CVE-2026-4479

Name of the Vulnerable Software and Affected Versions WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress versions up to 1.2

Description Stored Cross-Site Scripting occurs via admin settings due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level permissions and above can inject arbitrary web scripts into pages, which execute when a user accesses them. This issue affects multi-site installations and installations where the unfiltered html variable has been disabled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.