Flawed XSRF Protection In WordPress
As demonstrated by ferruh 'http://ferruh.mavituna.com/flawed-csrf-protections-oku/', this is a serious flaw which surprisingly went un-noticed. An admin could be easily tricked into clicking a 'Yes' button resulting in a password update. An attacker could also update the admin's email and use the 'forgot password' functionality to reset his password. WordPress, do not ask user's to provide their existing password to change it.
This demonstrates that inorder to protect against Cross Site request Forgery (XSRF), application's must discard the request whenever any XSRF attempt is detected.