Launchpad.net

CVE 2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.

See the CVE page on Mitre.org for more details.