Does WP-Ultimate-Map have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-Ultimate-Map have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-Ultimate-Map compatible with WordPress 4.3.34?

According to WordPress.org data, WP-Ultimate-Map 1.1 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is WP-Ultimate-Map updated?

WP-Ultimate-Map was last updated on Unknown. Frequent updates are generally a positive security signal.

What is WP-Ultimate-Map's security score?

WP-Ultimate-Map has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-Ultimate-Map Security & Risk Analysis

wordpress.org/plugins/wp-ultimate-map

Place a map on your wordpress website with custom markers , infowindows and Routes.

10 active installs v1.1 PHP + WP 1.0+ Updated Unknown

draw-on-mapgeo-locationgoogle-mapmapsplacesroutes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP-Ultimate-Map Safe to Use in 2026?

Generally Safe

Score 100/100

WP-Ultimate-Map has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The wp-ultimate-map plugin version 1.1 presents a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, using prepared statements for SQL, and conducting capability checks on all identified entry points, there are significant concerns regarding output escaping and taint analysis. A high percentage of output is not properly escaped, potentially exposing users to Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis reveals a concerning number of flows with unsanitized paths, indicating a risk of insecure handling of user-supplied data, although no critical or high severity issues were flagged in this specific analysis. The plugin's clean vulnerability history is a positive indicator, suggesting a generally well-maintained codebase. However, the identified output escaping and taint flow issues warrant attention to prevent potential security incidents.

Key Concerns

Significant portion of output unescaped
Flows with unsanitized paths found

Vulnerabilities

None known

WP-Ultimate-Map Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP-Ultimate-Map Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

11% escaped47 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

changePage (src\ajax.php:170)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP-Ultimate-Map Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[umap] src\shortcodes.php:9

WordPress Hooks 35

actionadmin_enqueue_scriptsadmin\class-admin.php:12

actionadmin_menuadmin\class-admin.php:13

actionadmin_initadmin\class-admin.php:14

actionload-post.phpadmin\post-types\place-marker.php:13

actionload-post-new.phpadmin\post-types\place-marker.php:14

actionadd_meta_boxesadmin\post-types\place-marker.php:26

actionsave_postadmin\post-types\place-marker.php:27

actionmarker_edit_form_fieldsadmin\post-types\place-marker.php:165

actionmarker_add_form_fieldsadmin\post-types\place-marker.php:167

actionedited_markeradmin\post-types\place-marker.php:169

actioncreate_markeradmin\post-types\place-marker.php:171

actionadmin_enqueue_scriptsadmin\post-types\place-marker.php:232

actionroute_by_edit_form_fieldsadmin\post-types\place-marker.php:241

actionroute_by_add_form_fieldsadmin\post-types\place-marker.php:243

actionedited_route_byadmin\post-types\place-marker.php:245

actioncreate_route_byadmin\post-types\place-marker.php:247

actionadmin_enqueue_scriptsadmin\post-types\place-marker.php:287

actionload-post.phpadmin\post-types\place-route.php:12

actionload-post-new.phpadmin\post-types\place-route.php:13

actionadd_meta_boxesadmin\post-types\place-route.php:25

actionsave_postadmin\post-types\place-route.php:26

actionroute_taxo_edit_form_fieldsadmin\post-types\place-route.php:231

actionroute_taxo_add_form_fieldsadmin\post-types\place-route.php:233

actionedited_route_taxoadmin\post-types\place-route.php:235

actioncreate_route_taxoadmin\post-types\place-route.php:237

actionadmin_enqueue_scriptsadmin\post-types\place-route.php:277

actioninitsrc\CPT.php:175

actioninitsrc\CPT.php:178

actioninitsrc\CPT.php:181

actionrestrict_manage_postssrc\CPT.php:190

filterpost_updated_messagessrc\CPT.php:193

filterbulk_post_updated_messagessrc\CPT.php:194

actionload-edit.phpsrc\CPT.php:898

filterrequestsrc\CPT.php:934

actionwp_enqueue_scriptssrc\shortcodes.php:10

Maintenance & Trust

WP-Ultimate-Map Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedUnknown

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP-Ultimate-Map Alternatives

CodePeople Post Map for Google Maps

codepeople-post-map

100

CodePeople Post Map lets you geotag posts and seamlessly integrate your blog with Google Maps for a smooth, location-aware experience.

4K 1 CVE

Map Field for Contact Form 7

map-field-for-contact-form-7

100

Add a Google Maps autocomplete address field with a live interactive map to any Contact Form 7 form. Supports draggable marker, address components, an …

80 No CVEs

Posts on a map

posts-on-a-map

Add a custom field for GPS coordinates in the post editor and show a map under under the content of the post.

10 No CVEs

WP Go Maps (formerly WP Google Maps)

wp-google-maps

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor …

300K 23 CVEs

iframe

[iframe src="http://www.youtube.com/embed/7_nAZQt9qu0" width="100%" height="500"] shortcode

70K 6 CVEs

Developer Profile

WP-Ultimate-Map Developer Profile

rahulbhangale

5 plugins · 30 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-Ultimate-Map

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-ultimate-map/admin/css/admin.css/wp-content/plugins/wp-ultimate-map/admin/js/admin.js/wp-content/plugins/wp-ultimate-map/js/scripts.js/wp-content/plugins/wp-ultimate-map/css/main.css

Script Paths

https://maps.googleapis.com/maps/api/js?libraries=places&callback=initMaphttps://maps.googleapis.com/maps/api/js?libraries=places&callback=mapLocation

HTML / DOM Fingerprints

CSS Classes

setting-containercontrols

Data Attributes

id="pac-input"id="place"id="focus-lat"id="focus-lng"id="zoom-level"

JS Globals

var map;var markers = [];function initMap()function placeMarkerWithId(initLatLng , map , id)function clearMarkers()function place_search(map)+2 more

Shortcode Output

[umap]

FAQ