The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.
https://wpscan.com/vulnerability/2f86e418-22fd-4cb8-8de1-062b17cf20a7