An issue exists in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.
weblizar pinterest-feeds 1.1.1