The plugin uk-cookie has a reflective XSS injection possible while using it.

http://wordpress.org/extend/plugins/uk-cookie/

Script Used- <script>alert('hacked')</script>

CVE-2012-5856