The HL Twitter WordPress plugin up to and including 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow malicious users to make logged in admins perform such actions via a CSRF attack