The weblibrarian plugin prior to 3.4.8.5 for WordPress has XSS via front-end short codes.
deepsoft weblibrarian