VYPR

Riaxe Product Customizer

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-3596CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.01

    The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This…

  • CVE-2026-3599HigApr 16, 2026
    risk 0.49cvss 7.5epss 0.00

    The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to…

  • CVE-2026-3595MedApr 16, 2026
    risk 0.34cvss 5.3epss 0.00

    The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/delete_customer without a…