Launchpad.net

CVE 2016-10985

The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.

See the CVE page on Mitre.org for more details.