{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/infusedwoo-pro-plugin--5.1.2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-6506"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["InfusedWoo Pro plugin \u003c= 5.1.2"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","wordpress","plugin"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe InfusedWoo Pro plugin, a WordPress extension, contains a privilege escalation vulnerability, identified as CVE-2026-6506, in all versions up to and including 5.1.2. The vulnerability lies within the \u003ccode\u003einfusedwoo_gdpr_upddata()\u003c/code\u003e function, which lacks proper authorization and capability checks. Furthermore, there are no restrictions on which user meta keys can be updated. An attacker with a valid WordPress account (subscriber level or higher) can exploit this flaw to modify their \u003ccode\u003ewp_capabilities\u003c/code\u003e user meta, effectively granting themselves administrator-level privileges. This can lead to complete compromise of the WordPress site.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker obtains a valid user account on the WordPress site, with at least subscriber-level access.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003einfusedwoo_gdpr_upddata()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe request includes a payload designed to modify the attacker\u0026rsquo;s \u003ccode\u003ewp_capabilities\u003c/code\u003e user meta field.\u003c/li\u003e\n\u003cli\u003eDue to the missing authorization and capability checks, the \u003ccode\u003einfusedwoo_gdpr_upddata()\u003c/code\u003e function processes the request without validation.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s \u003ccode\u003ewp_capabilities\u003c/code\u003e user meta is updated to include administrator privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker logs out and logs back in to the WordPress site.\u003c/li\u003e\n\u003cli\u003eUpon re-authentication, the attacker is now recognized as an administrator.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages their newly acquired administrator privileges to perform malicious actions, such as installing backdoors, modifying website content, or exfiltrating sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to gain complete control over the affected WordPress website. This can lead to data breaches, website defacement, installation of malware, and other malicious activities. Given the popularity of WordPress and the potential for widespread use of the InfusedWoo Pro plugin, a significant number of websites could be at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the InfusedWoo Pro plugin to a version greater than 5.1.2 to patch CVE-2026-6506.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect attempts to modify \u003ccode\u003ewp_capabilities\u003c/code\u003e user meta via the \u003ccode\u003einfusedwoo_gdpr_upddata()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eReview WordPress user roles and permissions to ensure least privilege.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T07:18:17Z","date_published":"2026-05-14T07:18:17Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-6506-wordpress-privesc/","summary":"The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in versions up to 5.1.2 due to missing authorization checks in the infusedwoo_gdpr_upddata() function, allowing authenticated attackers to grant themselves administrator privileges.","title":"CVE-2026-6506: InfusedWoo Pro WordPress Plugin Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-6506-wordpress-privesc/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-6510"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["InfusedWoo Pro plugin \u003c= 5.1.2"],"_cs_severities":["critical"],"_cs_tags":["privilege-escalation","initial-access","wordpress"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe InfusedWoo Pro plugin for WordPress, in versions up to and including 5.1.2, is vulnerable to a critical privilege escalation flaw, tracked as CVE-2026-6510. This vulnerability stems from a lack of proper authorization checks within the \u003ccode\u003eiwar_save_recipe()\u003c/code\u003e AJAX handler. Specifically, missing nonce verification and capability checks allow unauthenticated attackers to craft malicious automation recipes. This means an attacker can create a recipe that, when triggered by an HTTP POST request to a crafted URL, automatically logs in a targeted user, including administrators, without any authentication. This vulnerability poses a severe threat to WordPress sites using the affected plugin, as it allows complete authentication bypass and full administrative control.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site using a vulnerable version of the InfusedWoo Pro plugin (\u0026lt;= 5.1.2).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious automation recipe designed to exploit the \u003ccode\u003eiwar_save_recipe()\u003c/code\u003e AJAX handler. This recipe pairs an HTTP POST trigger with an auto-login action.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a POST request to the \u003ccode\u003e/wp-admin/admin-ajax.php\u003c/code\u003e endpoint, calling the \u003ccode\u003eiwar_save_recipe\u003c/code\u003e action with the malicious recipe data. This bypasses authentication checks due to missing nonce verification and capability checks.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003eiwar_save_recipe()\u003c/code\u003e function saves the malicious recipe without proper authorization.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a special crafted URL that triggers the HTTP POST trigger defined in the malicious recipe.\u003c/li\u003e\n\u003cli\u003eWhen a user (or the attacker) visits the crafted URL, the auto-login action is executed via the malicious recipe.\u003c/li\u003e\n\u003cli\u003eThe server generates authentication cookies for the targeted user account (e.g., administrator).\u003c/li\u003e\n\u003cli\u003eThe attacker uses the newly acquired authentication cookies to gain complete administrative access to the WordPress site, bypassing normal authentication mechanisms.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6510 allows unauthenticated attackers to gain complete administrative control over affected WordPress sites. This can lead to website defacement, data theft, malware injection, and complete compromise of the underlying server. The vulnerability allows attackers to escalate privileges to the highest level, bypassing all authentication mechanisms, therefore making this a critical issue.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the latest update for the InfusedWoo Pro plugin to patch CVE-2026-6510.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-6510 iwar_save_recipe AJAX Call\u0026rdquo; to monitor for exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/wp-admin/admin-ajax.php\u003c/code\u003e with the \u003ccode\u003eaction=iwar_save_recipe\u003c/code\u003e parameter, as this is the entry point for the attack.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T07:17:18Z","date_published":"2026-05-14T07:17:18Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-6510-privesc/","summary":"The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler, allowing unauthenticated attackers to create malicious automation recipes for auto-login actions.","title":"CVE-2026-6510: InfusedWoo Pro WordPress Plugin Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-6510-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — InfusedWoo Pro Plugin \u003c= 5.1.2","version":"https://jsonfeed.org/version/1.1"}