A vulnerability, which was classified as problematic , was found in lykich Correct Prices Plugin up to 1.0 on WordPress. The impacted element is the function correct_prices_page . The manipulation of the argument PHP_SELF results in cross site scripting. This vulnerability is known as CVE-2026-8627 . It is possible to launch the attack remotely. No exploit is available.