The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.

%d bloggers like this: