WordPress Single Personal Message plugin version 1.0.3 suffers from a remote SQL injection vulnerability.