The google-document-embedder plugin before 2.6.1 for WordPress has XSS.

%d bloggers like this: