Medium severity4.5NVD Advisory· Published Oct 10, 2025· Updated Apr 15, 2026
CVE-2025-10124
CVE-2025-10124
Description
The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.1.15+ 1 more
- (no CPE)range: <2.1.15
- (no CPE)range: <2.1.15
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.