The Participants Database plugin prior to 1.7.5.10 for WordPress has XSS.
xnau participants database 1.7.5.10