A vulnerability has been discovered in the WP-Cal plugin for WordPress, an event calendar plugin by Fahlstad. This vulnerability can be exploited by malicious people to conduct SQL injection attacks.
Just last week another plugin by Fahlstad had a security issue uncovered: the WP-Forum plugin. Bad luck for Fahlstad?
WordPress WP-Cal Plugin “id” SQL Injection – Advisories – Secunia