WP-Safety

Store Locator Plus® | Gravity Forms Locations Security & Risk Analysis

wordpress.org/plugins/slp-gravity-forms-locations

SLP Gravity Forms Locations is an add-on pack for Store Locator Plus that supports adding basic locations using Gravity Forms.

0 active installs v6.1.1 PHP + WP 6.0+ Updated Dec 29, 2022
data-tablesgoogle-mapsgravity-formsgravity-forms-integrationstore-locator-plus
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Store Locator Plus® | Gravity Forms Locations Safe to Use in 2026?

Generally Safe

Score 85/100

Store Locator Plus® | Gravity Forms Locations has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The 'slp-gravity-forms-locations' plugin, in version 6.1.1, exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has a high rate of properly escaped output. The absence of known CVEs and a clean vulnerability history suggest a generally well-maintained codebase in the past. However, significant concerns arise from its attack surface and code signals. The presence of a single AJAX handler without authentication checks represents a critical vulnerability point, potentially allowing unauthorized actions. Furthermore, the use of the 'create_function' dangerous function, while not directly exploitable without a specific vulnerability path, is a code smell that can lead to security issues in the future and is often a precursor to vulnerabilities. The plugin also includes the Freemius v1.0 library, which, depending on its age and patching status, could introduce its own risks if outdated.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function: create_function
  • Bundled outdated library: Freemius v1.0
Vulnerabilities
None known

Store Locator Plus® | Gravity Forms Locations Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Store Locator Plus® | Gravity Forms Locations Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
2 prepared
Unescaped Output
3
24 escaped
Nonce Checks
1
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

create_functioncreate_function(include\base\loader.php:13
create_functioncreate_function(include\base\loader.php:34

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared2 total queries

Output Escaping

89% escaped27 total outputs
Attack Surface
1 unprotected

Store Locator Plus® | Gravity Forms Locations Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_slp_get_form_datainclude\module\ajax\SLP_Gravity_Forms_Locations_Ajax.php:39
WordPress Hooks 24
actionadmin_noticesinclude\base\loader.php:11
actionadmin_noticesinclude\base\loader.php:32
filterwpcsl_admin_slugsinclude\module\admin\SLP_Gravity_Forms_Locations_Admin.php:75
actionadmin_enqueue_scriptsinclude\module\admin\SLP_Gravity_Forms_Locations_Admin.php:85
filterslp_get_text_stringinclude\module\text\SLP_Gravity_Forms_Locations_Text.php:17
filtergform_addon_navigationinclude\slp-gfl-gravityforms.php:9
filtergform_entry_infoinclude\slp-gfl-gravityforms.php:10
actiongform_entry_post_saveinclude\slp-gfl-gravityforms.php:12
actionslp_init_completeinclude\SLP_Gravity_Forms_Locations.php:178
actionslp_init_completeinclude\SLP_Gravity_Forms_Locations.php:180
filtermanage_edit-slp_gfl_mapping_columnsinclude\SLP_Gravity_Forms_Locations.php:364
actionmanage_slp_gfl_mapping_posts_custom_columninclude\SLP_Gravity_Forms_Locations.php:365
actionadd_meta_boxesinclude\SLP_Gravity_Forms_Locations.php:371
actionsave_postinclude\SLP_Gravity_Forms_Locations.php:372
filterconnect_urlslp-gravity-forms-locations.php:118
filterafter_skip_urlslp-gravity-forms-locations.php:119
filterafter_connect_urlslp-gravity-forms-locations.php:120
filterafter_pending_connect_urlslp-gravity-forms-locations.php:121
actionplugins_loadedslp-gravity-forms-locations.php:148
actionadmin_initslp-gravity-forms-locations.php:277
actionadmin_menuslp-gravity-forms-locations.php:278
actionuser_admin_menuslp-gravity-forms-locations.php:280
filterslp_get_addonslp-gravity-forms-locations.php:283
actiondmp_addpanelslp-gravity-forms-locations.php:289
Maintenance & Trust

Store Locator Plus® | Gravity Forms Locations Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedDec 29, 2022
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Store Locator Plus® | Gravity Forms Locations Alternatives

Store Locator Plus® | Extended Data Manager

Store Locator Plus® | Extended Data Manager

slp-extended-data-manager

A
85

SLP Extended Data Manager is an add-on pack for Store Locator Plus that lets admin manage the extended data settings.

10 No CVEs
WP Gravity Forms HubSpot

WP Gravity Forms HubSpot

gf-hubspot

A
96

Gravity Forms HubSpot Add-on sends Gravity Forms entries to HubSpot.

600 3 CVEs
WP Gravity Forms Keap/Infusionsoft

WP Gravity Forms Keap/Infusionsoft

gf-infusionsoft

A
96

Gravity Forms Keap/infusionsoft Add-on sends Gravity Forms entries to infusionsoft/Keap CRM.

300 3 CVEs
WP Gravity Forms Dynamics CRM

WP Gravity Forms Dynamics CRM

gf-dynamics-crm

A
98

Gravity Forms Dynamics CRM Add-on sends Gravity Forms entries to Dynamics CRM Online.

200 2 CVEs
WP Gravity Forms Zendesk

WP Gravity Forms Zendesk

gf-zendesk

A
98

Gravity Forms Zendesk Add-on sends Gravity Forms entries to Zendesk.

200 2 CVEs
Developer Profile

Store Locator Plus® | Gravity Forms Locations Developer Profile

DeBAAT

7 plugins · 6K total installs

90
trust score
Avg Security Score
86/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Store Locator Plus® | Gravity Forms Locations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/slp-gravity-forms-locations/css/slp-gfl.css/wp-content/plugins/slp-gravity-forms-locations/js/slp-gfl-admin.js/wp-content/plugins/slp-gravity-forms-locations/js/slp-gfl.js
Script Paths
/wp-content/plugins/slp-gravity-forms-locations/js/slp-gfl-admin.js/wp-content/plugins/slp-gravity-forms-locations/js/slp-gfl.js
Version Parameters
/wp-content/plugins/slp-gravity-forms-locations/css/slp-gfl.css?ver=/wp-content/plugins/slp-gravity-forms-locations/js/slp-gfl-admin.js?ver=/wp-content/plugins/slp-gravity-forms-locations/js/slp-gfl.js?ver=

HTML / DOM Fingerprints

CSS Classes
slp_gfl_admin_pageslp_gfl_admin_page_pricing
HTML Comments
<!-- DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THE `function_exists` CALL ABOVE TO PROPERLY WORK. --><!-- If the include/module/submodule/class.php file exists, load it. -->
JS Globals
SLP_GFL_FREEMIUS_IDSLP_GFL_SHORT_SLUGSLP_GFL_PREMIUM_SLUGSLP_GFL_ADMIN_PAGE_SLUGSLP_GFL_ADMIN_PAGE_SLUG_FRESLP_GFL_CLASS_PREFIX+5 more
FAQ

Frequently Asked Questions about Store Locator Plus® | Gravity Forms Locations