The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).
https://wpscan.com/vulnerability/9de5cc51-f64c-4475-a0f4-d932dc4364a6
https://plugins.trac.wordpress.org/changeset/2596452/geodirectory