CVE-2017-18576

The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.