CVE-2016-10969

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.
Source: NIST
CVE-2016-10969