The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.

%d bloggers like this: