Dear WordPress plugin devs. Don’t inject $_POST straight into the DB without checking who sent it first 
… http://twitter.com/ryanhellyer/status/402572894687207424
Dear WordPress plugin devs. Don’t inject $_POST straight into the DB without checking who sent it first … http://twitter.com/ryanhellyer/status/402572894687207424