This indicates an attack attempt to exploit a SQL Injection vulnerability in WordPress LeagueManager Plugin.
The vulnerability is caused by a lack of sanitizing of the "league_id" parameter that is passed to "admin.php". A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.
WordPress LeagueManager Plugin v3.8
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Currently we are unaware of any vendor supplied patch or updates available for this issue.