The nextgen-gallery plugin prior to 2.1.57 for WordPress has SQL injection via a gallery name.
imagely nextgen gallery