Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
As a contributor, create/edit a map with the below payload as title and attach it to a post (can be done in the post dashboard in the Map column) The XSS will be triggered when anyone access the post dashboard (/wp-admin/edit.php?post_type=post)