Platform
wordpress
Component
woo-product-pricing-tables
Fixed in
1.1.1
1.1.1
CVE-2026-1852 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Product Pricing Table by WooBeWoo plugin for WordPress. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts or delete pricing tables by tricking a site administrator into performing actions. The vulnerability affects versions of the plugin up to and including 1.1.0, and a patch is available in version 1.1.1.
The primary impact of CVE-2026-1852 is the potential for Cross-Site Scripting (XSS) attacks. An attacker could craft a malicious link or form that, when clicked by an administrator, executes arbitrary JavaScript code within the context of the WordPress site. This could lead to session hijacking, defacement of the website, or the theft of sensitive data. The ability to delete pricing tables also represents a disruption of service and potential data loss. Successful exploitation requires the attacker to convince an administrator to interact with the malicious request, making social engineering a key component of the attack.
CVE-2026-1852 was publicly disclosed on 2026-04-14. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. The vulnerability's reliance on social engineering suggests that exploitation may be less widespread than vulnerabilities with fully automated exploitation paths.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2026-1852 is to immediately upgrade the Product Pricing Table by WooBeWoo plugin to version 1.1.1 or later. If upgrading is not immediately feasible, consider implementing stricter access controls and user awareness training to minimize the risk of administrators clicking on malicious links. Web Application Firewalls (WAFs) configured to detect and block CSRF attacks can provide an additional layer of defense. Regularly review WordPress user permissions to ensure only necessary roles have administrative access.
Update to version 1.1.1, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1852 is a Cross-Site Request Forgery (CSRF) vulnerability in the Product Pricing Table by WooBeWoo plugin for WordPress, allowing attackers to inject scripts or delete pricing tables.
You are affected if you are using Product Pricing Table by WooBeWoo version 1.1.0 or earlier. Upgrade to 1.1.1 or later to mitigate the risk.
Upgrade the Product Pricing Table by WooBeWoo plugin to version 1.1.1 or later through the WordPress plugin manager.
As of now, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the WooBeWoo website or the WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.