Akismet Several CSRF vulnerabilities

Summary ----------- Akismet is vulnerable to CSRF allowing an attacker to cancel accounts of victims, add sites, remove subscriptions, etc. Steps to reproduce *Account cancelation* ----------- 1. Login to your Akismet account, which has a subscription activated. 2. The following POST request will cancel the subscription and the account: `https://akismet.com/api/account/1/cancel` The `1` can be replaced with any number. The userid was originally there, but I noticed that it actually just gets ignored. Steps to reproduce other CSRF -------------------- Basically all actions on Akismet are vulnerable to CSRF. Here are some further examples (`1` can be replaced with 2, 3, etc): ### Adding a site to a subscription: ``` POST /api/activation/create subscriptionId=1&site_url=foo.bar ``` *foo.bar* is now added to subscription *1* ### Cancel specific subscription: ```POST /api/subscription/1/cancel``` Subscription *1* is now canceled.