The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.

%d bloggers like this: