CVE ID :CVE-2026-6506 Published : May 14, 2026, 7:16 a.m. | 53 minutes ago Description :The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their own wp_capabilities user meta to grant themselves Administrator role privileges. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...