The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin is vulnerable to a type of attack called Cross-Site Request Forgery. This affects all versions of the plugin up to and including 3.1.9. This vulnerability is caused by the failure to validate a nonce on an unspecified function, allowing unauthenticated users to potentially trick a site administrator into clicking on a malicious link or taking some other unknown action. The full impact of this vulnerability is currently unknown.