The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.
wp editor.md project wp editor.md 1.6