The newstatpress plugin prior to 1.0.6 for WordPress has reflected XSS.
newstatpress project newstatpress