CVE-2016-10987

The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.