CVE-2017-18598 (qards)

The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.
Source: NIST
CVE-2017-18598 (qards)