CVE-2019-12239

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt