Cette page n'a pas encore été traduite dans votre langue. Affichage du contenu en anglais pendant que nous y travaillons.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2026-6506: Privilege Escalation in InfusedWoo Pro
Plateforme
wordpress
Composant
infusedwooPRO
Corrigé dans
5.1.3
CVE-2026-6506 represents a privilege escalation vulnerability discovered in the InfusedWoo Pro plugin for WordPress. An authenticated attacker, even with limited subscriber-level access, can exploit this flaw to gain administrator privileges, effectively taking control of the WordPress site. This vulnerability affects versions from 0.0.0 up to and including 5.1.2, but a fix is available in version 5.1.3.
Détecte cette CVE dans ton projet
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Impact et Scénarios d'Attaquetraduction en cours…
The impact of this vulnerability is significant. Successful exploitation allows an attacker to bypass standard access controls and assume the role of an administrator. This grants them complete control over the WordPress site, including the ability to modify content, install malicious plugins, access sensitive data (user information, financial details if stored on the site), and potentially compromise the entire server. The attacker could also use this access to launch further attacks against other systems connected to the WordPress site, expanding the blast radius. This vulnerability is particularly concerning given the widespread use of WordPress and the potential for significant data breaches and service disruption.
Contexte d'Exploitationtraduction en cours…
CVE-2026-6506 was published on 2026-05-14. Its severity is rated HIGH (CVSS: 8.8). Currently, there are no publicly available exploits or active campaigns targeting this vulnerability. However, given the ease of exploitation (requiring only authenticated subscriber access) and the potential impact, it is likely to become a target for opportunistic attackers. Monitor security advisories and threat intelligence feeds for any indications of exploitation.
Renseignement sur les Menaces
Statut de l'Exploit
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Faible — tout compte utilisateur valide est suffisant.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Élevé — panne complète ou épuisement des ressources. Déni de service total.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
Mitigation et Contournementstraduction en cours…
The primary mitigation is to immediately upgrade the InfusedWoo Pro plugin to version 5.1.3 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. While no direct workaround exists to prevent privilege escalation, restricting access to the infusedwoogdprupddata() function through custom code or a security plugin might offer limited protection, but is not recommended as a primary defense. Closely monitor WordPress user accounts for any suspicious activity, particularly new administrator accounts. After upgrading, verify the fix by attempting to escalate a low-privilege user's role to administrator using the vulnerable function; the attempt should fail.
Comment corriger
Mettre à jour vers la version 5.1.3, ou une version corrigée plus récente
Questions fréquentestraduction en cours…
What is CVE-2026-6506 — Privilege Escalation in InfusedWoo Pro?
CVE-2026-6506 is a HIGH severity vulnerability in the InfusedWoo Pro WordPress plugin allowing authenticated subscribers to gain administrator privileges due to missing authorization checks in the infusedwoogdprupddata() function.
Am I affected by CVE-2026-6506 in InfusedWoo Pro?
You are affected if you are using InfusedWoo Pro versions 0.0.0 through 5.1.2. Check your plugin version and upgrade immediately if vulnerable.
How do I fix CVE-2026-6506 in InfusedWoo Pro?
Upgrade the InfusedWoo Pro plugin to version 5.1.3 or later to resolve the vulnerability. Ensure compatibility before upgrading.
Is CVE-2026-6506 being actively exploited?
Currently, there are no known active campaigns exploiting CVE-2026-6506, but its ease of exploitation makes it a potential target.
Where can I find the official InfusedWoo Pro advisory for CVE-2026-6506?
Refer to the official InfusedWoo Pro website or WordPress plugin repository for the latest advisory and update information regarding CVE-2026-6506.
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Détecte cette CVE dans ton projet
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Scannez votre projet WordPress maintenant — sans compte
scanZone.subtitle
Glissez-déposez votre fichier de dépendances
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...