CVE-2017-18544

The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.