includes/class-coming-soon-creator.php in the igniteup plugin up to and including 3.4 for WordPress is vulnerable to stored XSS.
getigniteup igniteup