The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.

%d bloggers like this: