This is obviously an application level problem. What is this php file? You should upgrade wordpress and remove or block access to the plugin or custom page which allows sql injections.