The Simple Membership plugin prior to 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
simple-membership-plugin simple membership