CVE-2026-6512: Critical Authorization Bypass in InfusedWoo Pro WordPress Plugin
The National Vulnerability Database reports a critical authorization bypass vulnerability, CVE-2026-6512, affecting all versions up to and including 5.1.2 of the InfusedWoo Pro plugin for WordPress. This flaw stems from inadequate authorization verification, allowing unauthenticated attackers to perform highly destructive actions.
Specifically, this vulnerability enables attackers to permanently delete arbitrary posts, pages, products, or orders. They can also mass-delete all comments on any post and alter the status of any post. With a CVSS score of 9.1 (CRITICAL), the impact is severe, allowing for complete compromise of content integrity and operational disruption without requiring any user authentication.
For defenders, this means any WordPress site running the InfusedWoo Pro plugin is at extreme risk. The attacker’s calculus is straightforward: no authentication is needed, and the impact is total data manipulation or destruction. This isn’t about data exfiltration; it’s about outright sabotage or defacement, with potential for significant reputational and operational damage.
What This Means For You
- If your organization uses the InfusedWoo Pro plugin on any WordPress installation, you must immediately disable the plugin or apply any available patches beyond version 5.1.2. Prioritize a full audit of your site's content and logs for any unauthorized modifications or deletions. This is a critical unauthenticated attack vector.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-6512: InfusedWoo Pro Authorization Bypass - Post Deletion
title: CVE-2026-6512: InfusedWoo Pro Authorization Bypass - Post Deletion
id: scw-2026-05-14-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-6512 by targeting the InfusedWoo Pro plugin's AJAX endpoint for post deletion. This rule specifically looks for the 'infowoo_delete_post' action, indicating an unauthorized attempt to delete posts, pages, products, or orders without proper authorization checks.
author: SCW Feed Engine (AI-generated)
date: 2026-05-14
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-6512/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/wp-admin/admin-ajax.php'
cs-method:
- 'POST'
cs-uri-query|contains:
- 'action=infowoo_delete_post'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6512 | Auth Bypass | InfusedWoo Pro plugin for WordPress versions <= 5.1.2 |
| CVE-2026-6512 | Auth Bypass | Unauthenticated attackers can delete arbitrary posts, pages, products, or orders |
| CVE-2026-6512 | Auth Bypass | Unauthenticated attackers can mass-delete all comments on any post |
| CVE-2026-6512 | Auth Bypass | Unauthenticated attackers can change any post's status |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 14, 2026 at 12:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-2347: Critical Authorization Bypass in Akilli E-Commerce Website
CVE-2026-2347 — Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website:...
CVE-2025-11024: Akilli E-Commerce Blind SQLi Critical Vulnerability
CVE-2025-11024 — Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows...
WordPress InfusedWoo Pro Plugin Vulnerable to Arbitrary File Read (CVE-2026-6514)
CVE-2026-6514 — The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit....