The ultimate-member plugin before 2.0.4 for WordPress has XSS.

Source