Does Wander have any unpatched vulnerabilities?

No. All known vulnerabilities in Wander have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wander compatible with WordPress 4.9.29?

According to WordPress.org data, Wander 1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Wander compatible with PHP 5.6+?

Wander requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wander updated?

Wander was last updated on Mar 9, 2018. Frequent updates are generally a positive security signal.

What is Wander's security score?

Wander has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wander Security & Risk Analysis

wordpress.org/plugins/wander

A plugin to help travel bloggers to help share their current location, their travels, and the countries they've visited.

10 active installs v1.0 PHP 5.6+ WP 3.5.1+ Updated Mar 9, 2018

countries-maptraveltravel-blogtravel-bloggertravel-map

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Wander Safe to Use in 2026?

Generally Safe

Score 85/100

Wander has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "wander" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Crucially, all SQL queries are properly prepared, and all identified outputs are correctly escaped, mitigating common attack vectors like SQL injection and cross-site scripting (XSS).

The static analysis reveals a limited attack surface primarily composed of four shortcodes. However, the analysis indicates zero nonces and zero capability checks are implemented across all entry points. This is a significant concern, as it suggests that the shortcodes, and any functionality they expose, are likely unprotected against unauthorized access or manipulation, especially if they handle any user-supplied data or perform sensitive actions.

The plugin's vulnerability history is entirely clean, with no recorded CVEs. This suggests a low historical risk and potentially a conscientious development approach. However, the lack of nonces and capability checks in the current version represents a significant, exploitable weakness that could lead to future vulnerabilities if not addressed. Therefore, while the plugin has good foundational security practices, the absence of robust access controls is a critical area for improvement.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

Wander Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Wander Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped1 total outputs

Attack Surface

Wander Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[wander-gmap] Wander.php:19

[wander-map] Wander.php:20

[wander-list] Wander.php:22

[wander-location] Wander.php:23

WordPress Hooks 3

actionwp_enqueue_scriptsWander.php:13

actionwp_headWander.php:14

actionadmin_enqueue_scriptsWander.php:15

Maintenance & Trust

Wander Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMar 9, 2018

PHP min version5.6

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Wander Alternatives

MapGeo – Interactive Geo Maps

interactive-geo-maps

Create interactive vector maps of the world, continents, any country in the world and specific regions, including individual US state county maps.

40K 3 CVEs

Nomad World Map

nomad-world-map

Create your own custom travel map. Link locations on the map to blog posts and share your travel plans.

700 No CVEs

Polarsteps Integration

integrate-polarsteps

Wordpress Plugin to integrate Travel Data from Polarsteps within a widget.

200 No CVEs

Travelmap

travelmap

Generates a map of your travels in any post or page based on a list of places.

90 No CVEs

Treweler Map Builder

treweler-map-builder

100

The Treweler plugin is a multifunction map builder. Its purpose is to help you create an interactive map for your personal or business project.

80 No CVEs

Developer Profile

Wander Developer Profile

Ryder Damen

4 plugins · 50 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Wander

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wander/css/main.css/wp-content/plugins/wander/js/main.js/wp-content/plugins/wander/css/admin.css/wp-content/plugins/wander/js/admin.js

Script Paths

https://maps.googleapis.com/maps/api/js?key=AIzaSyBuU_0_uLMnFM-2oWod_fzC0atPZj7dHlU&libraries=places&callback=initAutocomplete

HTML / DOM Fingerprints

HTML Comments

This site uses the Wander plugin: Visit https://ryderdamen.com/projects/wander for more information.

Data Attributes

wander-gmapwander-mapwander-listwander-location

JS Globals

countriesVisitedOptionsinitAutocomplete

Shortcode Output

[wander-gmap][wander-map][wander-list][wander-location]

FAQ