InfusedWoo Pro

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, products, or orders, mass-delete all comments on any post, and change any post's status.

AI Analysis

Unauthenticated attackers can permanently delete arbitrary posts, pages, products, or orders due to authorization bypass vulnerability in InfusedWoo Pro plugin for WordPress

Basic Information

ID CVE-2026-6512

Source Wordfence

Published May 14, 2026 at 08:24

Affected Product

Vendor Infused Addons

Product InfusedWoo Pro

Affected Versions Infused Addons InfusedWoo Pro 0

CWE Classification

CWE-862

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Infused Addons

Product InfusedWoo Pro

Version <= 5.1.2

References

{
    "lastseen": "",
    "description": "The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, products, or orders, mass-delete all comments on any post, and change any post's status.",
    "published": "2026-05-14T08:24:28.204Z",
    "modified": "2026-05-14T08:24:28.204Z",
    "type": "cve",
    "title": "InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f624c9a0-b48f-49f5-ba63-276805904945?source=cve\nhttps://downloads.infusedwoo.com/updater/iw5.php?changelog",
    "id": "CVE-2026-6512",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Infused Addons InfusedWoo Pro 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InfusedWoo Pro",
    "version": "0",
    "vendor": "Infused Addons",
    "ai_description": "Unauthenticated attackers can permanently delete arbitrary posts, pages, products, or orders due to authorization bypass vulnerability in InfusedWoo Pro plugin for WordPress",
    "ai_severity": "Critical",
    "ai_vendor": "Infused Addons",
    "ai_product": "InfusedWoo Pro",
    "ai_version": "<= 5.1.2",
    "ai_score": 9.1
}

InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters_CVE-2026-6512