WP-Safety

Stellar Places Security & Risk Analysis

wordpress.org/plugins/stellar-places

Easily create, manage and display locations in a way that makes sense.

100 active installs v1.3 PHP 5.6+ WP 5.2+ Updated Dec 13, 2020
geolocationlocationmapmapsplaces
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Stellar Places Safe to Use in 2026?

Generally Safe

Score 85/100

Stellar Places has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The stellar-places plugin v1.3 demonstrates a generally strong security posture, with several good practices evident in its code. The absence of known CVEs, a complete lack of raw SQL queries, and a high percentage of properly escaped output are commendable. Furthermore, the presence of nonce and capability checks suggests an effort to protect against common WordPress exploits. However, the static analysis reveals a significant concern regarding taint analysis, specifically 5 flows with unsanitized paths categorized as high severity. This indicates potential vulnerabilities where external data might be improperly handled, leading to security risks if not adequately sanitized before use. The single file operation also warrants careful scrutiny, as it could be a vector for unauthorized file manipulation if not strictly controlled. Despite the lack of historical vulnerabilities, the high severity taint flows represent a tangible risk that needs immediate attention and remediation. The plugin's strengths in other areas are overshadowed by this critical finding in its data handling practices, suggesting a need for a thorough review of its input validation and sanitization mechanisms.

Key Concerns

  • High severity taint flows with unsanitized paths
  • File operation present
Vulnerabilities
None known

Stellar Places Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Stellar Places Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
75 escaped
Nonce Checks
1
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped80 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
save_fields (includes\support\custom-icon.php:250)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Stellar Places Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[stellar_places_map] includes\init.php:70
WordPress Hooks 23
actionadmin_menuincludes\admin\settings-page.php:12
actionadmin_initincludes\admin\settings-page.php:13
filterthe_contentincludes\classes\content-prepender.php:22
actionwp_print_footer_scriptsincludes\classes\google-map.php:203
filterloop_startincludes\classes\loop-prepender.php:22
actionafter_setup_themeincludes\init.php:58
actioninitincludes\init.php:60
actioninitincludes\init.php:62
actioninitincludes\init.php:63
actioninitincludes\init.php:65
actioninitincludes\init.php:67
actioninitincludes\init.php:68
filterwidget_textincludes\init.php:73
filterstellar_places_descriptionincludes\init.php:76
filterscript_loader_srcincludes\init.php:79
actionsave_postincludes\meta-boxes\meta-box-controller.php:33
filterstellar_places_iconincludes\support\custom-icon.php:12
filterstellar_places_iconincludes\support\custom-icon.php:13
actionadmin_initincludes\support\custom-icon.php:21
actionadmin_initincludes\support\location.php:15
actionwpincludes\support\location.php:17
actioninitincludes\upgrades\1.0.2.php:11
actioninitincludes\upgrades\1.0.4.php:11
Maintenance & Trust

Stellar Places Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedDec 13, 2020
PHP min version5.6
Downloads10K

Community Trust

Rating100/100
Number of ratings6
Active installs100
Alternatives

Stellar Places Alternatives

Track Geolocation Of Users Using Contact Form 7

Track Geolocation Of Users Using Contact Form 7

track-geolocation-of-users-using-contact-form-7

A
100

Track Geolocation Of Users Using Contact Form 7 allows you to get geolocation information with their form submission.

800 1 CVE
Simple Location

Simple Location

simple-location

A
100

Adds geographic location and weather support to WordPress.

300 No CVEs
Simple Fields Map extension

Simple Fields Map extension

simple-fields-map-extension

A
85

Extension to Simple Fields that adds a field type for selecting a location on a Google Map.

100 No CVEs
Quick Maps

Quick Maps

quick-maps

A
100

The easiest Google Maps integration for your Wordpress website [quick-maps]Orlando, Florida[/quick-maps] - No Google API required.

40 No CVEs
BuddyPress Maps

BuddyPress Maps

buddypress-maps

A
85

BuddyPress Maps is a component that allows to find and display location markers on a Google Map.

10 No CVEs
Developer Profile

Stellar Places Developer Profile

Micah Wood

8 plugins · 12K total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Stellar Places

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stellar-places/assets/css/frontend.css/wp-content/plugins/stellar-places/assets/js/frontend.js
Script Paths
/wp-content/plugins/stellar-places/assets/js/frontend.js
Version Parameters
stellar-places/assets/css/frontend.css?ver=stellar-places/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
stellar-places-map-canvas
Data Attributes
data-stellar-places-map-auto-centerdata-stellar-places-map-auto-zoomdata-stellar-places-map-info-windowsdata-stellar-places-map-latdata-stellar-places-map-lngdata-stellar-places-map-locations+1 more
FAQ

Frequently Asked Questions about Stellar Places