It was found that Plone is vulnerable to cross-site request forgery (CSRF). Original report and CVE request: http://seclists.org/oss-sec/2015/q4/66 External References: https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf