The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI.
https://www.logicallysecure.com/blog/ls-team-discovers-xss-in-wordpress-plugin/
https://wpvulndb.com/vulnerabilities/9203
https://wordpress.org/plugins/easy-redirect-manager/#developers