The plugin did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed
Proof of Concept
Create a new map. Add an XSS payload to the title. Click "Show as map title". Add the map to a page or post with the shortcode.
Fixed in version 1.7.7✓
2021-07-01 (about 3 months ago)
2021-07-12 (about 3 months ago)
2021-08-10 (about 2 months ago)