CVE-2016-10950

The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
Source: NIST
CVE-2016-10950