Primary

Context

InfusedWoo Pro Privilege Escalation Vulnerability via Missing Authorization in WordPress Plugin

Vulnerability

A privilege escalation vulnerability has been identified in the InfusedWoo Pro plugin for WordPress, affecting all versions through 5.1.2. The issue arises from a lack of proper authorization, nonce verification, and capability checks in the 'iwar_save_recipe()' AJAX handler. This vulnerability allows unauthenticated attackers to create malicious automation recipes that trigger HTTP posts paired with auto-login actions. As a result, any unauthenticated visitor can access a crafted URL and receive authentication cookies for targeted user accounts, such as administrators, effectively bypassing authentication and escalating privileges.

Impact

Exploitation of this vulnerability allows for complete authentication bypass and privilege escalation, enabling unauthorized users to gain access to elevated rights on the WordPress site.

Remediation

Users are advised to update the InfusedWoo Pro plugin to version 5.1.3 or a newer patched version.

Added: May 14, 2026, 7:26 AM

Updated: May 14, 2026, 7:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

InfusedWoo Pro Privilege Escalation Vulnerability via Missing Authorization in WordPress Plugin

Vulnerability

Impact

Remediation

Affected Products

InfusedWoo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating