Skip to content
Threat Feed
critical advisory

InfusedWoo Pro Plugin for WordPress Authorization Bypass (CVE-2026-6512)

The InfusedWoo Pro plugin for WordPress is vulnerable to an authorization bypass (CVE-2026-6512) in versions up to 5.1.2, allowing unauthenticated attackers to delete posts, pages, products, orders, comments, and change post statuses.

The InfusedWoo Pro plugin for WordPress, in versions up to and including 5.1.2, suffers from an authorization bypass vulnerability identified as CVE-2026-6512. This flaw stems from the plugin’s failure to adequately verify user authorization before executing certain actions. An unauthenticated attacker can exploit this vulnerability to perform a range of administrative tasks, including permanently deleting arbitrary posts, pages, products, or orders, mass-deleting all comments on any post, and altering the status of any post. This vulnerability poses a significant risk to WordPress sites using the InfusedWoo Pro plugin, potentially leading to data loss and defacement.

Attack Chain

  1. An unauthenticated attacker sends a crafted HTTP request to the WordPress site.
  2. The request targets an InfusedWoo Pro plugin endpoint responsible for managing posts, pages, products, orders, or comments.
  3. The vulnerable endpoint fails to properly validate the user’s authorization level.
  4. The attacker’s request includes parameters specifying the action to be performed (e.g., delete post, delete comments, change status).
  5. The plugin executes the attacker’s command without proper authorization checks.
  6. The targeted content (post, page, product, order, or comments) is modified or deleted as per the attacker’s request.
  7. The attacker repeats this process to further compromise the website.

Impact

Successful exploitation of CVE-2026-6512 allows unauthenticated attackers to perform administrative actions on a WordPress site using the InfusedWoo Pro plugin. This can lead to the permanent deletion of critical data, including posts, pages, products, orders, and comments. Attackers can also manipulate the status of posts, potentially causing disruption to the website’s content and functionality. Given the widespread use of WordPress and the InfusedWoo Pro plugin, a successful exploit could impact numerous websites.

Recommendation

  • Upgrade the InfusedWoo Pro plugin to the latest version, which includes a patch for CVE-2026-6512.
  • Deploy the Sigma rules provided below to your SIEM to detect potential exploitation attempts of CVE-2026-6512.
  • Monitor web server logs for suspicious HTTP requests targeting WordPress plugins, specifically those related to deleting or modifying content, to detect anomalies related to CVE-2026-6512.

Detection coverage 2

Detects CVE-2026-6512 Exploitation Attempt — InfusedWoo Pro Unauthorized Delete

high

Detects CVE-2026-6512 exploitation attempt — HTTP request to delete WordPress content via InfusedWoo Pro plugin without authentication.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detects CVE-2026-6512 Exploitation Attempt — InfusedWoo Pro Unauthorized Comment Deletion

high

Detects CVE-2026-6512 exploitation attempt — HTTP request to mass-delete comments via InfusedWoo Pro plugin without authentication.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →