CVE-2016-10914

The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.