CVE-2026-6512
⛔ criticalSummary
The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, products, or orders, mass-delete all comments on any post, and change any post's status.
CVSS Score
9.1
Critical
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-14
First Seen: 2026-05-17
📊 Relative Risk Intelligence
This CVE is High Risk - more severe than 87.7% of all 330,193 vulnerabilities in our database.
#40,600
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 14, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Osvaldo Noe Gonzalez Del Rio
SSVC data provided by
CISA
Last Modified
2026-05-14
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE IDs (Weakness Types)