The sendpress plugin prior to 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
pressified sendpress