Setup (as admin):
- Locatoraid > Configuration > Google Maps > Enter "none" at Google Maps Browser API Key and Save
- Locatoraid > Publish > Add New (Pages with block) > Insert Shortcode [locatoraid] and Publish
- Go to Appearance > Widgets > Add block Locatoraid Search Form to Footer Area

Attack (as unauthenticated)
Open or make a logged in user open the following URL:"onfocus=alert(/XSS/) autofocus "