Does Scribble Maps have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Scribble Maps compatible with WordPress 3.0.5?

According to WordPress.org data, Scribble Maps 1.0.7 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Scribble Maps updated?

Scribble Maps was last updated on Jan 5, 2011. Frequent updates are generally a positive security signal.

What is Scribble Maps's security score?

Scribble Maps has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Scribble Maps Security & Risk Analysis

wordpress.org/plugins/scribble-maps-kml-embed

Provides a WordPress interface for embedding Scribble Maps from ScribbleMaps.com or KML from a specified url.

30 active installs v1.0.7 PHP + WP 2.6+ Updated Jan 5, 2011

cloudmadegeogoogle-mapskmlkmz

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Scribble Maps Safe to Use in 2026?

Generally Safe

Score 85/100

Scribble Maps has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The 'scribble-maps-kml-embed' plugin v1.0.7 exhibits a mixed security posture. While the absence of known CVEs and the use of prepared statements for SQL queries are positive indicators, significant concerns arise from the static analysis. Specifically, the plugin fails to properly escape any of its output, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. This is further compounded by the presence of a taint flow with an unsanitized path, suggesting that user-supplied data might be processed in an insecure manner, potentially leading to code injection or other exploits.

The plugin's vulnerability history shows no recorded issues, which could indicate diligent development or simply a lack of past scrutiny. However, the static analysis findings, particularly the universal lack of output escaping and the identified unsanitized path, strongly suggest that the plugin is not as secure as its history might imply. The absence of a large attack surface through AJAX, REST API, or shortcodes is a strength, but it does not mitigate the critical risks identified in output handling and data sanitization. Therefore, immediate attention is required to address the unescaped output and the unsanitized taint flow to improve the plugin's security.

Key Concerns

All output is unescaped
Flow with unsanitized path found
No nonce checks implemented

Vulnerabilities

None known

Scribble Maps Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Scribble Maps Release Timeline

v1.0.7Current

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

Code Analysis

Analyzed Apr 16, 2026

Scribble Maps Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

0% escaped27 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

settings_page (SM-embed.php:584)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Scribble Maps Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionedit_form_advancedSM-embed.php:68

actionedit_page_formSM-embed.php:69

actionadmin_headSM-embed.php:73

actionwp_headSM-embed.php:82

actionwp_headSM-embed.php:83

actionwp_headSM-embed.php:84

actionwp_footerSM-embed.php:85

filtermedia_buttons_contextSM-embed.php:103

filtertiny_mce_versionSM-embed.php:1125

filtermce_external_pluginsSM-embed.php:1126

filtermce_buttonsSM-embed.php:1127

Maintenance & Trust

Scribble Maps Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedJan 5, 2011

PHP min version

Downloads4K

Community Trust

Rating50/100

Number of ratings2

Active installs30

Alternatives

Scribble Maps Alternatives

Flexible Map

wp-flexible-map

Embed Google Maps shortcodes in pages and posts, either by center coordinates or street address, or by URL to a Google Earth KML file.

7K 1 CVE

Basic Google Maps Placemarks

basic-google-maps-placemarks

Embeds a Google Map into your site and lets you add map markers with custom icons and information windows.

3K 1 CVE

Geo Mashup

geo-mashup

Include Google and OpenStreetMap maps in posts and pages, and map posts, pages, and other objects on global maps. Make WordPress into a GeoCMS.

2K 10 CVEs

Pronamic Google Maps

pronamic-google-maps

This plugin makes it easy to add Google Maps to your WordPress post, pages or other custom post types.

1K 2 CVEs

Track Geolocation Of Users Using Contact Form 7

track-geolocation-of-users-using-contact-form-7

100

Track Geolocation Of Users Using Contact Form 7 allows you to get geolocation information with their form submission.

900 1 CVE

Developer Profile

Scribble Maps Developer Profile

scribblemaps

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Scribble Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/scribble-maps-kml-embed/js/kfe.js/wp-content/plugins/scribble-maps-kml-embed/js/swfobject.js/wp-content/plugins/scribble-maps-kml-embed/img/logo13x13.png

Version Parameters

scribble-maps-kml-embed/js/kfe.js?ver=scribble-maps-kml-embed/js/swfobject.js?ver=

HTML / DOM Fingerprints

CSS Classes

flashmovie

Data Attributes

id="add_scribblemap"onclick="Kimili.Flash.embed.apply(Kimili.Flash); return false;"

JS Globals

Kimili.Flash.embed

Shortcode Output

[ScribbleMap]

FAQ