The ultimate-member plugin before 2.0.54 for WordPress has XSS.

Source