CVE-2015-9355

The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.