CWE-352

Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.

The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.

The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF.

The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.

The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.

The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.