The plugin uk-cookie has a reflective XSS injection possible while using it. http://wordpress.org/extend/plugins/uk-cookie/ Script Used- CVE-2012-5856