I applied these requests to clean all the lines SendPress generated in wp_postmeta :
DELETE FROM wp_postmeta WHERE meta_key = '_firstname_label ';
DELETE FROM wp_postmeta WHERE meta_key = '_lastname_label ';
DELETE FROM wp_postmeta WHERE meta_key = '_email_label ';
DELETE FROM wp_postmeta WHERE meta_key = '_button_label ';
DELETE FROM wp_postmeta WHERE meta_key = '_list_label ';
DELETE FROM wp_postmeta WHERE meta_key = '_lists_checked ';
DELETE FROM wp_postmeta WHERE meta_key = '_thankyou_message ';
DELETE FROM wp_postmeta WHERE meta_key = '_thankyou_page ';
DELETE FROM wp_postmeta WHERE meta_key = '_setting_type ';
DELETE FROM wp_postmeta WHERE meta_key = '_form_type ';
DELETE FROM wp_postmeta WHERE meta_key = '_sp_settings_id ';
DELETE FROM wp_postmeta WHERE meta_key = '_form_description ';
DELETE FROM wp_postmeta WHERE meta_key = '_collect_firstname ';
DELETE FROM wp_postmeta WHERE meta_key = '_collect_lastname ';
DELETE FROM wp_postmeta WHERE meta_key = '_display_labels_inside_fields ';
It seems to work but how to stop the injections ?