The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. Date published : 2019-08-30 https://wordpress.org/plugins/simple-mail-address