The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.
markdown on save improved project markdown on save improved 2.5