Arbitrary File Read Vulnerability in InfusedWoo Pro Plugin for WordPress
CVE-2026-6514

7.5HIGH

Key Information:

Vendor: WordPress
Status: Infusedwoo Pro
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-6514?

The InfusedWoo Pro plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit arbitrary file read capabilities through the popup_submit feature. This flaw enables attackers to send web requests originating from the web application to arbitrary locations, potentially exposing sensitive information or allowing alterations to internal services. Users of versions up to and including 5.1.2 should assess their security posture and consider immediate updates.

Affected Version(s)

InfusedWoo Pro 0 <= 5.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://downloads.infusedwoo.com/updater/iw5.php?changelog

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Apr 17, 2026

Credit

Osvaldo Noe Gonzalez Del Rio

CVE-2026-6514 Data

JSON