A vulnerability classified as problematic was found in prasunsen Hostel Plugin up to 1.1.7 on WordPress. Affected by this vulnerability is the function
wphostel-book of the component Shortcode Handler. The manipulation of the argument text results in cross site scripting.
This vulnerability is cataloged as CVE-2026-3907. The attack may be launched remotely. There is no exploit available.