WP-Safety

TripPlan Security & Risk Analysis

wordpress.org/plugins/tripplan

Create interactive travel experiences with maps, trip plans, and calculators. Boost engagement and SEO with our all-in-one travel toolkit.

10 active installs v2.1.1 PHP + WP 5.0+ Updated Apr 8, 2025
calculatoritinerarymapsplantravel
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 24, 2024
Plugin page Download
Safety Verdict

Is TripPlan Safe to Use in 2026?

Generally Safe

Score 99/100

TripPlan has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 24, 2024Updated 12mo ago
Risk Assessment

The tripplan v2.1.1 plugin exhibits a generally strong security posture, largely due to its adherence to common WordPress security best practices. The static analysis reveals a clean codebase with no detected dangerous functions, file operations, or external HTTP requests. Crucially, all SQL queries are prepared, and the vast majority of output is properly escaped, significantly mitigating risks of SQL injection and XSS. The presence of nonce and capability checks on entry points further strengthens its defense against unauthorized access and actions. The vulnerability history indicates only one past medium-severity CVE, which is now patched, suggesting responsible maintenance. However, the absence of taint analysis results is a limitation, as it means complex, multi-stage vulnerabilities might not have been detected by this specific analysis. While the current static analysis shows no immediate critical flaws, ongoing vigilance and comprehensive testing, including dynamic analysis, would be beneficial to ensure long-term security.

Key Concerns

  • Past medium CVE suggests potential for future issues
  • No taint analysis performed
Vulnerabilities
1

TripPlan Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-50471medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Trip Plan <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 2.0.0 (153d)
Code Analysis
Analyzed Mar 16, 2026

TripPlan Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
161 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

98% escaped165 total outputs
Attack Surface

TripPlan Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 1

authwp_ajax_tripplan_reset_settingsincludes\class-tripplan-admin.php:1004

Shortcodes 4

[tripplan_calculator] includes\class-tripplan-public.php:116
[tripplan_map] includes\class-tripplan-public.php:117
[tripplan_poi] includes\class-tripplan-public.php:118
[tripplan_plan] includes\class-tripplan-public.php:119
WordPress Hooks 10
actionenqueue_block_editor_assetsincludes\class-tripplan-admin.php:948
actionplugins_loadedincludes\class-tripplan.php:122
actionadmin_enqueue_scriptsincludes\class-tripplan.php:136
actionadmin_enqueue_scriptsincludes\class-tripplan.php:137
actionadmin_menuincludes\class-tripplan.php:140
actionadmin_initincludes\class-tripplan.php:143
actioninitincludes\class-tripplan.php:146
actionwp_enqueue_scriptsincludes\class-tripplan.php:160
actionwp_enqueue_scriptsincludes\class-tripplan.php:161
actioninitincludes\class-tripplan.php:164
Maintenance & Trust

TripPlan Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 8, 2025
PHP min version
Downloads4K

Community Trust

Rating70/100
Number of ratings2
Active installs10
Alternatives

TripPlan Alternatives

Interactive Image Map Plugin – Draw Attention

Interactive Image Map Plugin – Draw Attention

draw-attention

A
99

Create interactive images with clickable hotspots, using modern image maps for WordPress. Perfect for floor plans, infographics, maps, and more.

20K 2 CVEs
Vision – Interactive Image Map Builder

Vision – Interactive Image Map Builder

vision

A
98

Empower your site with interactive visuals! Our plugin seamlessly transforms static images into engaging media, enabling publishers and bloggers.

2K 3 CVEs
WooReer

WooReer

wcsdm

A
100

WooReer calculates shipping rates based on distance via Google Maps, Mapbox, DistanceMatrix.ai, Geoapify, or HERE.

2K No CVEs
MapSVG – Vector maps, Image maps, Google Maps

MapSVG – Vector maps, Image maps, Google Maps

mapsvg-lite-interactive-vector-maps

A
89

Create interactive vector maps, floor plans, and image maps. Support for Google Maps integration, custom markers, tooltips, and popups.

1K 7 CVEs
Tourfic Toolkit

Tourfic Toolkit

travelfic-toolkit

A
98

A companion plugin to the Travelfic and Ultimate Hotel Booking with which you can easily build your own Hotel, Accommodation, Tour & Travel Bookin &hellip;

1K 2 CVEs
Developer Profile

TripPlan Developer Profile

checklistcom

2 plugins · 410 total installs

66
trust score
Avg Security Score
81/100
Avg Patch Time
875 days
View full developer profile
Detection Fingerprints

How We Detect TripPlan

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tripplan/assets/css/tripplan-admin.css/wp-content/plugins/tripplan/assets/js/tripplan-admin.js
Script Paths
/wp-content/plugins/tripplan/assets/js/tripplan-admin.js
Version Parameters
tripplan-admin.css?ver=tripplan-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-public-keydata-mapbox-api-key
JS Globals
tripplanAdmin
FAQ

Frequently Asked Questions about TripPlan