The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.