CW Tags by CW Joomla, versions 2.0.8 and previous, SQL Injection
Note that the VEL do not agree with the developer's assessment of this as a "low level" security issue
Resolution: update to version 2.1.1
Update notice: http://www.cwjoomla.com/download-cw-tags
.