CVE-2016-10961

The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.
Source: NIST
CVE-2016-10961