Plataforma
wordpress
Componente
woo-product-pricing-tables
Corregido en
1.1.1
1.1.1
CVE-2026-1852 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Product Pricing Table by WooBeWoo plugin for WordPress. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts or delete pricing tables by tricking a site administrator into performing actions. The vulnerability affects versions of the plugin up to and including 1.1.0, and a patch is available in version 1.1.1.
The primary impact of CVE-2026-1852 is the potential for Cross-Site Scripting (XSS) attacks. An attacker could craft a malicious link or form that, when clicked by an administrator, executes arbitrary JavaScript code within the context of the WordPress site. This could lead to session hijacking, defacement of the website, or the theft of sensitive data. The ability to delete pricing tables also represents a disruption of service and potential data loss. Successful exploitation requires the attacker to convince an administrator to interact with the malicious request, making social engineering a key component of the attack.
CVE-2026-1852 was publicly disclosed on 2026-04-14. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. The vulnerability's reliance on social engineering suggests that exploitation may be less widespread than vulnerabilities with fully automated exploitation paths.
WordPress sites utilizing the Product Pricing Table by WooBeWoo plugin, particularly those with administrative users who are susceptible to social engineering attacks, are at risk. Shared hosting environments where multiple websites share the same server infrastructure may also be indirectly affected if one site is compromised and used to launch attacks against others.
• wordpress / composer / npm:
grep -r 'updateLabel(' /var/www/html/wp-content/plugins/product-pricing-table-by-woobewoo/• wordpress / composer / npm:
grep -r 'remove(' /var/www/html/wp-content/plugins/product-pricing-table-by-woobewoo/• wordpress / composer / npm:
wp plugin list --status=active | grep product-pricing-table-by-woobewoodisclosure
Estado del Exploit
EPSS
0.01% (2% percentil)
CISA SSVC
Vector CVSS
The recommended mitigation for CVE-2026-1852 is to immediately upgrade the Product Pricing Table by WooBeWoo plugin to version 1.1.1 or later. If upgrading is not immediately feasible, consider implementing stricter access controls and user awareness training to minimize the risk of administrators clicking on malicious links. Web Application Firewalls (WAFs) configured to detect and block CSRF attacks can provide an additional layer of defense. Regularly review WordPress user permissions to ensure only necessary roles have administrative access.
Update to version 1.1.1, or a newer patched version
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-1852 is a Cross-Site Request Forgery (CSRF) vulnerability in the Product Pricing Table by WooBeWoo plugin for WordPress, allowing attackers to inject scripts or delete pricing tables.
You are affected if you are using Product Pricing Table by WooBeWoo version 1.1.0 or earlier. Upgrade to 1.1.1 or later to mitigate the risk.
Upgrade the Product Pricing Table by WooBeWoo plugin to version 1.1.1 or later through the WordPress plugin manager.
As of now, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the WooBeWoo website or the WordPress plugin repository for the official advisory and update information.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.