Wordpress LeagueManager Plugin Multiple Vulnerabilities

Summary
This host is installed with Wordpress LeagueManager Plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application
Solution
Update to version 3.8.1 or later, For updates refer to http://wordpress.org/support/plugin/leaguemanager
Insight
Multiple flaws due to, - Input passed via the 'league_id' POST parameter to wp-admin/admin.php is not properly sanitized before being returned to the user. - Not sufficiently verify authorization when accessing the CSV export functionality.
Affected
WordPress LeagueManager Plugin Version 3.8
References