CVE-2015-9408 (xpinner_lite)

The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
Source: NIST
CVE-2015-9408 (xpinner_lite)