Product

HBook Plugin (<= 2.1.6)

1 brief RSS

HBook WordPress Plugin Stored XSS Vulnerability (CVE-2026-8143)

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'hb_country_iso', 'hb_usa_state_iso', and 'hb_canada_province_iso' parameters (CVE-2026-8143) in versions up to 2.1.6, potentially leading to arbitrary script execution in the administrator's browser.

HBook plugin wordpress xss plugin

2r 1t 1c 3h ago