An issue exists in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
booking calendar project booking calendar 2.1.7