Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
pixelimity pixelimity 1.0