This type of vulnerability allows the attacker to inject malicious SQL statements through the vulnerable website. It is typically used to attack database driven web applications such as WordPress to gain unauthorized access to the database and its data.
To exploit an SQL Injection vulnerability the attacker injects malicious SQL statements for the database server to execute through an input field on the website. Such input fields could be the username or password input fields (such as those in the in WordPress login page), all the comments related input fields, search boxes etc. A web application such as WordPress, a WordPress plugin or a theme could be vulnerable to SQL Injection if there is no proper sanitization of the user input.
By exploiting an SQL Injection vulnerability, the attacker can read and possibly write data to the database. Therefore in case of WordPress, by exploiting an SQL Injection the attacker can retrieve the list of WordPress usernames and change their passwords. For a more detailed explanation of the SQL Injection vulnerability read 14 Years of SQL Injection and still the most dangerous vulnerability.