CVE-2019-12239
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
Date published : 2019-05-20
http://dumpco.re/bugs/wp-plugin-wp-booking-system-sqli