Vulnerability WordPress HBook – incorrectly matched

  • Jazzie

    (@jazzie)


    2 days, 23 hours ago

    Hello,

    your vulnerability scanner reports CVE-2026-8143 (“WordPress Booking Calendar – Event Calendar plugin <= 2.1.6 – Unauthenticated Stored Cross-Site Scripting”) for the HBook plugin.

    However, this CVE does not belong to HBook and appears to be incorrectly matched.

    Details:

    • Plugin installed: HBook (latest version)
    • Reported vulnerability: CVE-2026-8143
    • The affected plugin mentioned in the CVE is a different booking/event calendar plugin and is not part of HBook.
    • HBook developer (Maestrel) confirmed that this vulnerable plugin/component is not included in HBook.

    This appears to be a false positive caused by an incorrect plugin match.

    Please review the vulnerability mapping and remove the incorrect detection.

    Thank you.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    2 days, 22 hours ago

    Hi @jazzie, thanks for your report.

    Our Threat Intellience team are currently in contact with this plugin developer and working with them to resolve the issue.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.