Loginizer wordpress plugin contains an unauthenticated timebased SQL injection in versions before 1.6.4. The vulnerable parameter is in the log parameter. Wordpress has forced updates of the plugin to all servers.
19a3dea18cc17107d42a30ec2c31df71bf5f3d9812f33d059c921e228a7efb3e