The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.