WordPress TextMe SMS plugin versions 1.9.0 and below suffer from a cross site request forgery vulnerability.