Update the WordPress Appointment Booking Calendar plugin to the latest available version (at least 1.3.70).
Lana Codes discovered and reported this Broken Access Control vulnerability in WordPress Appointment Booking Calendar Plugin. This vulnerability has been fixed in version 1.3.70.
CSV Injection vulnerability
Authenticated Stored CrossSite Scripting (XSS) vulnerability
Unauthenticated Stored CrossSite Scripting (XSS) vulnerability