🧐 Problem
Some security plugins will display a false positive notice about HBook. Be reassured, this is a false positive.
Nothing to worry about; there are no vulnerabilities in HBook!
Why do I see this false alert?
The security plugin on your WordPress site uses WordFence Scan results. There has been a report from WordFence that is a false positive.
How can I be sure that this is a false positive?
There are different aspects that are inconsistent in the security report from your security plugin, and you can easily identify them.
Incorrect plugin name and references to wordpress.org
It mentions a plugin whose name is “Booking Calendar - Event calendar”, which is not HBook by Maestrel. It is a plugin that was hosted on wordpress.org and that was archived in 2022 and that uses the slug “hbook”, unfortunately: https://wordpress.org/plugins/hbook/,
WordFence Scan wrongly identifies the HBook plugin installed on your WordPress site with this unrelated plugin.
HBook, by Maestrel, has never been hosted on wordpress.org.
Unaccurate and inconsistent information in the report
If you check the report carefully, you will see that it is inconsistent and mixes up references to HBook by Maestrel and the archived plugin on WordPress.org.
If you check the link to a CodeCanyon item in the section “References”, you will see that it does not link to our HBook plugin on CodeCanyon. The link that WordFence adds as reference is for a removed PhotoDune item…
What about the vulnerability it reports?
The vulnerability mentioned includes references to 3 parameters that are actually present in our plugin HBook. They are values for the country ISO code and the ISO state code for the USA and Canada.
However, this data is never displayed by HBook. What we use is the country returned (in HBook functions) for the ISO code saved.
We take great care of potential risks when developing our products and analyze when sanitization and escape are required.
In a nutshell, you are all good, and there are no vulnerabilities in the HBook plugin by Maestrel. 🙂