CVE-2026-1852
CSRF in WooBeWoo Pricing Table Plugin Allows Admin Actions
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woobewoo | product_pricing_table | to 1.1.0 (inc) |
| wpcodefactory | product_pricing_table | to 1.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Product Pricing Table by WooBeWoo plugin for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to and including 1.1.0.
This vulnerability exists because the plugin does not properly validate nonces in the updateLabel() and remove() functions.
As a result, an unauthenticated attacker can trick a site administrator into performing unintended actions, such as injecting arbitrary web scripts or deleting pricing tables, by making the administrator click on a malicious link.
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform unauthorized actions on your WordPress site without your consent.
- Injection of arbitrary web scripts into pages, potentially leading to further attacks such as data theft or site defacement.
- Deletion of pricing tables, which can disrupt your site's functionality and affect business operations.
Since the attack requires tricking an administrator into clicking a link, it exploits user interaction to bypass authentication.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Product Pricing Table by WooBeWoo plugin to version 1.1.1 or later, where the issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the Product Pricing Table by WooBeWoo plugin allows unauthenticated attackers to perform Cross-Site Request Forgery (CSRF) attacks, potentially injecting arbitrary web scripts or deleting pricing tables by tricking a site administrator.
Such unauthorized actions could lead to data integrity issues or unauthorized changes on a website, which may impact compliance with standards and regulations that require protection of data integrity and prevention of unauthorized access or modification, such as GDPR or HIPAA.
However, the provided information does not explicitly describe the direct impact of this vulnerability on compliance with these regulations.