CVE-2018-20964

The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
Source: NIST
CVE-2018-20964