Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.