A vulnerability has been found in Spreadsheet(wpSS) WordPress plugin.

The SQL Injection vulnerability may allow an attacker to compromise your backend database and potentially your blog and web server.

A public exploit has been released on milw0rm by 1ten0.0net1.

The ’ss_id’ parameter inside ss_load.php is not correctly escaped before being passed to the database.

It was reported that all versions before 0.6 are vulnerable. The plugin homepage is currently not available. Therefore, we can’t prove that the version 0.61(released August ‘07) is indeed safe to use.

It is recommended that you disable this plugin until a fix has been verified.

http://blogsecurity.net/wordpress/wp-spreadsheetwpss-sql-injection/