CVE-2016-10946

The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
Source: NIST
CVE-2016-10946