Primary

Context

InfusedWoo Pro Authorization Bypass Vulnerability Allowing Unauthenticated Arbitrary Post Deletion

Vulnerability

A vulnerability exists in the InfusedWoo Pro plugin for WordPress, affecting all versions through 5.1.2. The issue stems from the plugin's failure to properly verify user authorization, enabling unauthenticated attackers to permanently delete arbitrary posts, pages, products, or orders. Additionally, this vulnerability allows for the mass deletion of comments on any post and the ability to change any post's status.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of posts, pages, products, or orders, mass deletion of comments, and unauthorized changes to post statuses.

Remediation

Users are advised to update the InfusedWoo Pro plugin to version 5.1.3 or a newer patched version.

Added: May 14, 2026, 9:18 AM

Updated: May 14, 2026, 9:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

InfusedWoo Pro Authorization Bypass Vulnerability Allowing Unauthenticated Arbitrary Post Deletion

Vulnerability

Impact

Remediation

Affected Products

InfusedWoo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating