The freshmail-newsletter plugin prior to 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
freshmail freshmail-newsletter