CVE-2026-6510 - InfusedWoo Pro - Privilege Escalation

Overview

InfusedWoo Pro WordPress plugin <= 5.1.2 contains a privilege escalation caused by missing nonce verification and capability checks in iwar_save_recipe() AJAX handler, letting unauthenticated attackers bypass authentication and escalate privileges via crafted URL.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 18.6%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can fully bypass authentication and escalate privileges to any user, including administrators.

Mitigation

Update to a version later than 5.1.2 or the latest available version.

References

Social Media Activity(6 posts)

TheHackerWire

@thehackerwire

May 14, 2026

🔴 CVE-2026-6510 - Critical (9.8) The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX han... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6510/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

OffSequence

@offseq

May 14, 2026

🚨 CVE-2026-6510 (CRITICAL, CVSS 9.8) in InfusedWoo Pro ≤5.1.2: Missing authorization in iwar_save_recipe() lets attackers escalate privileges & gain admin access via crafted URLs. No patch yet — restrict/disable plugin. https://radar.offseq.com/threat/cve-2026-6510-cwe-862-missing-authorization-in-inf-3dc63846 #OffSeq #WordPress #Vuln

View original post

OffSequence

@offseq

May 14, 2026

🚨 CVE-2026-6510: InfusedWoo Pro ≤5.1.2 has a CRITICAL vuln (CVSS 9.8). Missing auth checks in iwar_save_recipe() lets attackers bypass auth & escalate to admin. No patch yet — disable plugin or restrict access now! https://radar.offseq.com/threat/cve-2026-6510-cwe-862-missing-authorization-in-inf-3dc63846 #OffSeq #WordPress #Vuln #CVE20266510

View original post

TheHackerWire

@thehackerwire

May 14, 2026

🔴 CVE-2026-6510 - Critical (9.8) The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX han... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6510/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

OffSequence

@offseq

May 14, 2026

🚨 CVE-2026-6510 (CRITICAL, CVSS 9.8) in InfusedWoo Pro ≤5.1.2: Missing authorization in iwar_save_recipe() lets attackers escalate privileges & gain admin access via crafted URLs. No patch yet — restrict/disable plugin. https://radar.offseq.com/threat/cve-2026-6510-cwe-862-missing-authorization-in-inf-3dc63846 #OffSeq #WordPress #Vuln

View original post

OffSequence

@offseq

May 14, 2026

🚨 CVE-2026-6510: InfusedWoo Pro ≤5.1.2 has a CRITICAL vuln (CVSS 9.8). Missing auth checks in iwar_save_recipe() lets attackers bypass auth & escalate to admin. No patch yet — disable plugin or restrict access now! https://radar.offseq.com/threat/cve-2026-6510-cwe-862-missing-authorization-in-inf-3dc63846 #OffSeq #WordPress #Vuln #CVE20266510

View original post

CVE-2026-6510 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(6 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score