The echosign plugin prior to 1.2 for WordPress has XSS via the inc.php page parameter.
smackcoders echo sign