SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
WordPress LeagueManager plugin version 3.8 suffers from a remote SQL injection vulnerability. Both an exploit along with patching recommendations are provided.