cleantalk
Vulnerabilities and Security Researches

Booking Manager, CVE-2025-10124

CVE, Research URL

CVE-2025-10124

Home page URL

Security reports for Booking Manager

Application

Booking Manager

Published on
Oct 10, 2025
Research Description
The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Affected versions
max 2.1.15.
Status
vulnerable
Previous vulnerability researches
WP Carticon (CVE-2025-12065) , Nov 10, 2025
New vulnerability
Blocksy Companion (CVE-2025-12475) , Nov 10, 2025
Cinza Grid (CVE-2025-11824) , Nov 10, 2025
Password Policy Manager | Password Manager (CVE-2025-11255) , Nov 10, 2025
Search & Filter (CVE-2025-48099) , Nov 10, 2025
Bux Woocommerce (CVE-2025-60247) , Nov 10, 2025