WP-Safety

Geo2 Maps Add-on for NextGEN Gallery Security & Risk Analysis

wordpress.org/plugins/nextgen-gallery-geo

NGG Geo2 Maps Add-on displays maps with photos, galleries, or albums using EXIF GPS data or geocoding. Requires NextGEN Gallery.

90 active installs v2.1.6 PHP 7.2.0+ WP 3.0.1+ Updated Feb 10, 2026
gallerygpsmapnextgenphotos
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Geo2 Maps Add-on for NextGEN Gallery Safe to Use in 2026?

Generally Safe

Score 100/100

Geo2 Maps Add-on for NextGEN Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The security posture of nextgen-gallery-geo v2.1.6 shows a mixed bag of good practices alongside some notable concerns. On the positive side, the plugin demonstrates strong adherence to secure coding practices with a high percentage of SQL queries using prepared statements and a majority of output being properly escaped. The absence of dangerous functions and known vulnerabilities in its history is also encouraging, suggesting a generally well-maintained codebase. However, the presence of three unprotected entry points, specifically two AJAX handlers and one REST API route without proper authorization checks, presents a significant risk. Additionally, the taint analysis, while limited in scope, revealed flows with unsanitized paths, indicating potential for path traversal or file inclusion vulnerabilities if these paths are user-controlled. The large number of file operations also warrants attention as it can increase the attack surface. Overall, while the plugin benefits from secure defaults in many areas, the identified unprotected entry points and potential path sanitization issues require immediate attention to mitigate potential exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API route
  • Flows with unsanitized paths
  • High number of file operations
Vulnerabilities
None known

Geo2 Maps Add-on for NextGEN Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Geo2 Maps Add-on for NextGEN Gallery Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
24 prepared
Unescaped Output
21
98 escaped
Nonce Checks
4
Capability Checks
4
File Operations
9
External Requests
6
Bundled Libraries
0

SQL Query Safety

89% prepared27 total queries

Output Escaping

82% escaped119 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
geo2_maps_shortcodes_ajax (functions.php:2335)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Geo2 Maps Add-on for NextGEN Gallery Attack Surface

Entry Points8
Unprotected3

AJAX Handlers 6

authwp_ajax_geo2_maps_showmapfunctions.php:542
noprivwp_ajax_geo2_maps_showmapfunctions.php:544
authwp_ajax_geo2_maps_lightboxfunctions.php:549
noprivwp_ajax_geo2_maps_lightboxfunctions.php:550
authwp_ajax_geo2_maps_get_azure_maps_api_keyfunctions.php:553
noprivwp_ajax_geo2_maps_get_azure_maps_api_keyfunctions.php:555

REST API Routes 1

GET/wp-json/geo2-proxy/v1/get-data/functions.php:561

Shortcodes 1

[geo2] functions.php:2240
WordPress Hooks 17
actionadmin_noticesadministration.php:33
actionplugins_loadedadministration.php:73
actionadmin_noticesadministration.php:85
actionadmin_menuadministration.php:98
actionadmin_initadministration.php:102
actionadmin_enqueue_scriptsadministration.php:168
actionadmin_print_footer_scriptsadministration.php:210
actionadmin_print_footer_scriptsadministration.php:213
actionadmin_enqueue_scriptsadministration.php:307
actionadmin_print_footer_scriptsadministration.php:332
actionwp_headfunctions.php:31
filterscript_loader_tagfunctions.php:59
actioninitfunctions.php:112
filterload_textdomain_mofilefunctions.php:464
actioninitfunctions.php:488
actionrest_api_initfunctions.php:558
filterthe_contentfunctions.php:2452
Maintenance & Trust

Geo2 Maps Add-on for NextGEN Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 10, 2026
PHP min version7.2.0
Downloads25K

Community Trust

Rating66/100
Number of ratings12
Active installs90
Alternatives

Geo2 Maps Add-on for NextGEN Gallery Alternatives

Google Maps Photo Gallery

Google Maps Photo Gallery

google-maps-photo-gallery

A
85

The shortcode for gallery on Google Maps with geotagged photos.

80 No CVEs
Leaflet Maps Marker Image Extension

Leaflet Maps Marker Image Extension

image-marker

A
85

Extension to Leaflet Maps Marker to make markers from images.

10 No CVEs
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

A
98

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs
WPZOOM Social Feed Widget & Block

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

A
99

Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor

60K 1 CVE
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

easy-facebook-likebox

A
96

Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.

30K 10 CVEs
Developer Profile

Geo2 Maps Add-on for NextGEN Gallery Developer Profile

Pawel

2 plugins · 90 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Geo2 Maps Add-on for NextGEN Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nextgen-gallery-geo/css/geo2.css/wp-content/plugins/nextgen-gallery-geo/css/map.css/wp-content/plugins/nextgen-gallery-geo/css/lightbox.css/wp-content/plugins/nextgen-gallery-geo/js/jquery.fancybox.min.js/wp-content/plugins/nextgen-gallery-geo/js/jquery.slimbox2.min.js/wp-content/plugins/nextgen-gallery-geo/js/geo2.js/wp-content/plugins/nextgen-gallery-geo/js/map.js
Script Paths
/wp-content/plugins/nextgen-gallery-geo/js/jquery.fancybox.min.js/wp-content/plugins/nextgen-gallery-geo/js/jquery.slimbox2.min.js/wp-content/plugins/nextgen-gallery-geo/js/geo2.js/wp-content/plugins/nextgen-gallery-geo/js/map.js
Version Parameters
nextgen-gallery-geo/css/geo2.css?ver=nextgen-gallery-geo/css/map.css?ver=nextgen-gallery-geo/css/lightbox.css?ver=nextgen-gallery-geo/js/jquery.fancybox.min.js?ver=nextgen-gallery-geo/js/jquery.slimbox2.min.js?ver=nextgen-gallery-geo/js/geo2.js?ver=nextgen-gallery-geo/js/map.js?ver=

HTML / DOM Fingerprints

CSS Classes
geo2-map-containergeo2-map-canvas
HTML Comments
<!-- Geo2 Maps Add-on for NextGEN Gallery --><!-- HERE BEGINS THE DIV TO BE SEARCHED BY THE GEOTAG FUNCTION. -->
Data Attributes
data-geo2-mapdata-geo2-map-providerdata-geo2-map-latdata-geo2-map-lngdata-geo2-map-zoomdata-geo2-map-height+2 more
JS Globals
geo2_maps_settingsgeo2_maps_data
Shortcode Output
[geo2_map][geo2_map_gallery][geo2_map_album]
FAQ

Frequently Asked Questions about Geo2 Maps Add-on for NextGEN Gallery