The nelio-ab-testing plugin prior to 4.6.4 for WordPress has CSRF in experiment forms.
neliosoftware nelio ab testing