WordPress Booking Calendar plugin version 6.2.1 suffers from a cross site request forgery vulnerability.