Lyceum News Desk · May 21, 2026

CVE-2026-6512 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-6512 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-6512 is an authorization bypass vulnerability in the InfusedWoo Pro plugin for WordPress, affecting all versions up to and including 5.1.2.

Technical Detail

The flaw exists because the plugin fails to properly verify that a requesting user is authorized to perform certain actions, allowing an attacker to bypass access controls and execute privileged operations without appropriate permissions. The exact attack vector and specific endpoints affected are not fully disclosed in available data, but authorization bypass vulnerabilities of this class typically allow low-privileged or unauthenticated users to access restricted functionality, modify data, or escalate privileges within the WordPress environment. The CVSS score of 9.1 indicates high impact to confidentiality and integrity, consistent with scenarios involving unauthorized data access or manipulation tied to WooCommerce customer or order data managed by the plugin.

Exploitation Status

No known exploit exists for this vulnerability at this time. It is not listed in the CISA Known Exploited Vulnerabilities catalog. There is no confirmed public proof-of-concept code or evidence of active exploitation in the wild as of May 21, 2026.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence.

What To Do

WordPress site operators running InfusedWoo Pro should update the plugin to a version beyond 5.1.2 immediately upon a patched release becoming available from the vendor. If no patch is currently available, the recommended interim mitigation is to deactivate and remove the plugin until a fix is confirmed. Site administrators should audit user roles and access logs for any anomalous activity involving plugin-related endpoints. Given the critical CVSS score, this should be treated as a high-priority remediation item even in the absence of confirmed active exploitation.