WordPress Double Opt-In for Download plugin version 2.0.9 suffers from a remote SQL injection vulnerability.