The Simple PopUp WordPress plugin was affected by a popup.php z Parameter XSS security vulnerability.
packetstormsecurity.com/files/126763/
www.securityfocus.com/bid/67562/