Does Web Maps for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Web Maps for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Web Maps for WordPress compatible with WordPress 5.9.13?

According to WordPress.org data, Web Maps for WordPress 1.5 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Web Maps for WordPress updated?

Web Maps for WordPress was last updated on May 12, 2022. Frequent updates are generally a positive security signal.

What is Web Maps for WordPress's security score?

Web Maps for WordPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Web Maps for WordPress Security & Risk Analysis

wordpress.org/plugins/web-maps-for-wp

The Web Maps for WordPress plugin (aka. WebMaps for Wordpress) integrates the power of “where” into your pages and posts with interactive maps exposin …

200 active installs v1.5 PHP + WP 4.6+ Updated May 12, 2022

gismapmapsweb-mapswebmaps

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Web Maps for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

Web Maps for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "web-maps-for-wp" v1.5 plugin exhibits a generally positive security posture based on the provided static analysis. It demonstrates a commendable lack of dangerous functions, avoids raw SQL queries, and has no recorded vulnerabilities. The absence of file operations and external HTTP requests further contributes to a reduced attack surface. However, a significant concern arises from the complete lack of output escaping. With one total output detected and 0% properly escaped, this presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities if any user-supplied data is rendered directly to the browser without sanitization. Additionally, the absence of nonce checks and capability checks on the entry points, while currently not leading to exploitability due to the lack of direct authentication bypass vectors, still indicates a potential weakness that could be leveraged if other vulnerabilities are discovered.

Key Concerns

0% output escaping
0 Nonce checks
0 Capability checks

Vulnerabilities

None known

Web Maps for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Web Maps for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Web Maps for WordPress Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[webmap] agol-for-wp.php:250

[app] agol-for-wp.php:251

[slideshow] agol-for-wp.php:300

[contentTree] agol-for-wp.php:457

[webmap_viewlargerbutton] agol-for-wp.php:475

WordPress Hooks 9

actionwp_enqueue_scriptsagol-for-wp.php:121

actionadmin_enqueue_scriptsagol-for-wp.php:122

filterscript_loader_tagagol-for-wp.php:131

actionwp_enqueue_scriptsagol-for-wp.php:139

actionadmin_enqueue_scriptsagol-for-wp.php:140

actionwp_enqueue_scriptsagol-for-wp.php:152

actionwp_enqueue_scriptsagol-for-wp.php:172

actionadmin_enqueue_scriptsagol-for-wp.php:174

actioninitsrc\init.php:117

Maintenance & Trust

Web Maps for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMay 12, 2022

PHP min version

Downloads18K

Community Trust

Rating84/100

Number of ratings5

Active installs200

Alternatives

Web Maps for WordPress Alternatives

Mapster WP Maps

mapster-wp-maps

Mapster WP Maps is the smoothest, easiest way to make maps for your site. No API keys required.

3K 4 CVEs

Embed Webmap

embed-webmap

Embed a public webmap from ArcGIS Online into WordPress with a shortcode.

300 No CVEs

GPSies Embed

gpsiesembed

Add GPSies Maps to your posts and pages.(Only for WordPress 2.5+)

10 No CVEs

WP Go Maps (formerly WP Google Maps)

wp-google-maps

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor …

300K 23 CVEs

Hotjar

hotjar

The fast & visual way to understand your users.

80K 1 CVE

Developer Profile

Web Maps for WordPress Developer Profile

GEO-JobeGIS

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Web Maps for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/web-maps-for-wp/styles/agolForWPStyle.css

Script Paths

https://js.arcgis.com/4.6/https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.3/umd/popper.min.jshttps://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js

HTML / DOM Fingerprints

CSS Classes

webmap

HTML Comments

Data Attributes

data-webmap-iddata-widthdata-heightdata-extentdata-centerdata-zoom+22 more

JS Globals

dojoConfigAGOLglobaldir

Shortcode Output

[webmap id[agolitemsummary]

FAQ