The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

By admin