CVE-2019-12239 (wp_booking_system)

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
Source: NIST
CVE-2019-12239 (wp_booking_system)