The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
cpe:2.3:a:codepeople:music_store:*:*:*:*:*:wordpress:*:* versions up to 1.0.141 (inclusive)