Does Mapthread have any unpatched vulnerabilities?

No. All known vulnerabilities in Mapthread have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mapthread compatible with WordPress 6.9.4?

According to WordPress.org data, Mapthread 1.6.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Mapthread compatible with PHP 7.4+?

Mapthread requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mapthread updated?

Mapthread was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Mapthread's security score?

Mapthread has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mapthread Security & Risk Analysis

wordpress.org/plugins/mapthread

Transform your travel stories into interactive map experiences. Upload GPX files, place markers, watch the map follow as readers scroll.

0 active installs v1.6.1 PHP 7.4+ WP 6.0+ Updated Feb 25, 2026

gpxhikingmaproutetravel

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Mapthread Safe to Use in 2026?

Generally Safe

Score 100/100

Mapthread has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "mapthread" v1.6.1 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any recorded vulnerabilities or CVEs in its history is a significant positive indicator. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. Furthermore, its attack surface is remarkably small, with no unprotected entry points identified in AJAX handlers, REST API routes, shortcodes, or cron events.

However, a few areas warrant attention. The lack of nonce checks, even with the limited number of entry points, is a concern, as it could potentially be exploited if an attacker can trick a user into triggering an action. The presence of file operations and external HTTP requests, while not explicitly flagged as problematic in the taint analysis (which found no unsanitized paths), inherently introduces potential risks. These operations should be meticulously reviewed to ensure they are not susceptible to path traversal or SSRF vulnerabilities.

In conclusion, "mapthread" v1.6.1 is a relatively secure plugin, primarily due to its minimal attack surface and sound handling of SQL and output escaping. The primary area for improvement and potential risk lies in the absence of nonce checks and the careful scrutiny of its file and HTTP request operations to ensure complete robustness against potential exploits.

Key Concerns

Missing nonce checks
Presence of file operations
Presence of external HTTP requests

Vulnerabilities

None known

Mapthread Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Mapthread Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped26 total outputs

Attack Surface

Mapthread Attack Surface

Entry Points1

Unprotected0

REST API Routes 1

POST/wp-json/mapthread/v1/elevationincludes\class-mapthread-elevation-api.php:32

WordPress Hooks 12

actionrest_api_initincludes\class-mapthread-elevation-api.php:25

actionadmin_menuincludes\class-mapthread-settings.php:106

actionadmin_initincludes\class-mapthread-settings.php:107

actionadmin_enqueue_scriptsincludes\class-mapthread-settings.php:108

actioninitincludes\class-mapthread.php:40

actionwp_enqueue_scriptsincludes\class-mapthread.php:43

actionenqueue_block_editor_assetsincludes\class-mapthread.php:46

filterbody_classincludes\class-mapthread.php:49

filterupload_mimesincludes\class-mapthread.php:52

filterwp_check_filetype_and_extincludes\class-mapthread.php:53

filterplugin_row_metaincludes\class-mapthread.php:56

actionplugins_loadedmapthread.php:44

Maintenance & Trust

Mapthread Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.4

Downloads184

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Mapthread Alternatives

Nomad World Map

nomad-world-map

Create your own custom travel map. Link locations on the map to blog posts and share your travel plans.

700 No CVEs

LogMyTrip

logmytrip

Viewing your posts as a route plotted on a Google map is simple with this plugin. Just add the shortcode [logmytripmap] to a page to see the map.

40 No CVEs

WP Trip Summary

wp-trip-summary

A WordPress trip summary plugin to help travel bloggers manage and display structured information about their train rides and biking or hiking trips.

20 No CVEs

My Hitchhiking Spot Travel Map (MHS Travel Map)

mhs-travel-map

Create your travel map with use of google maps and import backups from the Android app My Hitchhiking Spots

10 No CVEs

Posts on a map

posts-on-a-map

Add a custom field for GPS coordinates in the post editor and show a map under under the content of the post.

10 No CVEs

Developer Profile

Mapthread Developer Profile

David

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Mapthread

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mapthread/includes/js/mapthread-settings.js

Script Paths