CVE-2017-18554

The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event.