WordPress PWG Random Plugin <= 1.11 - Multiple Vulnerabilities
Product
PWG Random
Description
This plugin is prone to a cross site scripting and cross site request forgery attacks. The attackers can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies . Parameters "pwgrandom_title," and pwgrandom_category" are vulnerable.