The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.