WordPress Portfolio plugin version 2.27 suffers from a cross site scripting vulnerability.