WordPress InfusedWoo Pro Authorization Bypass Vulnerability

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, products, or orders, mass-delete all comments on any post, and change any post's status.

Casky was already ahead

This CVE exploits attack patterns that Casky's 261matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.

Analysis

The InfusedWoo Pro plugin for WordPress contains a critical authorization bypass vulnerability (CVE-2026-6512, CVSS 9.1) that allows unauthenticated attackers to perform destructive actions without proper permission verification. Affected versions through 5.1.2 fail to validate user authorization before executing sensitive operations, enabling attackers to permanently delete posts, pages, products, orders, mass-delete comments, and modify post status across any WordPress installation running the plugin. This vulnerability is particularly dangerous because it requires no authentication and can be exploited by any internet user, making it an immediate threat to the integrity and availability of WordPress-based e-commerce and content sites using this plugin.

Casky's 261 matching skills, powered by Claude AI with extended reasoning, detect the attack patterns associated with this vulnerability by analyzing indicators across MITRE ATT&CK's Privilege Escalation (TA0004) and Persistence (TA0006) tactics. Practitioners using Casky would identify suspicious patterns including: unauthorized API calls or plugin functions lacking authentication checks, unexpected deletion or modification of post/product objects from non-privileged sources, and anomalous comment mass-deletion operations. The platform's skills map these behaviors to CWE-862 (Missing Authorization) patterns, surfacing findings that reveal how attackers bypass access controls. Security teams would see flagged activities showing unauthenticated requests successfully modifying WordPress objects that should require administrative privileges, enabling rapid detection and remediation before attackers cause irreversible data loss.

Live Threat IntelligenceComing soon

Casky Risk Score

—

EPSS Probability

—

Shodan Exposure

—

GreyNoise Signal

—

Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →

261 Casky skills cover this attack pattern

These skills use Claude AI's reasoning model to surface findings in the same attack categories as CVE-2026-6512.

analyzing-cloud-storage-access-patterns

cloud security · low

Run

analyzing-kubernetes-audit-logs

container security · low

Run

analyzing-malicious-url-with-urlscan

phishing defense · medium

Run

MITRE ATT&CK Techniques

TA0004 TA0006

Investigate the attack patterns behind CVE-2026-6512

Casky has 261 skills that investigate the attack patterns behind CVE-2026-6512. Run one and get CVSS-scored findings in 3 minutes.

Run the skill that detects this →

X Instagram LinkedIn