Does Pronamic Google Maps have any unpatched vulnerabilities?

No. All known vulnerabilities in Pronamic Google Maps have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pronamic Google Maps compatible with WordPress 6.8.5?

According to WordPress.org data, Pronamic Google Maps 2.4.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Pronamic Google Maps updated?

Pronamic Google Maps was last updated on Aug 25, 2025. Frequent updates are generally a positive security signal.

What is Pronamic Google Maps's security score?

Pronamic Google Maps has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pronamic Google Maps Security & Risk Analysis

wordpress.org/plugins/pronamic-google-maps

This plugin makes it easy to add Google Maps to your WordPress post, pages or other custom post types.

1K active installs v2.4.2 PHP + WP 3.0+ Updated Aug 25, 2025

geogeocodegoogle-mapspronamic

A · Safe

CVEs total2

Unpatched0

Last CVEAug 27, 2025

Plugin page Download

Safety Verdict

Is Pronamic Google Maps Safe to Use in 2026?

Generally Safe

Score 98/100

Pronamic Google Maps has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 27, 2025Updated 7mo ago

Risk Assessment

The pronamic-google-maps v2.4.2 plugin exhibits a generally good security posture with several strengths. Notably, all SQL queries are properly prepared, and the vast majority of output is correctly escaped, significantly mitigating common injection and XSS risks. The absence of dangerous functions, file operations, and bundled libraries is also positive. However, there are a few areas of concern. The presence of one unprotected AJAX handler presents a potential entry point for attackers if not properly secured at the application or server level. The plugin's history of two medium-severity CVEs, specifically related to Cross-Site Scripting, is a significant indicator that input sanitization and output escaping, despite the current high rate of proper escaping, may have been insufficient in past versions and warrants continued vigilance. While no current unpatched vulnerabilities are listed, the historical pattern suggests a recurring weakness in handling user-supplied data, which could be exploited if similar coding patterns persist.

Key Concerns

Unprotected AJAX handler found
Two historical medium CVEs for XSS

Vulnerabilities

Pronamic Google Maps Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-9352medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pronamic Google Maps <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 27, 2025 Patched in 2.4.2 (1d)

CVE-2024-56240medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pronamic Google Maps <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 2.3.3 (10d)

Code Analysis

Analyzed Mar 16, 2026

Pronamic Google Maps Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

148 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

95% escaped156 total outputs

Attack Surface

1 unprotected

Pronamic Google Maps Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 1

authwp_ajax_pgm_geocodeclasses\Pronamic\Google\Maps\Admin.php:26

Shortcodes 4

[googlemaps] classes\Pronamic\Google\Maps\Shortcodes.php:18

[google-maps] classes\Pronamic\Google\Maps\Shortcodes.php:20

[geo] classes\Pronamic\Google\Maps\Shortcodes.php:21

[googlemapsmashup] classes\Pronamic\Google\Maps\Shortcodes.php:22

WordPress Hooks 10

actionadmin_initclasses\Pronamic\Google\Maps\Admin.php:20

actionadmin_menuclasses\Pronamic\Google\Maps\Admin.php:22

actionsave_postclasses\Pronamic\Google\Maps\Admin.php:24

actionadmin_enqueue_scriptsclasses\Pronamic\Google\Maps\Admin.php:28

actionadd_meta_boxesclasses\Pronamic\Google\Maps\Admin.php:83

actioninitclasses\Pronamic\Google\Maps\Maps.php:82

actionparse_queryclasses\Pronamic\Google\Maps\Maps.php:84

actionsave_postclasses\Pronamic\Google\Maps\Plugin.php:21

actionadmin_initclasses\Pronamic\Google\Maps\Settings.php:23

actionwidgets_initclasses\Pronamic\Google\Maps\Widget.php:19

Maintenance & Trust

Pronamic Google Maps Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 25, 2025

PHP min version

Downloads170K

Community Trust

Rating96/100

Number of ratings34

Active installs1K

Alternatives

Pronamic Google Maps Alternatives

Basic Google Maps Placemarks

basic-google-maps-placemarks

Embeds a Google Map into your site and lets you add map markers with custom icons and information windows.

3K No CVEs

WP Job Manager Client-Side Geocoder

wp-job-manager-client-side-geocoder

Use client-side geocoding to overcome the OVER_QUERY_LIMIT ( failed to geocode a location ) issue when updating job's location

100 No CVEs

Oppso Maps

oppso-maps

Add a Google Map to your wordpress site! Oppso Maps creates a map shortcode to use in posts, pages or text widgets.

10 No CVEs

Store Locator for WordPress Posts

wp-post-store-locator

This is a wordpress store locator plugin for posts. We can setup stores for individual posts/products.

0 No CVEs

Geo Mashup

geo-mashup

Include Google and OpenStreetMap maps in posts and pages, and map posts, pages, and other objects on global maps. Make WordPress into a GeoCMS.

2K 6 CVEs

Developer Profile

Pronamic Google Maps Developer Profile

Pronamic

15 plugins · 5K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Pronamic Google Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pronamic-google-maps/js/admin.js/wp-content/plugins/pronamic-google-maps/css/admin.css

Script Paths

js/admin.js

HTML / DOM Fingerprints

CSS Classes

pronamic-google-maps-adminpronamic-google-maps-metaboxpronamic-google-maps-map

Data Attributes

data-pronamic-google-maps-activedata-pronamic-google-maps-latitudedata-pronamic-google-maps-longitudedata-pronamic-google-maps-map-typedata-pronamic-google-maps-zoomdata-pronamic-google-maps-title+2 more

JS Globals

pronamic_google_maps_settings

REST Endpoints

/wp-json/pronamic-google-maps/v1/geocode

Shortcode Output

[pronamic_google_maps

FAQ