VYPR
Medium severity4.5NVD Advisory· Published Oct 10, 2025· Updated Apr 15, 2026

CVE-2025-10124

CVE-2025-10124

Description

The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2025-10124 · Medium · VYPR