CVE-2026-1852

Name of the Vulnerable Software and Affected Versions Product Pricing Table by WooBeWoo versions prior to 1.1.1

Description The Product Pricing Table by WooBeWoo plugin for WordPress is susceptible to Cross-Site Request Forgery. This issue occurs because of missing or incorrect nonce validation in the updateLabel() and remove() functions. An unauthenticated attacker can exploit this by tricking a site administrator into clicking a link, allowing the attacker to inject arbitrary web scripts into pages or delete pricing tables through a forged request.

Recommendations Update to a version later than 1.1.0. As a temporary workaround, restrict access to the updateLabel() and remove() functions to minimize the risk of exploitation.