SunnyToo stblogsearch up to v1.0.0 exists to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component.
sunnytoo stblogsearch