Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross-Site Scripting
Action: Immediate Patch
AI Analysis

Impact

Improper neutralization of input during page generation allows an attacker to inject malicious scripts that are stored and executed in the browsers of visitors who view affected pages. This stored XSS can lead to session hijacking, credential theft, defacement, or the delivery of malware. The weakness is a classic cross‑site scripting flaw (CWE‑79).

Affected Systems

WordPress sites using the MyBookTable Bookstore plugin from any version up to and including 3.6.0. This includes all earlier released versions, since the vulnerability exists from the plugin's introduction up to the stated limit.

Risk and Exploitability

The CVSS score is not provided, but the vulnerability enables arbitrary script execution with user‑facing impact. EPSS is not available, and the issue is not listed in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector involves inserting malicious content through the plugin’s data entry interface; an attacker with sufficient permissions to add or edit book entries can embed JavaScript that will run for all site visitors. Therefore, sites that allow users beyond administrators to interact with this plugin remain at risk until the flaw is mitigated.

Generated by OpenCVE AI on April 8, 2026 at 09:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the MyBookTable Bookstore plugin to the latest version that is newer than 3.6.0.
  • Verify that the upgrade successfully removed the vulnerable code path by testing a known malicious payload in a safe environment.
  • If an immediate update is not possible, temporarily disable or remove the plugin from the WordPress installation.
  • Continuously monitor site logs for signs of script execution and ensure other plugins are kept current.

Generated by OpenCVE AI on April 8, 2026 at 09:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Zookatron
Zookatron mybooktable Bookstore
Vendors & Products Wordpress
Wordpress wordpress
Zookatron
Zookatron mybooktable Bookstore

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
Title WordPress MyBookTable Bookstore plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Wordpress Wordpress
Zookatron Mybooktable Bookstore
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:22.200Z

Reserved: 2026-04-07T10:48:55.140Z

Link: CVE-2026-39604

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:29.610

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39604

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:42:14Z

Weaknesses