The plugin did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed
Create a new map. Add an XSS payload to the title. Click "Show as map title". Add the map to a page or post with the shortcode.
Pratik Khalane
Pratik Khalane
No
2021-07-01 (about 1 years ago)
2021-07-12 (about 1 years ago)
2022-04-12 (about 4 months ago)