The wp-ultimate-exporter plugin up to and including 1.1 for WordPress has SQL injection via the export_type_name parameter.
smackcoders ultimate exporter