CVE-2026-22334 WPos CVE debrief

Who should care

Administrators and users of the Woocommerce Book Price plugin, especially those with subscriber-level access, should be aware of this vulnerability and take necessary precautions to prevent exploitation.

Technical summary

The CVE-2026-22334 vulnerability is caused by a CWE-22 weakness, allowing subscribers to download arbitrary files due to insufficient validation. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a high severity vulnerability. The vulnerability affects Woocommerce Book Price plugin versions <= 1.3.

Defensive priority

HIGH

Recommended defensive actions

• Update the Woocommerce Book Price plugin to a version greater than 1.3.
• Restrict file download access to authorized users only.
• Implement additional security measures, such as file access controls and monitoring.
• Review and update user roles and permissions to prevent unauthorized access.
• Consider using a Web Application Firewall (WAF) to detect and prevent exploitation attempts.
• Regularly update and patch plugins to prevent exploitation of known vulnerabilities.

Evidence notes

The vulnerability details are based on information from the CVE record and NVD detail. The CVE record was published on June 17, 2026, and last modified on the same day. The NVD detail provides additional information on the vulnerability, including the CVSS vector and CWE weakness.

Official resources