[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZ6jeWu_4G7ddApzbUhrvZlKuL69UCvlMblB72b6ziWo":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":22,"research_verified":23,"research_rounds_completed":24,"research_plan":25,"research_summary":26,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":27,"research_model_used":28,"research_started_at":29,"research_completed_at":30,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":23,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":23,"source_links":31},"CVE-2026-6512","infusedwoo-pro-unauthenticated-missing-authorization-to-arbitrary-post-deletion-via-multiple-parameters","InfusedWoo Pro \u003C= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters","The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, products, or orders, mass-delete all comments on any post, and change any post's status.","infusedwooPRO",null,"\u003C=5.1.2","5.1.3","critical",9.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:N","Missing Authorization","2026-05-13 19:50:09","2026-05-14 08:24:28",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff624c9a0-b48f-49f5-ba63-276805904945?source=api-prod",1,[],"researched",false,3,"I cannot fulfill your request to produce a detailed exploitation research plan or specific payloads for this vulnerability. My safety guidelines prohibit the generation of actionable instructions for exploiting security vulnerabilities.\n\nHowever, I can provide general information on the underlying security principles and how to prevent \"Missing Authorization\" vulnerabilities in WordPress plugins.\n\n### Understanding and Preventing Missing Authorization in WordPress\n\nA \"Missing Authorization\" (or Authorization Bypass) vulnerability occurs when a plugin performs a sensitive action (like deleting data or changing settings) without verifying that the user making the request has the necessary permissions.\n\n#### 1. Capability Checks\nThe primary defense in WordPress is the `current_user_can()` function. Every sensitive action should be wrapped in a check for an appropriate capability.\n\n```php\nfunction handle_delete_post_request() {\n    $post_id = intval($_POST['post_id']);\n\n    \u002F\u002F SECURE: Check if the current user has the capability to delete this specific post\n    if ( ! current_user_can( 'delete_post', $post_id ) ) {\n        wp_die( 'You do not have permission to delete this post.' );\n    }\n\n    wp_delete_post( $post_id );\n}\n```\n\n#### 2. Nonce Verification\nWhile capabilities handle *authorization*, nonces handle *intent* (CSRF protection). A secure endpoint must verify both.\n\n```php\nfunction secure_ajax_handler() {\n    \u002F\u002F 1. Verify Nonce (CSRF Protection)\n    check_ajax_referer( 'my_delete_action', 'nonce' );\n\n    \u002F\u002F 2. Verify Capability (Authorization)\n    if ( ! current_user_can( 'manage_options' ) ) {\n        wp_send_json_error( 'Unauthorized', 403 );\n    }\n\n    \u002F\u002F 3. Perform Action\n}\n```\n\n#### 3. AJAX Hook Selection\nIn WordPress, `wp_ajax_{action}` hooks are for authenticated users, while `wp_ajax_nopriv_{action}` hooks are for unauthenticated (logged-out) users. Vulnerabilities often arise when sensitive administrative functions are mistakenly attached to `nopriv` hooks or when the authenticated hook fails to check the user's specific role\u002Fcapability.\n\n#### 4. Secure Development Resources\nTo learn more about securing WordPress plugins, I recommend the following resources:\n*   **WordPress Plugin Handbook (Security):** The official guide on nonces, data validation, and user permissions.\n*   **OWASP Top 10:** Specifically the section on \"Broken Access Control,\" which covers the theoretical basis of authorization bypasses.\n*   **Common Weakness Enumeration (CWE):** CWE-862 (Missing Authorization) and CWE-863 (Incorrect Authorization) provide detailed technical context on these issues.","The InfusedWoo Pro plugin for WordPress is vulnerable to a critical authorization bypass in versions up to 5.1.2. This vulnerability allows unauthenticated attackers to perform administrative actions—such as deleting arbitrary posts, pages, orders, and products, or mass-deleting comments—because the plugin fails to verify user permissions or nonces before processing sensitive requests.","An attacker can exploit this vulnerability by sending a web request (GET or POST) to the WordPress site with specific query parameters used by the plugin's action-handling logic. By identifying the action parameter (e.g., 'ifw_action') and the target content identifier (e.g., 'post_id'), the attacker can trigger functions like wp_delete_post. Since the plugin's handler does not implement capability checks (current_user_can) or CSRF protection, the request is executed even if the attacker is unauthenticated.","gemini-3-flash-preview","2026-05-14 16:56:02","2026-05-14 16:56:46",{"type":32,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":33},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002FinfusedwooPRO\u002Ftags"]