The Ultimate FAQ plugin prior to 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
etoilewebdesign ultimate faq