg-lite-interactive-vector-maps/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mapsvg-mapmapsvg-layers-listmapsvg-layermapsvg-region
HTML Comments
<!-- MapSVG Lite Admin Page --><!-- MapSVG plugin -->
Data Attributes
data-mapsvg-container
JS Globals
MapSVGAdmin
REST Endpoints
/wp-json/mapsvg/v1/maps
Shortcode Output
[mapsvg]
FAQ

Frequently Asked Questions about MapSVG – Vector maps, Image maps, Google Maps