Try the suggestions in this Community Tip to help you fix CSRF Token Not Valid.
CSRF Token Not Valid is due to other plugins in your WordPress installation taking the CSRF token before Cloudflare can read it. When this happens, you’ll see the error “CSRF Token Not Valid”.
Quick Fix Ideas
Usually this is solved by turning off all plugins except Cloudflare then enabling them one-by-one and reloading the page. This will then show you the plugin that is causing the issue.
Verify you’re using the correct API key, make sure you’re entering it in the correct location.
If you use infinitewp, see this post.
Try reinstalling the wordpress plugin and verify what other wordpress plugins you are running.
Deactivate any ad blocker you have installed.
Try in incognito mode.
If You Need More Help
This community of other Cloudflare users may be able to assist you, if not, login to Cloudflare and then contact Cloudflare Support. When you contact support, make sure to include as much of this information as possible: version of the plugin you’re running, list of other plugins you’re running, the specific error messages, screen shots, and/or HAR file(s).
Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments like: “What are the three things to always try”, or “Do this first” or “In my experience”.
This is a Cloudflare Community Tip, to review past tips, click here.