An issue exists in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
wtcms project wtcms 1.0