The google-document-embedder plugin prior to 2.6.1 for WordPress has XSS.
google doc embedder project google doc embedder