Security Advisory

CVE-2025-10124

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-10 06:00:06

Last updated 2025-11-13 20:54:19

Assigner WPScan

State PUBLISHED

Description

The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.

← Browse all CVEs View on cve.org ↗