A vulnerability was found in chuhpl Book a Room Event Calendar Plugin up to 1.9 on WordPress. It has been rated as problematic . This affects the function settings_form of the component Setting Handler . The manipulation of the argument action leads to cross-site request forgery. This vulnerability is referenced as CVE-2026-9721 . Remote exploitation of the attack is possible. No exploit is available. Applying a patch is the recommended action to fix this issue.