Does Nomad World Map have any unpatched vulnerabilities?

No. All known vulnerabilities in Nomad World Map have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Nomad World Map compatible with WordPress 4.6.30?

According to WordPress.org data, Nomad World Map 1.3.1 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Nomad World Map updated?

Nomad World Map was last updated on Aug 30, 2016. Frequent updates are generally a positive security signal.

What is Nomad World Map's security score?

Nomad World Map has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Nomad World Map Security & Risk Analysis

wordpress.org/plugins/nomad-world-map

Create your own custom travel map. Link locations on the map to blog posts and share your travel plans.

700 active installs v1.3.1 PHP + WP 3.5+ Updated Aug 30, 2016

google-mapsroutetraveltravel-blogtrip

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Nomad World Map Safe to Use in 2026?

Generally Safe

Score 85/100

Nomad World Map has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "nomad-world-map" plugin v1.3.1 exhibits a generally good security posture, with a robust implementation of WordPress security best practices such as nonce and capability checks across all identified entry points. The absence of known CVEs and historical vulnerabilities further bolsters confidence in its security track record. However, the static analysis reveals some areas that warrant attention.

The presence of the `create_function` function is a notable concern, as it is considered deprecated and can lead to security vulnerabilities if not handled with extreme care, potentially allowing for arbitrary code execution. Additionally, the taint analysis highlights three high-severity flows with unsanitized paths. While the exact nature of these flows is not detailed, this indicates potential pathways for attackers to inject malicious data that is not properly validated or sanitized before being used, which could lead to various exploits depending on the context.

Despite these identified risks, the plugin demonstrates strengths in its limited attack surface, especially with no unprotected AJAX handlers or REST API routes. The majority of SQL queries utilize prepared statements and a significant portion of output is properly escaped. The vulnerability history being clear is a positive indicator of past development practices. Overall, while the plugin benefits from a clean security history and good implementation of core WordPress security features, the specific findings from static analysis regarding `create_function` and high-severity unsanitized paths require investigation and remediation to ensure its continued security.

Key Concerns

High severity unsanitized paths found in taint analysis
Use of dangerous function 'create_function'

Vulnerabilities

None known

Nomad World Map Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Nomad World Map Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

125 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functioncreate_function( '', 'return register_widget( "NWM_Widget" );' )includes\nwm-widget-class.php:327

SQL Query Safety

67% prepared39 total queries

Output Escaping

68% escaped183 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths

nwm_manage_maps (admin\nwm-manage-maps.php:5)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Nomad World Map Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 7

authwp_ajax_save_locationadmin\nwm-admin-functions.php:7

authwp_ajax_delete_locationadmin\nwm-admin-functions.php:8

authwp_ajax_update_locationadmin\nwm-admin-functions.php:9

authwp_ajax_update_orderadmin\nwm-admin-functions.php:10

authwp_ajax_load_contentadmin\nwm-admin-functions.php:11

authwp_ajax_load_mapadmin\nwm-admin-functions.php:12

authwp_ajax_find_post_titleadmin\nwm-admin-functions.php:13

Shortcodes 2

[nwm_list] includes\nwm-frontend-functions.php:4

[nwm_map] includes\nwm-frontend-functions.php:5

WordPress Hooks 10

actioninitadmin\nwm-admin-functions.php:4

actionadmin_initadmin\nwm-admin-functions.php:5

actionadmin_menuadmin\nwm-admin-functions.php:6

actionsave_postadmin\nwm-admin-functions.php:14

filterwp_loadedadmin\nwm-admin-functions.php:15

actiondelete_postadmin\nwm-admin-functions.php:25

actionadmin_noticesadmin\nwm-admin-functions.php:1165

actionwidgets_initincludes\nwm-widget-class.php:326

filterwp_loadednomad-world-map.php:42

actionadmin_enqueue_scriptsnomad-world-map.php:57

Maintenance & Trust

Nomad World Map Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedAug 30, 2016

PHP min version

Downloads41K

Community Trust

Rating94/100

Number of ratings50

Active installs700

Alternatives

Nomad World Map Alternatives

Travelmap

travelmap

Generates a map of your travels in any post or page based on a list of places.

90 No CVEs

CodePeople Post Map for Google Maps

codepeople-post-map

100

CodePeople Post Map lets you geotag posts and seamlessly integrate your blog with Google Maps for a smooth, location-aware experience.

4K 1 CVE

Car Route Planner Plugin

car-route-planner

Route planner for car travelers. Calculator of various values for route, such as length, driving time, fuel amount and cost, customized cost.

400 No CVEs

Polarsteps Integration

integrate-polarsteps

Wordpress Plugin to integrate Travel Data from Polarsteps within a widget.

200 No CVEs

MK Google Directions

google-distance-calculator

Enable use of Google Directions in your WordPress blog.

100 1 CVE

Developer Profile

Nomad World Map Developer Profile

worldnomadmap

1 plugin · 700 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Nomad World Map

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/nomad-world-map/css/nwm-frontend.css/wp-content/plugins/nomad-world-map/css/nwm-admin.css/wp-content/plugins/nomad-world-map/js/nwm-frontend.js/wp-content/plugins/nomad-world-map/js/nwm-admin.js

Script Paths

/wp-content/plugins/nomad-world-map/js/nwm-frontend.js/wp-content/plugins/nomad-world-map/js/nwm-admin.js

Version Parameters

nomad-world-map/css/nwm-frontend.css?ver=nomad-world-map/css/nwm-admin.css?ver=nomad-world-map/js/nwm-frontend.js?ver=nomad-world-map/js/nwm-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

nwm-map-canvasnwm-location-marker

HTML Comments

Data Attributes

data-map-iddata-location-id

JS Globals

nwm_frontend_optionsnwm_admin_options

REST Endpoints

/wp-json/nwm/v1/locations/wp-json/nwm/v1/map

Shortcode Output

[nwm_map][nwm_route]

FAQ