Authorization Bypass in InfusedWoo Pro Plugin for WordPress
CVE-2026-6512

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: Infusedwoo Pro
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-6512?

The InfusedWoo Pro plugin for WordPress is susceptible to an authorization bypass vulnerability that allows unauthorized users to perform critical actions. Specifically, this flaw affects all versions up to and including 5.1.2, enabling attackers to delete arbitrary content such as posts, pages, products, or orders without proper authentication. Additionally, an attacker can mass-delete comments across any post and alter the status of posts, posing significant risks to website integrity and user data.

Affected Version(s)

InfusedWoo Pro 0 <= 5.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://downloads.infusedwoo.com/updater/iw5.php?changelog

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Apr 17, 2026

Credit

Osvaldo Noe Gonzalez Del Rio

CVE-2026-6512 Data

JSON