WPIntell

Source evidence

Vulnerability WordPress HBook – incorrectly matched

Wordfence Security – Firewall, Malware Scan, and Login Security · support · 2026-06-05T10:41:00+00:00

Wordfence Security – Firewall, Malware Scan, and Login Security plugin evidence original source source API
complaintsentiment
highseverity
0.91relevance
1replies
Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

6 / 32 rows with source links

18.8% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

26 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support
Jazzie unresolved
Hello, your vulnerability scanner reports CVE-2026-8143 (“WordPress Booking Calendar – Event Calendar plugin <= 2.1.6 – Unauthenticated Stored Cross-Site Scripting”) for the HBook plugin. However, this CVE does not belong to HBook and appears to be incorrectly matched. Details: Plugin installed: HBook (latest version) Reported vulnerability: CVE-2026-8143 The affected plugin mentioned in the CVE is a different booking/event calendar plugin and is not part of HBook. HBook developer (Maestrel) confirmed that this vulnerable plugin/component is not included in HBook. This appears to be a false positive caused by an incorrect plugin match. Please review the vulnerability mapping and remove the incorrect detection. Thank you. Hi @jazzie , thanks for your report. Our Threat Intellience team are currently in contact with this plugin developer and working with them to resolve the issue. Many thanks, Peter.

Comments

1 shown
wfpeter 2026-06-05T11:55:00+00:00

Hi @jazzie , thanks for your report. Our Threat Intellience team are currently in contact with this plugin developer and working with them to resolve the issue. Many thanks, Peter.