cleantalk
Vulnerabilities and Security Researches

Booking Manager, CVE-2025-10124

CVE, Research URL

CVE-2025-10124

Home page URL

Security reports for Booking Manager

Application

Booking Manager

Published on
Oct 10, 2025
Research Description
The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Affected versions
max 2.1.15.
Status
vulnerable
Previous vulnerability researches
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab (CVE-2025-24661) , Feb 05, 2025
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab (CVE-2025-8898) , Aug 16, 2025
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab (CVE-2025-54713) , Aug 22, 2025
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab (CVE-2025-30839) , Apr 02, 2025
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab (CVE-2024-43986) , Aug 31, 2024
New vulnerability
Slider Templates (CVE-2025-62988) , Nov 11, 2025
bbPress Notify (No-Spam) (CVE-2025-49962) , Nov 11, 2025
Multilang Contact Form (CVE-2025-62896) , Nov 11, 2025
Simple Stripe Checkout (CVE-2025-49963) , Nov 11, 2025
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. (CVE-2025-58972) , Nov 11, 2025