The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.
CVSS Metrics
