Description
WordPress Plugin Flexi Quote Rotator is prone to a cross-site request forgery vulnerability and an SQL injection vulnerability. Attackers may exploit these issues to compromise the application, access or modify data, exploit vulnerabilities in the underlying database or to perform unauthorized actions by enticing a logged-in user to visit a malicious site. WordPress Plugin Flexi Quote Rotator version 0.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.9.3 or latest
References
Related Vulnerabilities
IBMHttpServer Other Vulnerability (CVE-2002-1822)
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4112)
WordPress Plugin Top 10-Popular posts for WordPress Multiple Vulnerabilities (3.2.3)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-2138)