Does TRAVELLING BLOGGER have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is TRAVELLING BLOGGER compatible with WordPress 3.2.1?

According to WordPress.org data, TRAVELLING BLOGGER 1.1 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is TRAVELLING BLOGGER updated?

TRAVELLING BLOGGER was last updated on Jan 22, 2012. Frequent updates are generally a positive security signal.

What is TRAVELLING BLOGGER's security score?

TRAVELLING BLOGGER has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TRAVELLING BLOGGER Security & Risk Analysis

wordpress.org/plugins/travelling-blogger

TRAVELLING BLOGGER allows you to mark the location of your posts and display them on a Google map.

10 active installs v1.1 PHP + WP 3.2+ Updated Jan 22, 2012

georsskmlmaptravel-blog

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TRAVELLING BLOGGER Safe to Use in 2026?

Generally Safe

Score 85/100

TRAVELLING BLOGGER has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The travelling-blogger plugin v1.0 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and includes a reasonable number of nonce and capability checks, significant concerns arise from its attack surface and output sanitization. The presence of two AJAX handlers without authentication checks presents a direct entry point for potential unauthorized actions. Furthermore, a substantial percentage of output (77%) is not properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities if the plugin handles user-supplied data in its output.

The taint analysis, while not revealing critical or high-severity vulnerabilities, shows a concerning number of flows with unsanitized paths. This indicates that data might be processed in ways that could be exploited if an attacker can influence the input. The complete absence of known CVEs is a positive sign, suggesting the plugin has not had publicly disclosed vulnerabilities. However, this should not lead to complacency, especially given the identified weaknesses in the code itself.

In conclusion, the plugin has some robust security foundations in its database interactions. However, the unprotected AJAX endpoints and the widespread lack of output escaping are significant weaknesses that require immediate attention. The vulnerability history is clean, but the static and taint analysis reveal potential vectors that could lead to future issues.

Key Concerns

AJAX handlers without auth checks
High percentage of unescaped output
Flows with unsanitized paths
Use of dangerous function create_function

Vulnerabilities

None known

TRAVELLING BLOGGER Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

TRAVELLING BLOGGER Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

TRAVELLING BLOGGER Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("TravellingBloggerWidget");')widget.php:146

SQL Query Safety

100% prepared16 total queries

Output Escaping

23% escaped70 total outputs

Data Flows · Security

6 unsanitized

Data Flow Analysis

11 flows6 with unsanitized paths

travelling_blogger_edit_location (admin_edit_location.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

TRAVELLING BLOGGER Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 3

authwp_ajax_travelling_blogger_new_locationajax.php:18

noprivwp_ajax_travelling_blogger_kmlkml.php:18

authwp_ajax_travelling_blogger_kmlkml.php:19

Shortcodes 2

[location_page] location_page.php:42

[location_mini_map] miniMap.php:19

WordPress Hooks 9

actionadmin_menuadmin_panel.php:19

actiondelete_postadmin_panel.php:24

actionrss2_itemfeed.php:24

actionatom_entryfeed.php:25

actionrss2_nsfeed.php:30

actionatom_nsfeed.php:31

actionadd_meta_boxespost_edit.php:19

actionsave_postpost_edit.php:64

actionwidgets_initwidget.php:146

Maintenance & Trust

TRAVELLING BLOGGER Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedJan 22, 2012

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

TRAVELLING BLOGGER Alternatives

OSM – OpenStreetMap

osm

Customize maps in your post, pages and widgets. GPX, KML and more. The easy way to map!

10K 9 CVEs

Flexible Map

wp-flexible-map

Embed Google Maps shortcodes in pages and posts, either by center coordinates or street address, or by URL to a Google Earth KML file.

7K 1 CVE

Nomad World Map

nomad-world-map

Create your own custom travel map. Link locations on the map to blog posts and share your travel plans.

700 No CVEs

Polarsteps Integration

integrate-polarsteps

Wordpress Plugin to integrate Travel Data from Polarsteps within a widget.

200 No CVEs

WP Flexible Map Options

wp-flexible-map-options

Provides an option page for the plugin WP Flexible Map to define the default values globally.

100 No CVEs

Developer Profile

TRAVELLING BLOGGER Developer Profile

maxime.rainville

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TRAVELLING BLOGGER

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/travelling-blogger/css/bootstrap.min.css/wp-content/plugins/travelling-blogger/css/bootstrap-datetimepicker.min.css/wp-content/plugins/travelling-blogger/js/bootstrap.min.js/wp-content/plugins/travelling-blogger/js/moment.min.js/wp-content/plugins/travelling-blogger/js/bootstrap-datetimepicker.min.js/wp-content/plugins/travelling-blogger/js/travelling-blogger.js

Script Paths

/wp-content/plugins/travelling-blogger/js/bootstrap.min.js/wp-content/plugins/travelling-blogger/js/moment.min.js/wp-content/plugins/travelling-blogger/js/bootstrap-datetimepicker.min.js/wp-content/plugins/travelling-blogger/js/travelling-blogger.js

Version Parameters

travelling-blogger/css/bootstrap.min.css?ver=travelling-blogger/css/bootstrap-datetimepicker.min.css?ver=travelling-blogger/js/bootstrap.min.js?ver=travelling-blogger/js/moment.min.js?ver=travelling-blogger/js/bootstrap-datetimepicker.min.js?ver=travelling-blogger/js/travelling-blogger.js?ver=

HTML / DOM Fingerprints

CSS Classes

travelling-blogger-maptb-location-field

HTML Comments

+5 more

Data Attributes

data-latitudedata-longitudedata-location-iddata-map-container

JS Globals

travellingBloggerMaptb_location_datatravellingBloggerMarker

REST Endpoints

/wp-json/travelling-blogger/v1/locations/wp-json/travelling-blogger/v1/locations/([0-9]+)

Shortcode Output

[travelling-blogger-map][travelling-blogger-locations]

FAQ