The custom-search-plugin plugin prior to 1.36 for WordPress has multiple XSS issues.
bestwebsoft custom search