SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.