CVE-2015-9384 (relevant)

The relevant plugin before 1.0.8 for WordPress has XSS.
Source: NIST
CVE-2015-9384 (relevant)