The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.