CVE-2017-17744

Name of the Vulnerable Software and Affected Versions WordPress custom-map plugin versions prior to 1.2

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the map id parameter to "view/advancedsettings.php" API endpoint.

Recommendations For versions prior to 1.2, update the custom-map plugin to version 1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "view/advancedsettings.php" endpoint or avoiding the use of the map id parameter until the plugin is updated.