{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/infusedwoo-pro/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-6514"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["InfusedWoo Pro"],"_cs_severities":["high"],"_cs_tags":["cve","wordpress","plugin","arbitrary file read","ssrf"],"_cs_type":"threat","_cs_vendors":["Wordfence"],"content_html":"\u003cp\u003eThe InfusedWoo Pro plugin for WordPress is susceptible to an arbitrary file read vulnerability (CVE-2026-6514) affecting versions up to and including 5.1.2. This flaw allows unauthenticated attackers to perform server-side request forgery (SSRF) attacks by manipulating the \u003ccode\u003epopup_submit\u003c/code\u003e functionality. By crafting malicious web requests, attackers can potentially access sensitive information from internal services or resources accessible to the WordPress server, posing a significant risk to data confidentiality and system integrity. The vulnerability was reported by Wordfence.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site using the vulnerable InfusedWoo Pro plugin (version \u0026lt;= 5.1.2).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003epopup_submit\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request contains a URL pointing to an internal resource or service.\u003c/li\u003e\n\u003cli\u003eThe WordPress server, acting on behalf of the attacker, makes a request to the specified internal URL.\u003c/li\u003e\n\u003cli\u003eThe response from the internal resource is returned to the attacker, effectively bypassing access controls.\u003c/li\u003e\n\u003cli\u003eThe attacker reads sensitive files or queries internal services, gathering information about the target network.\u003c/li\u003e\n\u003cli\u003eThe attacker may potentially leverage the SSRF vulnerability to modify data on internal services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-6514) allows an unauthenticated attacker to read arbitrary files and potentially interact with internal services accessible to the WordPress server. This could lead to the exposure of sensitive data, such as configuration files, database credentials, or API keys. It could also enable further attacks, such as privilege escalation or lateral movement within the internal network. The severity of the impact depends on the type and sensitivity of the data and services exposed through the SSRF vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the InfusedWoo Pro plugin to a version higher than 5.1.2 to patch CVE-2026-6514.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-6514 Exploitation — InfusedWoo Pro Arbitrary File Read\u0026rdquo; to detect exploitation attempts targeting the vulnerable \u003ccode\u003epopup_submit\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eReview webserver logs for unusual requests to \u003ccode\u003epopup_submit\u003c/code\u003e as described in the Sigma rule, especially those containing suspicious URLs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T09:17:13Z","date_published":"2026-05-14T09:17:13Z","id":"https://feed.craftedsignal.io/briefs/2026-05-infusedwoo-file-read/","summary":"The InfusedWoo Pro plugin for WordPress is vulnerable to arbitrary file read in versions up to 5.1.2, allowing unauthenticated attackers to make web requests to arbitrary locations, potentially querying and modifying information from internal services.","title":"InfusedWoo Pro WordPress Plugin Arbitrary File Read Vulnerability (CVE-2026-6514)","url":"https://feed.craftedsignal.io/briefs/2026-05-infusedwoo-file-read/"}],"language":"en","title":"CraftedSignal Threat Feed — InfusedWoo Pro","version":"https://jsonfeed.org/version/1.1"}