CVE-2022-2424
The CVE details a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Google Maps Anywhere plugin, versions up to 1.2.6.3. The flaw arises because the plugin does not sanitize or escape any settings, enabling an admin-level attacker to inject script when unfiltered_html is disallowed...