Does WP Mapbox GL JS Maps have any unpatched vulnerabilities?

Yes — WP Mapbox GL JS Maps currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Mapbox GL JS Maps compatible with WordPress 5.4.19?

According to WordPress.org data, WP Mapbox GL JS Maps 3.0.1 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

How often is WP Mapbox GL JS Maps updated?

WP Mapbox GL JS Maps was last updated on Nov 7, 2021. Frequent updates are generally a positive security signal.

What is WP Mapbox GL JS Maps's security score?

WP Mapbox GL JS Maps has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Mapbox GL JS Maps Security & Risk Analysis

wordpress.org/plugins/wp-mapbox-gl-js

NOTE: This plugin has been deprecated and is no longer supported. Please see our latest plugin, Mapster WP Maps, for a more up-to-date and maintained …

1K active installs v3.0.1 PHP + WP 3.0.1+ Updated Nov 7, 2021

interactive-mapmapboxmapbox-gl-jsmapsreal-estate

C · Use Caution

CVEs total1

Unpatched1

Last CVEOct 10, 2025

Plugin page Download

Safety Verdict

Is WP Mapbox GL JS Maps Safe to Use in 2026?

Use With Caution

Score 63/100

WP Mapbox GL JS Maps has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Oct 10, 2025Updated 4yr ago

Risk Assessment

The 'wp-mapbox-gl-js' v3.0.1 plugin exhibits a generally good security posture with several positive indicators. The complete absence of SQL injection vulnerabilities due to prepared statements and the lack of critical or high-severity taint flows are strong points. Nonce and capability checks are also present, suggesting an awareness of secure coding practices. However, a significant concern arises from the 40% of output that is not properly escaped, presenting a potential cross-site scripting (XSS) risk. Additionally, the plugin has a history of medium-severity vulnerabilities, specifically XSS, and notably has one currently unpatched CVE from 2025. This pattern, combined with the unescaped output, indicates a recurring weakness that attackers could exploit. While the plugin demonstrates strengths in certain areas, the unpatched vulnerability and the significant percentage of unescaped output warrant careful attention.

Key Concerns

Unpatched CVE
High percentage of unescaped output

Vulnerabilities

WP Mapbox GL JS Maps Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-62942medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mapbox GL JS Maps <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 10, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Mapbox GL JS Maps Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

61 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped101 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

save_mapbox_gl_js_settings (admin\partials\wp-mapbox-gl-js-settings.php:5)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Mapbox GL JS Maps Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wp_mapbox_gl_js] public\class-wp-mapbox-gl-js-public.php:219

WordPress Hooks 16

filteruse_block_editor_for_post_typeadmin\class-wp-mapbox-gl-js-admin.php:191

actionplugins_loadedincludes\class-wp-mapbox-gl-js.php:142

actionadmin_enqueue_scriptsincludes\class-wp-mapbox-gl-js.php:157

actionadmin_enqueue_scriptsincludes\class-wp-mapbox-gl-js.php:158

actionadmin_menuincludes\class-wp-mapbox-gl-js.php:159

actionadd_meta_boxesincludes\class-wp-mapbox-gl-js.php:160

actioninitincludes\class-wp-mapbox-gl-js.php:161

actioninitincludes\class-wp-mapbox-gl-js.php:162

actionedit_form_after_titleincludes\class-wp-mapbox-gl-js.php:163

actionsave_postincludes\class-wp-mapbox-gl-js.php:164

actionadmin_noticesincludes\class-wp-mapbox-gl-js.php:165

actionadmin_noticesincludes\class-wp-mapbox-gl-js.php:166

actionwp_enqueue_scriptsincludes\class-wp-mapbox-gl-js.php:180

actionwp_enqueue_scriptsincludes\class-wp-mapbox-gl-js.php:181

actioninitincludes\class-wp-mapbox-gl-js.php:182

filterthe_contentincludes\class-wp-mapbox-gl-js.php:183

Maintenance & Trust

WP Mapbox GL JS Maps Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedNov 7, 2021

PHP min version

Downloads28K

Community Trust

Rating82/100

Number of ratings9

Active installs1K

Alternatives

WP Mapbox GL JS Maps Alternatives

Mapster WP Maps

mapster-wp-maps

Mapster WP Maps is the smoothest, easiest way to make maps for your site. No API keys required.

3K 4 CVEs

Open User Map

open-user-map

Engage your visitors with an interactive map – let them add markers instantly or create a custom map showcasing your favorite spots.

10K 3 CVEs

SimpleMaps

interactive-maps

Easily add an interactive map of the world, US, or many other countries to your WordPress site.

600 1 CVE

Interactive US Map

interactive-us-map

Interactive US Regional Map WordPress plugin with an easy to use map dashboard.

400 1 unpatched

Interactive US Map – Create Clickable & Customizable U.S. Maps

interactive-map-of-the-us-regions

100

Create engaging Interactive United States Maps in WordPress for free. It's easy to install, simple, and highly customizable.

300 No CVEs

Developer Profile

WP Mapbox GL JS Maps Developer Profile

tempranova

1 plugin · 1K total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Mapbox GL JS Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-mapbox-gl-js/css/balloon.css/wp-content/plugins/wp-mapbox-gl-js/css/rc-slider.min.css/wp-content/plugins/wp-mapbox-gl-js/css/wp-mapbox-gl-js-admin.css/wp-content/plugins/wp-mapbox-gl-js/js/wp-mapbox-gl-js-admin.js/wp-content/plugins/wp-mapbox-gl-js/wp-mapmaker/public/css/style.css/wp-content/plugins/wp-mapbox-gl-js/wp-mapmaker/build/static/js/

Script Paths

https://api.mapbox.com/mapbox-gl-js/v1.12.0/mapbox-gl.jshttps://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-draw/v1.0.4/mapbox-gl-draw.csshttps://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-geocoder/v2.2.0/mapbox-gl-geocoder.csshttps://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-directions/v3.1.1/mapbox-gl-directions.csshttps://unpkg.com/react-select@1.2.1/dist/react-select.css

Version Parameters

wp-mapbox-gl-js/css/wp-mapbox-gl-js-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

wp-mapbox-gl-js-map-container

Data Attributes

data-mapbox-map-iddata-mapbox-map-tokendata-mapbox-map-styledata-mapbox-map-center-latdata-mapbox-map-center-lngdata-mapbox-map-zoom

JS Globals

wp_mapbox_gl_js_paramsparams

REST Endpoints

/wp-json/wp-mapbox-gl-js/v1/map/

Shortcode Output

[mapbox-gl-js-map[mapbox-gl-js-map-layer[mapbox-gl-js-map-marker

FAQ