CVE-2018-5673by Jeremyin Security Bulletinson Posted on January 13, 2018 An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.