The Landing Pages plugin prior to 1.9.2 for WordPress allows remote malicious users to execute arbitrary code via the url parameter.
inboundnow wordpress landing pages