Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) discovered by Dave Jong (Patchstack) in the WordPress Image Map Pro premium plugin (versions <= 5.5.0).
No patched version is available. No reply from the vendor for a long time.