CWE-352

The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.

The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.

The wp-members plugin before 3.2.8 for WordPress has CSRF.

The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.

The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber.

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.