The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.Referenceshttps://wordpress.org/plugins/invite-anyone/#developers
