Title: Security Issue Reported by Wordfence and Patchstack
Last modified: December 17, 2025

---

# Security Issue Reported by Wordfence and Patchstack

 *  [CK MacLeod](https://wordpress.org/support/users/ck-macleod/)
 * (@ck-macleod)
 * [5 months, 2 weeks ago](https://wordpress.org/support/topic/security-issue-reported-by-wordfence-and-patchstack/)
 * Wordfence is reporting a medium severity but critical vulnerability for this 
   plugin. On the other hand, it references a Patchstack security report that rates
   the issue is low severity. Neither specifies a known patch.
 * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-storymap/storymap-21-authenticated-contributor-stored-cross-site-scripting](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-storymap/storymap-21-authenticated-contributor-stored-cross-site-scripting)
 * [https://patchstack.com/database/wordpress/plugin/wp-storymap/vulnerability/wordpress-storymap-plugin-2-1-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/wordpress/plugin/wp-storymap/vulnerability/wordpress-storymap-plugin-2-1-cross-site-scripting-xss-vulnerability)
 * It seems like you’re still updating this plugin, though i haven’t seen any activity
   in this forum for years. If you are planning to address the issue, we may choose
   to keep using the plugin and monitor the situation. Is this something you think
   you might be addressing?
 * Thanks! – we do have found this plugin very useful and would hate to have to 
   replace it.

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-issue-reported-by-wordfence-and-patchstack%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/wp-storymap/assets/icon-128x128.png?rev=2132380)
 * [StoryMap Plugin](https://wordpress.org/plugins/wp-storymap/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-storymap/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-storymap/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-storymap/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-storymap/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-storymap/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [CK MacLeod](https://wordpress.org/support/users/ck-macleod/)
 * Last activity: [5 months, 2 weeks ago](https://wordpress.org/support/topic/security-issue-reported-by-wordfence-and-patchstack/)
 * Status: not resolved