Vulnerabilities and security researches forbooking-manager booking-manager

Jun 06, 2024

CVE, Research URL: CVE-2023-50840
Home page URL: Security reports for Booking Manager
Application: Booking Manager
Date: Dec 29, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through 2.1.5.
Affected versions: max 2.1.6.
Status: vulnerable

CVE, Research URL: CVE-2023-1977
Home page URL: Security reports for Booking Manager
Application: Booking Manager
Date: Aug 16, 2023
Research Description: The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
Affected versions: max 2.0.29.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-10124
Home page URL: Security reports for Booking Manager
Application: Booking Manager
Date: Oct 10, 2025
Research Description: The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Affected versions: max 2.1.15.
Status: vulnerable