The Watu Pro plugin prior to 4.9.0.8 for WordPress has CSRF that allows an malicious user to delete quizzes.
kibokolabs watupro