The facebook-by-weblizar plugin prior to 2.8.5 for WordPress has CSRF.
weblizar social likebox \\& feed