Plattform
wordpress
Komponente
woo-product-pricing-tables
Behoben in
1.1.1
1.1.1
CVE-2026-1852 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Product Pricing Table by WooBeWoo plugin for WordPress. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts or delete pricing tables by tricking a site administrator into performing actions. The vulnerability affects versions of the plugin up to and including 1.1.0, and a patch is available in version 1.1.1.
The primary impact of CVE-2026-1852 is the potential for Cross-Site Scripting (XSS) attacks. An attacker could craft a malicious link or form that, when clicked by a site administrator, would execute arbitrary JavaScript code within the context of the WordPress site. This could lead to session hijacking, defacement of the website, or redirection to phishing sites. The ability to delete pricing tables also represents a disruption of site functionality and potential data loss. The attack relies on social engineering to convince an administrator to interact with the malicious request, making user awareness a crucial factor in mitigating the risk.
This vulnerability was publicly disclosed on 2026-04-14. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's nature makes it likely that PoCs will emerge. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation depends on the attacker's ability to trick a site administrator into clicking a malicious link.
WordPress sites utilizing the Product Pricing Table by WooBeWoo plugin, particularly those with administrative users who are susceptible to social engineering attacks, are at risk. Shared hosting environments where multiple websites share the same server infrastructure may also be indirectly affected if one site is compromised and used to launch attacks against others.
• wordpress / composer / npm:
grep -r 'updateLabel(' /var/www/html/wp-content/plugins/product-pricing-table-by-woobewoo/• wordpress / composer / npm:
grep -r 'remove(' /var/www/html/wp-content/plugins/product-pricing-table-by-woobewoo/• wordpress / composer / npm:
wp plugin list --status=active | grep product-pricing-table-by-woobewoodisclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The most effective mitigation for CVE-2026-1852 is to immediately upgrade the Product Pricing Table by WooBeWoo plugin to version 1.1.1 or later. If upgrading is not immediately feasible, implement strict access controls and require multi-factor authentication for all administrator accounts. Consider using a Web Application Firewall (WAF) with CSRF protection rules to block suspicious requests. Regularly review WordPress user permissions and disable any unnecessary administrator accounts.
Aktualisieren Sie auf Version 1.1.1 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1852 is a Cross-Site Request Forgery (CSRF) vulnerability in the Product Pricing Table by WooBeWoo plugin for WordPress, allowing attackers to inject scripts or delete pricing tables.
You are affected if you are using Product Pricing Table by WooBeWoo version 1.1.0 or earlier. Upgrade to 1.1.1 or later to mitigate the risk.
Upgrade the Product Pricing Table by WooBeWoo plugin to version 1.1.1 or later through the WordPress plugin manager.
As of now, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the WooBeWoo website or the WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.