WordPress · Wp Google Maps · CVE-2021-24502
**Name of the Vulnerable Software and Affected Versions**
WP Google Map WordPress plugin versions prior to 1.7.7
**Description**
The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Map Title is not properly sanitised or escaped before being outputted on the page. This can be exploited by high privilege users, even when the unfiltered html capability is disallowed.
**Recommendations**
For WP Google Map WordPress plugin versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue.