The plugin does not have CSRF checks on some of its form actions such as creation/update/deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks
CPE | Name | Operator | Version |
---|---|---|---|
booking-calendar | lt | 3.2.4 |