CVE-2016-10993 (scoreme)

The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
Source: NIST
CVE-2016-10993 (scoreme)