WordPress PWG Random plugin version 1.11 suffers from cross site request forgery and cross site scripting vulnerabilities.