WordPress PWG Random Plugin <= 1.11 - Multiple Vulnerabilities

Back

Product: PWG Random
Description: This plugin is prone to a cross site scripting and cross site request forgery attacks. The attackers can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies . Parameters "pwgrandom_title," and pwgrandom_category" are vulnerable.
Solution: Update the plugin.
Classification: Type Multi
References: Packet Storm Security
CVE: Name CVE-N/A
Versions: Affected In <= 1.11
Fixed In 1.12
Disclosure date: 2014-12-09
Credits: Manideep K
Submitter: ThreatPress