Security Issue Reported by Wordfence and Patchstack

Wordfence is reporting a medium severity but critical vulnerability for this plugin. On the other hand, it references a Patchstack security report that rates the issue is low severity. Neither specifies a known patch.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-storymap/storymap-21-authenticated-contributor-stored-cross-site-scripting

https://patchstack.com/database/wordpress/plugin/wp-storymap/vulnerability/wordpress-storymap-plugin-2-1-cross-site-scripting-xss-vulnerability

It seems like you’re still updating this plugin, though i haven’t seen any activity in this forum for years. If you are planning to address the issue, we may choose to keep using the plugin and monitor the situation. Is this something you think you might be addressing?

Thanks! – we do have found this plugin very useful and would hate to have to replace it.