CVE-2025-14982

Name of the Vulnerable Software and Affected Versions Booking Calendar versions prior to 10.14.12

Description The Booking Calendar plugin for WordPress is susceptible to an authorization issue that can lead to the disclosure of sensitive information. Attackers with Subscriber-level access or higher can view all booking records in the database. This includes personally identifiable information (PII) such as names, email addresses, phone numbers, physical addresses, payment status, booking costs, and booking hashes belonging to other users.

Recommendations Update to version 10.14.12 or later.