The weblibrarian plugin prior to 3.4.8.6 for WordPress has XSS via front-end short codes.
deepsoft weblibrarian