CVE-2016-10902

The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.