The Appointment Booking & Scheduling Plugin for WordPress, called Webba Booking Calendar, has a security issue called Cross-Site Request Forgery. This means that anyone can perform an unauthorized action if they can convince a site administrator to click on a link. This vulnerability exists in all versions of the plugin up to 5.1.20.