The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.

%d bloggers like this: