The google-document-embedder plugin prior to 2.6.2 for WordPress has XSS.
google doc embedder project google doc embedder