The iThemes Security (better-wp-security) plugin prior to 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
ithemes security