The broken-link-manager plugin prior to 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
k-78 broken link manager