The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.
https://wordpress.org/plugins/snazzy-maps/#developers
https://seclists.org/bugtraq/2018/Jul/72
http://www.defensecode.com/advisories/DC-2018-05-006_WordPress_Snazzy_Maps_Plugin_Advisory.pdf