CVE-2017-18519

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.