The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.Referenceshttps://wordpress.org/plugins/wp-ultimate-exporter/#developershttps://seclists.org/bugtraq/2016/Feb/183
