The weblibrarian plugin prior to 3.4.8.7 for WordPress has XSS via front-end short codes.
deepsoft weblibrarian