The safe-editor plugin prior to 1.2 for WordPress has no se_save authentication, with resultant XSS.
kodebyraaet safe editor