Launchpad.net

CVE 2016-10992

The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.

See the CVE page on Mitre.org for more details.