The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.
cybercraftit content-grabber 1.0