Secunia reported Popular Wordspew plugin to have an input vulnerability which can be exploited to inject SQL commands to your wordpress installation.

User supplied input to the parameter “id” could be exploited by malicious users to inject SQL.

Here is how a visitor to your site can inject SQL through the plugin:

From the URL of the browser, they can simply type:

http://your-domain-name/plugins/wordspew/wordspew-rss.php?id= any SQL statement

You can still safely use the plugin, if you implement changes that I suggested in my previous posts:

1- Change your table prefix from wp_ to any difficult to remember prefix. No one will be able to guess your table names and tamper with your data.

2- Change the permissions on your database via cPanel. Simply, don’t allow truncating the database.

If you implement these steps, be sure to keep using all your plugins without fear of any malicious SQL Injection related attacks.

Regards.