PT-2026-40898 · WordPress · Infusedwoo Pro

Os

+1

·

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2026-6512

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3
Description The InfusedWoo Pro plugin for WordPress contains an authorization bypass issue because it fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to permanently delete arbitrary products, orders, pages, or posts, change the status of any post, and mass-delete all comments on any post.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6512

Affected Products

Infusedwoo Pro