The plugin uk-cookie has a reflective XSS injection possible while using it.
http://wordpress.org/extend/plugins/uk-cookie/
Script Used- <script>alert('hacked')</script>
CVE-2012-5856