WP-Safety

Nearby Locations Security & Risk Analysis

wordpress.org/plugins/nearby-locations

Add the ability to add locations to a map, based on category, in relation to a single location.

10 active installs v1.1.1 PHP 5.6+ WP 3.3+ Updated Sep 24, 2017
locationsmaps
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 7, 2025
Download
Safety Verdict

Is Nearby Locations Safe to Use in 2026?

Use With Caution

Score 63/100

Nearby Locations has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 7, 2025Updated 8yr ago
Risk Assessment

The 'nearby-locations' plugin v1.1.1 exhibits several concerning security practices, significantly outweighing its positive aspects. While it has no file operations or external HTTP requests, and a high percentage of output is escaped, these are overshadowed by critical vulnerabilities identified in static and taint analysis. The plugin lacks any capability or nonce checks on its entry points, making it highly susceptible to unauthorized actions. A large portion of its SQL queries are not prepared, creating a significant risk of SQL injection, especially given the history of SQL injection vulnerabilities in this plugin. The presence of unsanitized paths in taint analysis, coupled with multiple unprotected AJAX handlers, points to a high likelihood of exploitation.

Key Concerns

  • Unpatched CVE detected
  • Unprotected AJAX handlers
  • SQL queries not using prepared statements
  • High severity taint flows
  • Flows with unsanitized paths
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
1

Nearby Locations Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-32128medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Nearby Locations <= 1.1.1 - Authenticated (Administrator+) SQL Injection

Apr 7, 2025Unpatched
Code Analysis
Analyzed Mar 17, 2026

Nearby Locations Code Analysis

Dangerous Functions
0
Raw SQL Queries
12
0 prepared
Unescaped Output
14
58 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared12 total queries

Output Escaping

81% escaped72 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths
update_settings (admin\class-nearby-locations-admin.php:220)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Nearby Locations Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

noprivwp_ajax_nearby_locations_crudincludes\class-nearby-locations.php:176
authwp_ajax_nearby_locations_crudincludes\class-nearby-locations.php:177

Shortcodes 1

[nearby_locations] public\class-nearby-locations-public.php:91
WordPress Hooks 7
actionplugins_loadedincludes\class-nearby-locations.php:156
actionadmin_enqueue_scriptsincludes\class-nearby-locations.php:172
actionadmin_enqueue_scriptsincludes\class-nearby-locations.php:173
actionadmin_menuincludes\class-nearby-locations.php:175
actionwp_enqueue_scriptsincludes\class-nearby-locations.php:192
actionwp_enqueue_scriptsincludes\class-nearby-locations.php:193
actioninitincludes\class-nearby-locations.php:195
Maintenance & Trust

Nearby Locations Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedSep 24, 2017
PHP min version5.6
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Nearby Locations Alternatives

Store Locator for WordPress📍

Store Locator for WordPress📍

storelocator

A
100

Create a store locator for your website in minutes. Add all the store locations in google sheets and embed map on your website.

1K No CVEs
CM Map Locations – Visualize and share your locations in a few clicks

CM Map Locations – Visualize and share your locations in a few clicks

cm-map-locations

A
98

Display locations on an interactive map with Google Maps. Use as a store locator, showcase business locations, and improve navigation.

90 2 CVEs
Multi Location Marker

Multi Location Marker

add-multiple-marker

A
95

Multi Location Marker helps you add multiple map locations to a single map and display them on the frontend using a shortcode.

60 3 CVEs
Office Locator

Office Locator

office-locator

D
44

Looking for a reliable and easy-to-use office locator plugin to enhance your business website? Look no further! Our office locator plugin allows your &hellip;

30 2 unpatched
Wp Maps

Wp Maps

wp-maps

A
85

Integrate Google Maps easily in your site, no coding required. Use custom icons and colors for each location or route. Show unlimited maps.

30 No CVEs
Developer Profile

Nearby Locations Developer Profile

aaronfrey

1 plugin · 10 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Nearby Locations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nearby-locations/shared/css/nearby-locations-shared.css/wp-content/plugins/nearby-locations/admin/css/nearby-locations-admin.css/wp-content/plugins/nearby-locations/shared/js/nearby-locations-shared.js/wp-content/plugins/nearby-locations/admin/js/nearby-locations-admin.js
Script Paths
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.csshttps://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.jshttps://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.min.js
Version Parameters
nearby-locations-shared.css?ver=nearby-locations-admin.css?ver=nearby-locations-shared.js?ver=nearby-locations-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-toggledata-target
JS Globals
myVars
Shortcode Output
[nearby-locations-map][nearby-locations-search][nearby-locations-list]
FAQ

Frequently Asked Questions about Nearby Locations