The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
cridio listingpro