CVE-2017-18523

The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.