Update the WordPress Webba Booking plugin to the latest available version (at least 4.2.18).
An unknown person discovered and reported this Sensitive Data Exposure vulnerability in WordPress Webba Booking Plugin. This vulnerability has been fixed in version 4.2.18.
Authenticated Stored CrossSite Scripting (XSS) vulnerability
Toggle The Debug Mode via CrossSite Request Forgery (CSRF) vulnerability