CVE-2026-1945

Name of the Vulnerable Software and Affected Versions WPBookit versions up to and including 1.0.8

Description The WPBookit plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the wpb user name and wpb user email parameters. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute when a user accesses the injected page.

Recommendations Update WPBookit to a version later than 1.0.8.