CVE-2026-1852 identifies a vulnerability in the WooBeWoo Product Pricing Table plugin for WordPress. Specifically, all versions up to and including 1.1.0 are susceptible to CSRF attacks. The issue arises from inadequate checks on nonce tokens in the updateLabel() and remove() functions, which are essential for verifying the intention and legitimacy of user actions. Without appropriate nonce validation, malicious actors can craft requests to these functions and execute them by enticing an administrator to click on a manipulated link. If successful, such actions can result in arbitrary script injection or the unintended deletion of pricing tables. This vulnerability highlights the critical need for improved input validation and user interaction verification.

To mitigate this vulnerability, ensure that all actions requiring user permissions include proper nonce validation to authenticate requests. Consider implementing additional layers of user confirmation before executing sensitive actions and educating site administrators on recognizing and avoiding suspicious links or requests.