A SQL injection issue exists in the Quick Chat plugin prior to 4.00 for WordPress.
quick chat project quick chat