Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77

CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get it right.

More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/