The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.