The mailchimp-for-wp plugin prior to 4.0.11 for WordPress has XSS on the integration settings page.
ibericode mailchimp