The Responsive Cookie Consent plugin prior to 1.8 for WordPress mishandles number fields, leading to XSS.
responsive cookie consent project responsive cookie consent