The Smooth Slider plugin up to and including 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).
slidervilla smooth slider