freshmail vulnerabilities and exploits

6.5
CVSSv2
CVE-2015-9496

The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring....