SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an “output CSV” action to pdb-signup/.
osvdb.org/show/osvdb/107626
packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html
seclists.org/fulldisclosure/2014/Jun/0
www.securityfocus.com/bid/67769
wordpress.org/plugins/participants-database/changelog
www.exploit-db.com/exploits/33613
www.yarubo.com/advisories/1