Does WP GeoPosts have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP GeoPosts compatible with WordPress 3.4.2?

According to WordPress.org data, WP GeoPosts 1.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is WP GeoPosts updated?

WP GeoPosts was last updated on Aug 20, 2012. Frequent updates are generally a positive security signal.

What is WP GeoPosts's security score?

WP GeoPosts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP GeoPosts Security & Risk Analysis

wordpress.org/plugins/wp-geoposts

A simple Wordpress plugin for adding geographic data to posts.

40 active installs v1.0 PHP + WP 3.0+ Updated Aug 20, 2012

distancedistance-searchgeolocationmetabox

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP GeoPosts Safe to Use in 2026?

Generally Safe

Score 85/100

WP GeoPosts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The wp-geoposts v1.0 plugin exhibits a generally good security posture based on the provided static analysis. There are no identified dangerous functions, SQL queries are all prepared, and there are no critical or high-severity taint flows. The absence of known CVEs in its history further suggests a well-maintained or less-targeted plugin. The plugin also demonstrates an awareness of security by including capability checks in its code.

However, a significant concern arises from the total lack of output escaping for all 12 identified output points. This presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data, if not properly sanitized before being displayed, could be injected and executed in the user's browser. Additionally, the presence of one file operation without further context on its security implications warrants caution.

In conclusion, while the plugin avoids common pitfalls like raw SQL queries and dangerous functions, the complete lack of output escaping is a critical flaw that overshadows its strengths. The vulnerability history is a positive indicator, but it must be weighed against the immediate risks posed by unescaped output. Remediation of the output escaping issues should be the highest priority.

Key Concerns

0% output escaping
1 file operation without context

Vulnerabilities

None known

WP GeoPosts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP GeoPosts Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

WP GeoPosts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped12 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

save_post (wp_geo_posts.php:85)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP GeoPosts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

filterposts_fieldsquery.php:30

filterposts_joinquery.php:31

filterposts_wherequery.php:32

filterposts_orderbyquery.php:33

actioninitwp_geo_posts.php:39

actionadmin_initwp_geo_posts.php:40

actionadmin_menuwp_geo_posts.php:41

actionsave_postwp_geo_posts.php:165

actionadd_meta_boxeswp_geo_posts.php:179

Maintenance & Trust

WP GeoPosts Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedAug 20, 2012

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

WP GeoPosts Alternatives

WP Geo search

wp-geo-search

Add location-aware geographical search to WP_Query. You can use it to power location-aware apps, such as showing a user results near them.

70 No CVEs

Travel Rates based on geo location

travel-rates-based-on-geo-location

This plugin gets the distance from the source and destination address with the google map api. and then apply the appropriate rate.

10 No CVEs

SlimStat Analytics

wp-slimstat

The leading web analytics plugin for WordPress

80K 24 CVEs

Geolocation IP Detection

geoip-detect

Provides geographic information detected by an IP adress.

20K 1 CVE

Price Based on Country for WooCommerce

woocommerce-product-price-based-on-countries

100

Product Pricing and Currency based on Shopper's Country for WooCommerce with multi-currency support and geolocation to boost international sales.

20K No CVEs

Developer Profile

WP GeoPosts Developer Profile

fyaconiello

1 plugin · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP GeoPosts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-geoposts/query.php/wp-content/plugins/wp-geoposts/templates/geo_metabox.php/wp-content/plugins/wp-geoposts/templates/settings.php

HTML / DOM Fingerprints

Data Attributes

id="id_wp_geo_posts_section"

FAQ