The wp-google-map-plugin plugin prior to 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.
flippercode wp google map