CVE-2016-10883

The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.