@introvertmac reported several CSRF vulnerabilities in an application that is not a part of the bounty program. We addressed the issue by requiring and validating CSRF tokens for these endpoints.