This plugin is prone to a cross site scripting and cross site request forgery vulnerabilities. Because of XSS vulnerability, the attackers can display any content with no filter from a simple URL, easy to include any remote malicious javascript file. Because of CSRF, anyone can force the installation of any plugin from the repository.