Deze pagina is nog niet vertaald naar uw taal. We werken eraan — de inhoud wordt voorlopig in het Engels weergegeven.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2026-6512: Authorization Bypass in InfusedWoo Pro
Platform
wordpress
Component
infusedwooPRO
Opgelost in
5.1.3
CVE-2026-6512 represents a critical authorization bypass vulnerability affecting the InfusedWoo Pro plugin for WordPress. This flaw allows unauthenticated attackers to perform destructive actions, including permanent deletion of critical data and modification of post statuses. The vulnerability impacts versions 0.0.0 through 5.1.2, and a patch is available in version 5.1.3.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Impact en Aanvalsscenarioswordt vertaald…
The impact of this vulnerability is severe due to the ease of exploitation and the potential for widespread data loss. An attacker can leverage this bypass to permanently delete posts, pages, products, and orders, effectively crippling an e-commerce site. The ability to mass-delete comments on any post can damage a site's reputation and user engagement. Furthermore, attackers can modify post statuses, potentially disrupting content publishing workflows and creating misleading information for users. This vulnerability's simplicity makes it a high-priority target for malicious actors.
Uitbuitingscontextwordt vertaald…
CVE-2026-6512 was published on 2026-05-14. Currently, there are no publicly known active campaigns exploiting this vulnerability. The ease of exploitation, coupled with the plugin's popularity, suggests it could become a target. No KEV or EPSS score is currently available. Monitor security advisories and threat intelligence feeds for any indications of exploitation.
Dreigingsinformatie
Exploit Status
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Geen — automatische en stille aanval. Slachtoffer doet niets.
- Scope
- Ongewijzigd — impact beperkt tot het kwetsbare component.
- Confidentiality
- Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
- Integrity
- Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
- Availability
- Geen — geen beschikbaarheidsimpact.
Getroffen Software
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
Mitigatie en Workaroundswordt vertaald…
The primary mitigation is to immediately upgrade the InfusedWoo Pro plugin to version 5.1.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting access to the plugin's administrative functions. Implement strict user role permissions within WordPress to limit the potential damage an attacker could inflict if they gain unauthorized access. While a WAF cannot directly prevent this authorization bypass, it can help detect and block suspicious requests attempting to exploit it. After upgrading, verify the fix by attempting to access plugin functions without proper authentication; successful access indicates the vulnerability persists.
Hoe te verhelpen
Update naar versie 5.1.3, of een nieuwere gepatchte versie
Veelgestelde vragenwordt vertaald…
What is CVE-2026-6512 — Authorization Bypass in InfusedWoo Pro?
CVE-2026-6512 is a critical authorization bypass vulnerability in the InfusedWoo Pro WordPress plugin, allowing unauthenticated attackers to delete data and modify post statuses. It affects versions 0.0.0 through 5.1.2.
Am I affected by CVE-2026-6512 in InfusedWoo Pro?
You are affected if you are using InfusedWoo Pro version 0.0.0 through 5.1.2. Check your plugin version and upgrade immediately if necessary.
How do I fix CVE-2026-6512 in InfusedWoo Pro?
Upgrade InfusedWoo Pro to version 5.1.3 or later to resolve this vulnerability. If immediate upgrade is not possible, restrict access to plugin administrative functions.
Is CVE-2026-6512 being actively exploited?
Currently, there are no publicly known active campaigns exploiting CVE-2026-6512, but its ease of exploitation makes it a potential target.
Where can I find the official InfusedWoo Pro advisory for CVE-2026-6512?
Refer to the official InfusedWoo Pro website or WordPress plugin repository for the latest advisory and update information regarding CVE-2026-6512.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Scan nu uw WordPress project — geen account
Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.
Sleep uw afhankelijkheidsbestand hierheen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...