CVE-2026-6818: WordPress Hotel Plugin Stored XSS via Booking Requests — Casky — Casky