The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.