The events-manager plugin prior to 5.5 for WordPress has XSS via EM_Ticket::get_post.
wp-events-plugin events manager