The newstatpress plugin prior to 1.0.4 for WordPress has XSS related to the Referer header.
newstatpress project newstatpress