The animate-it plugin prior to 2.3.6 for WordPress has CSRF in edsanimate.php.
eleopard animate it\\!