CVE-2015-9296

The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.