CVE-2026-1852

EUVD-2026-22911 MEDIUM

2026-04-15 Wordfence

WordPress CSRF

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 15, 2026 - 11:56 vuln.today

DescriptionNVD

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel() and remove() functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages or delete pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

AnalysisAI

Cross-Site Request Forgery (CSRF) in Product Pricing Table by WooBeWoo plugin for WordPress allows unauthenticated attackers to inject arbitrary web scripts or delete pricing tables by tricking site administrators into clicking a malicious link, exploiting missing nonce validation in the updateLabel() and remove() functions across all versions up to and including 1.1.0. No public exploit code identified at time of analysis, but the vulnerability requires only user interaction (UI:R) and has a network attack vector, making it moderately exploitable in real-world scenarios.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-1852 vulnerability details – vuln.today

Back