Does Store Locator Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Store Locator Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Store Locator Widget compatible with WordPress 6.9.4?

According to WordPress.org data, Store Locator Widget 2025r6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Store Locator Widget updated?

Store Locator Widget was last updated on Nov 27, 2025. Frequent updates are generally a positive security signal.

What is Store Locator Widget's security score?

Store Locator Widget has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Store Locator Widget Security & Risk Analysis

wordpress.org/plugins/store-locator-widget

A fully featured store locator plugin that is incredibly quick and easy to configure, add locations and embed in your WordPress site.

400 active installs v2025r6 PHP + WP 3.0.1+ Updated Nov 27, 2025

google-mapslocatorstore-locatorstore-locator-softwarestore-locator-widget

A · Safe

CVEs total2

Unpatched0

Last CVEMar 27, 2025

Plugin page Download

Safety Verdict

Is Store Locator Widget Safe to Use in 2026?

Generally Safe

Score 99/100

Store Locator Widget has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 27, 2025Updated 4mo ago

Risk Assessment

The store-locator-widget plugin, version v2025r6, exhibits a generally good security posture due to its heavy reliance on prepared statements for SQL queries and 100% output escaping. The absence of external HTTP requests, file operations, and dangerous functions further bolsters its defense. The presence of nonces is also a positive indicator of security awareness.

However, the static analysis reveals two flows with unsanitized paths, both classified as high severity taint flows. While there are no unprotected AJAX handlers or REST API routes, these taint flows represent a significant concern that could lead to vulnerabilities if not properly addressed. The vulnerability history, despite having no currently unpatched CVEs, shows a past of medium severity vulnerabilities including Cross-Site Request Forgery and Cross-Site Scripting, indicating a need for continued vigilance and robust security practices.

In conclusion, while the plugin demonstrates strong foundational security practices in key areas, the identified high-severity taint flows and past vulnerability patterns suggest a risk that warrants careful attention. Addressing these specific code-level concerns and maintaining a proactive approach to security testing will be crucial for ensuring the long-term safety of sites using this plugin.

Key Concerns

High severity taint flows detected
Past medium severity vulnerabilities (CSRF, XSS)

Vulnerabilities

Store Locator Widget Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-30919medium · 6.1Cross-Site Request Forgery (CSRF)

Store Locator Widget <= 2025r2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Mar 27, 2025 Patched in 2025r3 (7d)

CVE-2024-13657medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Store Locator Widget <= 2025r1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 18, 2025 Patched in 2025r2 (9d)

Code Analysis

Analyzed Mar 16, 2026

Store Locator Widget Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared21 total queries

Output Escaping

100% escaped21 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

storelocatorwidget_process_storelocatorwidget_keys (functions.php:114)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Store Locator Widget Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[storelocatorwidget] store-locator-widget.php:18

WordPress Hooks 9

actionadmin_menustore-locator-widget.php:21

actionwp_storelocatorwidget_apistore-locator-widget.php:22

actionwp_google_gapistore-locator-widget.php:23

actionwp_mapbox_gapistore-locator-widget.php:24

actionwp_set_google_gapistore-locator-widget.php:25

actionwp_set_mapbox_gapistore-locator-widget.php:26

actionwp_set_storelocatorwidget_gapistore-locator-widget.php:27

actionadmin_post_storelocatorwidget_api_keysstore-locator-widget.php:30

filterscript_loader_tagstore-locator-widget.php:101

Maintenance & Trust

Store Locator Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 27, 2025

PHP min version

Downloads11K

Community Trust

Rating74/100

Number of ratings3

Active installs400

Alternatives

Store Locator Widget Alternatives

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters

wp-google-map-plugin

WordPress map plugin for Google Maps, OpenStreetMap & Mapbox with store locator, filterable listings & custom markers.

60K 21 CVEs

WP Store Locator

wp-store-locator

An easy to use location management system that enables users to search for nearby physical stores.

50K 1 CVE

MapPress Maps for WordPress

mappress-google-maps-for-wordpress

MapPress is the easiest way to add unlimited interactive Google and Leaflet maps to WordPress.

30K 14 CVEs

Store Locator WordPress

agile-store-locator

Agile Store Locator is a premium store finder plugin designed to offer you immediate access to all the best stores in your local area.

10K 8 CVEs

Maps Plugin using Google Maps for WordPress – WP Google Map

gmap-embed

Google Map plugin for WordPress is very Simple, light-weight and Easy to use Google Custom Map with markers in Posts, Pages, Sidebar as shortcode.

10K 6 CVEs

Developer Profile

Store Locator Widget Developer Profile

Store Locator Widgets

1 plugin · 400 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Store Locator Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/store-locator-widget/css/storelocatorwidget_styles.css/wp-content/plugins/store-locator-widget/css/semantic.css/wp-content/plugins/store-locator-widget/images/icon.png/wp-content/plugins/store-locator-widget/images/logo.png

Script Paths

//cdn.storelocatorwidgets.com/widget/mapbox-gl-live.js//cdn.storelocatorwidgets.com/widget/mapbox-gl-geocoder.js//cdn.storelocatorwidgets.com/widget/mapbox-gl.js//maps.googleapis.com/maps/api/js?key=//cdn.storelocatorwidgets.com/widget/widget.js//cdn.storelocatorwidgets.com/widget/algolia-autocomplete.js

HTML / DOM Fingerprints

CSS Classes

storelocatorwidget

Data Attributes

data-platform="Mapbox"data-platform="MapTiler"data-uid="

Shortcode Output

<div id="storelocatorwidget"Loading <a href="https://www.storelocatorwidgets.com">Store Locator Software</a>...

FAQ