Does Travel Rates based on geo location have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Travel Rates based on geo location compatible with WordPress 3.4.2?

According to WordPress.org data, Travel Rates based on geo location 1.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Travel Rates based on geo location updated?

Travel Rates based on geo location was last updated on Sep 12, 2012. Frequent updates are generally a positive security signal.

What is Travel Rates based on geo location's security score?

Travel Rates based on geo location has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Travel Rates based on geo location Security & Risk Analysis

wordpress.org/plugins/travel-rates-based-on-geo-location

This plugin gets the distance from the source and destination address with the google map api. and then apply the appropriate rate.

10 active installs v1.0 PHP + WP 3.4.1+ Updated Sep 12, 2012

geo-location-distance-and-ratesrates-calculator

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Travel Rates based on geo location Safe to Use in 2026?

Generally Safe

Score 85/100

Travel Rates based on geo location has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "travel-rates-based-on-geo-location" v1.0 plugin exhibits a concerning security posture, primarily due to significant gaps in authentication and output sanitization. While the plugin demonstrates good practice by using prepared statements for all SQL queries, this is overshadowed by critical vulnerabilities identified in the taint analysis. The presence of two high-severity taint flows with unsanitized paths indicates a strong possibility of injection vulnerabilities, allowing attackers to potentially manipulate data or execute arbitrary code. Furthermore, the lack of any nonce checks or capability checks on its AJAX handlers, coupled with 100% of its total outputs being unescaped, creates a direct path for Cross-Site Scripting (XSS) and other injection attacks. The plugin's vulnerability history is clean, which might suggest it has not been heavily targeted or reviewed previously, but this does not negate the immediate risks presented by the current code. In conclusion, despite the absence of known CVEs and the proper use of prepared SQL statements, the plugin's unprotected entry points, unescaped outputs, and critical taint flows present a substantial security risk that requires immediate attention.

Key Concerns

Unprotected AJAX handlers
High severity taint flows with unsanitized paths
Unescaped output
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Travel Rates based on geo location Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Travel Rates based on geo location Release Timeline

v1.0.1

vcommon.php

vgeo-ip.php

vjs

vreadme.txt

Code Analysis

Analyzed Mar 16, 2026

Travel Rates based on geo location Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

0% escaped1 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

get_distance_and_rates (geo-ip.php:27)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Travel Rates based on geo location Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 3

noprivwp_ajax_address-submitgeo-ip.php:21

authwp_ajax_address-submitgeo-ip.php:22

authwp_ajax_my_unique_actiongeo-ip.php:127

Shortcodes 1

[ratecalculator] common.php:18

WordPress Hooks 2

actionadmin_menugeo-ip.php:17

filterwidget_textgeo-ip.php:129

Maintenance & Trust

Travel Rates based on geo location Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedSep 12, 2012

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Travel Rates based on geo location Alternatives

eShipper Commerce

eshipper-commerce

Integrate your eCommerce platforms, automate shipping, and save on all carriers with eShipper.

100 1 CVE

Developer Profile

Travel Rates based on geo location Developer Profile

indiainfotech.com

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Travel Rates based on geo location

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/travel-rates-based-on-geo-location/js/ajax.js

HTML / DOM Fingerprints

CSS Classes

calc_containerrate_calculatorsource_addressdestination_address

Data Attributes

data-calc_response_codedata-total_distancedata-rate_per_kmdata-total_amount

JS Globals

RateCalc

REST Endpoints

/wp-json/travel-rates-based-on-geo-location/v1/calculate

Shortcode Output

<div class="calc_container" id="calc_container">
<form name="rate_calculator" id="rate_calculator" method="post" action="">
<table class="rate_calculator">
<tr><td>Source Address</td><td><input type="text" name="source_address" id="source_address" class="source_address"/></td></tr>
<tr><td>Destination Address</td><td><input type="text" name="destination_address" id="destination_address" class="destination_address"/></td></tr>
<tr><td colspan="2"><input type="button" name="calculate_rates" value="Calculate Pricing" onclick="get_distance_and_rates();"/></td></tr>
</table>
</form>
</div>

FAQ