Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts (WordPress plugin) CVE-2015-5484