The add-from-server plugin prior to 3.3.2 for WordPress has CSRF for importing a large file.
add from server project add from server