search.php in the Nova Lite theme prior to 1.3.9 for WordPress allows Reflected XSS.
themeinprogress nova lite