Does WP GPX Maps have any unpatched vulnerabilities?

No. All known vulnerabilities in WP GPX Maps have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP GPX Maps compatible with WordPress 6.7.5?

According to WordPress.org data, WP GPX Maps 1.7.11 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is WP GPX Maps updated?

WP GPX Maps was last updated on Feb 12, 2025. Frequent updates are generally a positive security signal.

What is WP GPX Maps's security score?

WP GPX Maps has a WP-Safety security score of 87/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP GPX Maps Security & Risk Analysis

wordpress.org/plugins/wp-gpx-maps

Draws a GPX track with altitude graph. You can also display your nextgen gallery images in the map.

4K active installs v1.7.11 PHP + WP 6.2.0+ Updated Feb 12, 2025

chartgpsgpxgraphmaps

A · Safe

CVEs total3

Unpatched0

Last CVESep 24, 2024

Plugin page Download

Safety Verdict

Is WP GPX Maps Safe to Use in 2026?

Generally Safe

Score 87/100

WP GPX Maps has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 24, 2024Updated 1yr ago

Risk Assessment

The wp-gpx-maps plugin, version 1.7.11, exhibits a mixed security posture. On the positive side, the static analysis reveals a small attack surface with no apparent unprotected entry points. The plugin also demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and shows a high percentage of properly escaped output. Furthermore, it incorporates nonce and capability checks, which are crucial for security.

However, several concerning signals are present. The use of the `unserialize` function is a significant risk, as it can lead to object injection vulnerabilities if not handled with extreme care and validation. While taint analysis shows no current issues, the historical vulnerability data is a major red flag. The plugin has a history of 3 known CVEs, including one critical vulnerability. The types of past vulnerabilities, such as Cross-site Scripting, Missing Authorization, and Unrestricted Uploads, suggest recurring weaknesses in input validation and access control. The most recent vulnerability was patched very recently, indicating ongoing security challenges.

In conclusion, while the plugin has made improvements in certain areas like prepared statements and output escaping, the presence of `unserialize` and the concerning history of critical and diverse vulnerabilities necessitate caution. The recent patching of a critical vulnerability suggests that the developers are addressing issues, but the pattern of past problems indicates a need for continued vigilance and potentially more robust security practices during development.

Key Concerns

Critical historical CVE (unpatched is 0, but critical existed)
Use of dangerous function: unserialize
Medium historical CVEs (2)

Vulnerabilities

WP GPX Maps Security Vulnerabilities

CVEs by Year

1 CVE in 2012

2012

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

3 total CVEs

CVE-2024-9028medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP GPX Maps <= 1.7.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via sgpx Shortcode

Sep 24, 2024 Patched in 1.7.10 (170d)

CVE-2023-44234medium · 4.3Missing Authorization

WP GPX Map <= 1.7.05 - Missing Authorization

Sep 29, 2023 Patched in 1.7.06 (116d)

CVE-2012-6649critical · 9.8Unrestricted Upload of File with Dangerous Type

WP GPX Maps < 1.1.23 - Arbitrary File Upload

Jun 11, 2012 Patched in 1.1.23 (4243d)

Code Analysis

Analyzed Mar 16, 2026

WP GPX Maps Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

242 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cache_obj = unserialize( $cache_str );wp-gpx-maps.php:367

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped248 total outputs

Attack Surface

WP GPX Maps Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 1

authwp_ajax_wpgpxmaps_dismiss_noticewp-gpx-maps-admin.php:17

Shortcodes 2

[sgpx] wp-gpx-maps.php:39

[sgpxf] wp-gpx-maps.php:40

WordPress Hooks 10

actionadmin_initwp-gpx-maps-admin-administration.php:13

filterupload_dirwp-gpx-maps-admin-tracks.php:58

actionadmin_initwp-gpx-maps-admin.php:4

actionadmin_menuwp-gpx-maps-admin.php:5

actionnetwork_admin_noticeswp-gpx-maps-admin.php:13

actionadmin_noticeswp-gpx-maps-admin.php:15

filterplugin_action_linkswp-gpx-maps.php:43

actionwp_enqueue_scriptswp-gpx-maps.php:44

actionadmin_enqueue_scriptswp-gpx-maps.php:45

actionplugins_loadedwp-gpx-maps.php:46

Maintenance & Trust

WP GPX Maps Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 12, 2025

PHP min version

Downloads142K

Community Trust

Rating82/100

Number of ratings59

Active installs4K

Alternatives

WP GPX Maps Alternatives

Blazing Charts

blazing-charts

A plugin to easily allow you to add interactive charts and maps by using a collection of Charting libraries.

200 No CVEs

GPXconnect

gpxconnect

Download GPX data to Garmin GPS devices.

10 No CVEs

Visualizer: Tables and Charts Manager for WordPress

visualizer

A simple yet powerful WordPress chart plugin to effortlessly create and embed responsive charts & tables into your site, supporting multiple data …

20K 12 CVEs

Graphina – Charts and Graphs For Elementor

graphina-elementor-charts-and-graphs

Most Powerful Data visualization plugin for WordPress Elementor. The easiest way to build gorgeous Charts & Graphs on your Elementor website.

10K 7 CVEs

Chartify – WordPress Chart Plugin

chart-builder

Chartify is a powerful WordPress Chart Builder Plugin that will help you to create WordPress Graphs & Charts easily and quickly.

4K 8 CVEs

Developer Profile

WP GPX Maps Developer Profile

bastianonm

2 plugins · 4K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

1510 days

View full developer profile

Detection Fingerprints

How We Detect WP GPX Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-gpx-maps/css/admin-style.css/wp-content/plugins/wp-gpx-maps/js/mColorPicker_min.js/wp-content/plugins/wp-gpx-maps/js/bootstrap-table.js/wp-content/plugins/wp-gpx-maps/css/bootstrap-table.css/wp-content/plugins/wp-gpx-maps/css/wp-gpx-maps-output.css/wp-content/plugins/wp-gpx-maps/ThirdParties/Leaflet_1.5.1/leaflet.css/wp-content/plugins/wp-gpx-maps/ThirdParties/Leaflet.markercluster-1.4.1/MarkerCluster.css/wp-content/plugins/wp-gpx-maps/ThirdParties/Leaflet.Photo/Leaflet.Photo.css+7 more

Version Parameters

wp-gpx-maps/css/admin-style.css?ver=wp-gpx-maps/js/mColorPicker_min.js?ver=wp-gpx-maps/js/bootstrap-table.js?ver=wp-gpx-maps/css/bootstrap-table.css?ver=wp-gpx-maps/css/wp-gpx-maps-output.css?ver=ThirdParties/Leaflet_1.5.1/leaflet.css?ver=ThirdParties/Leaflet.markercluster-1.4.1/MarkerCluster.css?ver=ThirdParties/Leaflet.Photo/Leaflet.Photo.css?ver=ThirdParties/leaflet.fullscreen-1.4.5/Control.FullScreen.css?ver=ThirdParties/Leaflet_1.5.1/leaflet.js?ver=ThirdParties/Leaflet.markercluster-1.4.1/leaflet.markercluster.js?ver=ThirdParties/Leaflet.Photo/Leaflet.Photo.js?ver=ThirdParties/leaflet.fullscreen-1.4.5/Control.FullScreen.js?ver=js/Chart.min.js?ver=wp-gpx-maps/js/WP-GPX-Maps.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-gpx-maps-map-containerwpgpxmaps-altitude-chart

Data Attributes

data-gpx-srcdata-map-iddata-titledata-altitude-chart-iddata-polyline-colordata-polyline-weight+57 more

JS Globals

WPGPXMAPS_CURRENT_VERSIONwpgpxmaps_pointsoffsetwpgpxmaps_distanceTypewpgpxmaps_donotreducegpxwpgpxmaps_unit_of_measure

Shortcode Output

[sgpx [sgpxf

FAQ