The photo-gallery plugin before 1.2.42 for WordPress has CSRF.

%d bloggers like this: