CVE-2015-9391

The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.