CVE-2015-9397 (gocodes)

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.
Source: NIST
CVE-2015-9397 (gocodes)