What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through <= 1.5.3.
CVE-2025-62886
HIGH
CVE-2025-62886: WordPress Pricing Table builder plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability
CVSS base score
7.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Explanation of Vulnerability in Simple Terms
02Summary
The Pricing Table Builder plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability affecting versions up to 1.5.3. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. This could allow modification of pricing tables or other plugin settings. The vulnerability requires user interaction and affects the integrity and availability of the site.
What an attacker can do
03Attacker Capabilities
Trick a logged-in admin into visiting a malicious page to perform unwanted actions on the site.
Potential impact on your site
04Site Impact
Pricing table settings or other plugin configurations could be altered without your consent.
Conditions required to exploit
05Prerequisites
Admin must be logged in and visit an attacker-controlled webpage.
Key dates
06Disclosure timeline
October 27, 2025
CVE published
April 28, 2026
Record updated
External resources
07References
Related vulnerabilities
08Related CVE
CVE-2026-22800 PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences
CVE-2023-4000 Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery
CVE-2025-32498 WordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerability
CVE-2023-48258
CVE-2025-31447 WordPress NertWorks All in One Social Share Tools plugin <=1.26 - Cross Site Request Forgery (CSRF) Vulnerability
